Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SmartEasyPDF.msi

Overview

General Information

Sample name:SmartEasyPDF.msi
Analysis ID:1577104
MD5:e5869064f95aa66ed6929d8f80706200
SHA1:e1c6f8ae524d8bd9ef91fbeccfcb8952b00d25fa
SHA256:7d5e85dbdbf85ed033be48f7ef38ef438be15db869b2950a359f9e23cc1f58cb
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates multiple autostart registry keys
Drops executables to the windows directory (C:\Windows) and starts them
Tries to harvest and steal browser information (history, passwords, etc)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Too many similar processes found
Tries to disable installed Antivirus / HIPS / PFW
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • msiexec.exe (PID: 7304 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SmartEasyPDF.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7260 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3280 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding BA5B668C86246B4B76A2E748C6F2A6C7 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 3536 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0B385DF9E52CFAC2C87A6C4EC5EDF80A MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • onestart_installer.exe (PID: 2976 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2" "1" "1" MD5: 1D599092628613F06912EC455CA61F96)
      • setup.exe (PID: 7464 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\ONESTART.PACKED.7Z" "install" "15" "2" "1" "1" MD5: 235FDB3B59EE9DC1069F9C05F6734E16)
        • setup.exe (PID: 3456 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160 MD5: 235FDB3B59EE9DC1069F9C05F6734E16)
        • setup.exe (PID: 5108 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0 MD5: 235FDB3B59EE9DC1069F9C05F6734E16)
          • setup.exe (PID: 4144 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160 MD5: 235FDB3B59EE9DC1069F9C05F6734E16)
        • onestart.exe (PID: 2096 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 1576 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 4300 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 8188 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 6392 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 7268 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • cmd.exe (PID: 6028 cmdline: C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • onestart.exe (PID: 976 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • explorer.exe (PID: 5028 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
            • onestart.exe (PID: 3456 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
              • onestart.exe (PID: 8028 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 7188 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 7884 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 480 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 1756 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 5716 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 5924 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 5496 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 4000 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 5512 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
          • onestart.exe (PID: 2240 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6228,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
    • MSI751E.tmp (PID: 5964 cmdline: "C:\Windows\Installer\MSI751E.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"" MD5: E353265F4E1C668A8298DEA85EFCDB99)
  • notification_helper.exe (PID: 2692 cmdline: "C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding MD5: 6DEC68B6FD984A4CE3B82BE995745EA1)
    • chrome.exe (PID: 1320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff6620ee638,0x7ff6620ee644,0x7ff6620ee650 MD5: BB7C48CDDDE076E7EB44022520F40F77)
  • cmd.exe (PID: 2304 cmdline: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 4568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cmd.exe (PID: 7448 cmdline: cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 2240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • onestart.exe (PID: 8036 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
      • onestart.exe (PID: 1796 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
        • onestart.exe (PID: 7712 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0 MD5: 7FEF4A3EB9816CF40E87AFBF9CD9A168)
  • cmd.exe (PID: 2028 cmdline: "C:\Windows\SysWOW64\cmd.exe" /c MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe, ProcessId: 2096, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneStartChromium
Sigma detected: Local Accounts Discovery
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5028, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", ProcessId: 2304, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_f141b454-b
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeDirectory created: C:\Program Files\chromium_installer.logJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir2096_443923138Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_457162524Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_2107674891Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_2107674891\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dll.sigJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\LICENSEJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.jsonJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_metadata\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_metadata\verified_contents.jsonJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.fingerprintJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir2096_1716231334Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_BITS_2096_84950856Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903\History
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile created: C:\Program Files\chromium_installer.logJump to behavior
Source: Binary string: se.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI751E.tmp, 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp, MSI751E.tmp, 00000014.00000000.22753773984.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: mini_installer.exe.pdb source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: xe.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: setup.exe.pdb source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000001A.00000002.22791116403.00002B70000CC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome_elf.dll.pdb source: onestart.exe, 0000001E.00000002.22814304643.00007FFF3F0F6000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: y_.pdbb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome_proxy.exe.pdb source: setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb` source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI751E.tmp, 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp, MSI751E.tmp, 00000014.00000000.22753773984.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: ll.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome.exe.pdb source: onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000022.00000000.22790033558.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000023.00000000.22795061660.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: d:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A81860 FindFirstFileExW,20_2_00A81860
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-binJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\NULLJump to behavior
Source: Joe Sandbox ViewIP Address: 9.9.9.9 9.9.9.9
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/355645824
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096371
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096608
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096838
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644627
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644912
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/41488637
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261924
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263580
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264193
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264287
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264571
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265509
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266194
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266231
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266232
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266842
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22816917498.000000000D41B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/350528343
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22712901035.00000221801D6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22713159459.00000221801E6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22712984720.00000221801E1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22713523621.00000221801F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crl0u
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22816917498.000000000D41B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.r2m02.amazontrust.com/r2m02.cer0
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: onestart.exe, 0000000F.00000003.22805341372.00002B1403458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/0A
Source: onestart.exe, 0000000F.00000003.22805341372.00002B1403458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org0
Source: onestart.exe, 00000023.00000003.22811155591.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22808882502.000002239FAF7000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22810737320.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22811585680.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22809806068.000002239FAF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: onestart_installer.exe, 00000007.00000002.22739568078.000064B00007C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22807902767.000012300008C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.onestart.ai/
Source: onestart_installer.exe, 00000007.00000002.22739568078.000064B00007C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22807902767.000012300008C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.onestart.ai/tart.ai
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22816917498.000000000D41B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlC#
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.r2m02.amazontrust.com06
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: explorer.exe, 00000021.00000000.22811665429.000000000AE80000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000021.00000000.22796106972.0000000003320000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000021.00000000.22809211066.0000000009D80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: onestart.exe, 0000000F.00000003.22802974719.00002B1400DCE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
Source: onestart.exe, 00000024.00000002.22815643688.00000290E88B2000.00000002.00000001.00040000.00000015.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: onestart.exe, 0000000F.00000003.22805341372.00002B1403458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: onestart.exe, 0000000F.00000003.22805341372.00002B1403458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://a-mo.net
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: explorer.exe, 00000021.00000000.22818640915.000000000D4BB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000021.00000000.22803930883.0000000009816000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmOM;.EXE
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265720
Source: explorer.exe, 00000021.00000000.22803930883.0000000009935000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000021.00000000.22803930883.0000000009935000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/IE
Source: explorer.exe, 00000021.00000000.22803930883.00000000096D8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blen
Source: explorer.exe, 00000021.00000000.22796308745.00000000033B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3AF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=2A885B03C9E04092BA63E8AF31514D2B&timeOut=5000&oc
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22791324483.0000000000DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: onestart_installer.exe, 00000007.00000002.22739995960.000064B0000DD000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22392260729.000064B000120000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22392338327.000064B000120000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22808827007.00001230000F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22808827007.00001230000FE000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22790135989.0000123000128000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22789845695.0000123000128000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.onestart.ai/api/bb/updates.txt
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://api2.onestart.ai/api/bb/updates.txt
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
Source: explorer.exe, 00000021.00000000.22803930883.0000000009935000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000021.00000000.22803930883.00000000096B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.co
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.png
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240908.1/Weather/W34_Most
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://audiencemanager.de
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-dark
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gALZ
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gALZ-dark
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd4
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd4-dark
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark
Source: notification_helper.exe, 0000000A.00000003.22716562966.00001EB0000E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d-edgeconnect.media
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://demand.supply
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/css-page-3/#margin-text-alignment
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
Source: onestart.exe, 0000000F.00000003.22784757495.00002B1400C5E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fi.search.yahoo.com/search%7Bgoogle:pathWildcard%7D?ei=
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=searchTerms
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: onestart.exe, 00000012.00000003.22774391545.00006C9C0012C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#bidi-rendering
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1dLSHF.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1umQHb.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1w32br.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA2XNwp.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAVmfsD.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyxkRJ.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bcHut.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1nDkpC.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BBj8zm6.img
Source: onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899
Source: onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/349489248
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://log.onestart.ai
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATA&wversion=&bversion=ht
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mobon.net
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://momento.dev
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://moshimo.com
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=
Source: onestart_installer.exe, 00000007.00000002.22739362575.000064B00004C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=&bversion=130.0.6723.134&wversion=4.5.264.2
Source: onestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=&bversion=130.0.6723.134&wversion=4.5.264.2i
Source: onestart.exe, 0000001E.00000002.22807690712.000012300007C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&bversion=130.0.6723.134&wver
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://onestart.ai/chr/ri?
Source: onestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.22739623961.000064B000080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=130.0.6723.134&wversion=4.5.264.2
Source: onestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=130.0.6723.134&wversion=4.5.264.2Start
Source: onestart_installer.exe, 00000007.00000002.22739623961.000064B000080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=130.0.6723.134&wversion=4.5.264.2init_bd
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://onestart.ai/chr/ri?productbrowsertyphttps://onestart.ai/chr/ui?iid=
Source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://onestart.ai/chr/ui?iid=
Source: setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/uninstall?iid=
Source: onestart.exe, 0000000F.00000003.22802974719.00002B1400DCE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/resources/extension/c1/capitalone-101.0.1.14.crx
Source: explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.comB744-2
Source: explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comC6-4
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/v1/eus002/c13fe45f-f5a3-488a-ad82-92319f1416f3/26
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/v1/eus002/e9a55b64-e6f4-4f07-aa26-8ea21ca8e918/e2
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/AA1vKxag?blobrefkey=close
Source: onestart.exe, 0000001E.00000003.22798911420.0000123000128000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://resources.onestart.ai/OneStartSetup-v10.116.180.0.msi
Source: onestart.exe, 0000001E.00000003.22799283441.0000123000136000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22799952862.0000027A216F0000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798452750.000012300012C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22806319631.0000123000004000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798452750.0000123000136000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22799283441.000012300012C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798911420.0000123000128000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://resources.onestart.ai/onestart_installer_128.0.6613.125.exe
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://retargetly.com
Source: onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com
Source: onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: onestart.exe, 00000019.00000003.22767290349.00000219AA894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com;
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sephora.com
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared-storage-demo-publisher-a.web.app
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sitescout.com
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
Source: onestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://trkkn.com
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-us&chosenMarketReason=implicitExisting
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-us&chosenMarketReason=implicitExisting
Source: explorer.exe, 00000021.00000000.22818640915.000000000D82A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/y
Source: explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=searchTerms
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22785809228.00006A2C000E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
Source: onestart.exe, 00000019.00000002.22785809228.00006A2C000E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/&Download
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/.
Source: onestart.exe, 00000019.00000003.22767290349.00000219AA894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.png
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.pngK
Source: onestart_installer.exe, 00000007.00000003.22438731323.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.22438808815.000002EA586A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.22711591360.00000221801C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000012.00000003.22774334189.00006C9C000CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-32x32.png
Source: onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
Source: onestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/feed
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/cookingschool/jacques-p
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/recipes/these-crock-pot-soup-recipes-were-made-for-cozy-night
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/wellness/the-11-rudest-things-you-can-do-in-someone-else-s-house-ac
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/love-sex/these-are-the-7-things-divorce-lawyers-avoid-doing-at-a
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/shopping/36-stunning-makeup-looks-to-enhance-your-hazel-eyes/ss-
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/companies/honeywell-s-quantum-computing-business-could-be-worth-20-b
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/dow-suffers-worst-losing-streak-in-nearly-50-years-this-stoc
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/opinion/nuclear-bunker-sales-increase-despite-expert-warnings-they-ar
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/a-weary-biden-heads-for-the-exit/ar-AA1w2wyG
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/dhs-overhauls-h-1b-visa-program/ar-AA1w1STj
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/air-india-s-new-airbus-a350-review-a-new-beginning-
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/who-is-igor-kirillov-the-russian-nuclear-defense-chief-killed-i
Source: explorer.exe, 00000021.00000000.22803930883.00000000096ED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sporX0;
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/boxing/conor-mcgregor-vs-logan-paul-ufc-star-agrees-lucrative-boxin
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/southwest-shares-more-details-on-assigned-seating-and-extra-le
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/news/how-much-of-a-tv-buff-are-you-see-if-you-can-identify-these-25-leg
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/video/animals/creatures-found-at-the-bottom-of-the-mississippi-river/vi-AA
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.thepioneerwoman.com/food-cooking/meals-menus/g31954573/best-soup-recipes/
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.thepioneerwoman.com/food-cooking/meals-menus/g33637382/creamy-soup-recipes/
Source: explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.thepioneerwoman.com/products/a34221687/the-pioneer-woman-slow-cooker/
Source: onestart.exeProcess created: 43
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A466A0 GetProcAddress,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,LocalFree,GetLastError,FreeLibrary,20_2_00A466A0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\81aeda.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB032.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB0BF.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB14D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB1FA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB21A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB315.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI751E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIB032.tmpJump to behavior
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A7839320_2_00A78393
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A771A920_2_00A771A9
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A8015020_2_00A80150
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A4D40020_2_00A4D400
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6B57020_2_00A6B570
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A7168D20_2_00A7168D
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A7F7A420_2_00A7F7A4
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A737DC20_2_00A737DC
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A71ACC20_2_00A71ACC
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A85A5920_2_00A85A59
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A75B1020_2_00A75B10
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A73B7520_2_00A73B75
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A69CEC20_2_00A69CEC
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A7FDF020_2_00A7FDF0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F7645025_2_00007FF7C0F76450
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDDCC025_2_00007FF7C0EDDCC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0ED94A025_2_00007FF7C0ED94A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EF09B025_2_00007FF7C0EF09B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107329025_2_00007FF7C1073290
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10992AC25_2_00007FF7C10992AC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10EA2A025_2_00007FF7C10EA2A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F62AE025_2_00007FF7C0F62AE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1045AE025_2_00007FF7C1045AE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F7631025_2_00007FF7C0F76310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE2B1025_2_00007FF7C0EE2B10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EEDB0025_2_00007FF7C0EEDB00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EF1AF025_2_00007FF7C0EF1AF0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107613C25_2_00007FF7C107613C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EECAB025_2_00007FF7C0EECAB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDCA8025_2_00007FF7C0EDCA80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10A29D425_2_00007FF7C10A29D4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10721F025_2_00007FF7C10721F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE7A4025_2_00007FF7C0EE7A40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10251E025_2_00007FF7C10251E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EFDBD025_2_00007FF7C0EFDBD0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F6EC8025_2_00007FF7C0F6EC80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EEBBA025_2_00007FF7C0EEBBA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C108148025_2_00007FF7C1081480
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EF034025_2_00007FF7C0EF0340
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10A533025_2_00007FF7C10A5330
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1075B3025_2_00007FF7C1075B30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0FD935025_2_00007FF7C0FD9350
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107634025_2_00007FF7C1076340
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE3C7025_2_00007FF7C0EE3C70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1098BCC25_2_00007FF7C1098BCC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0ED3DB025_2_00007FF7C0ED3DB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1098EB425_2_00007FF7C1098EB4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0FF6EA025_2_00007FF7C0FF6EA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10386B025_2_00007FF7C10386B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0FF66B025_2_00007FF7C0FF66B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE4D6025_2_00007FF7C0EE4D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C102CEC025_2_00007FF7C102CEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F53F0025_2_00007FF7C0F53F00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0FF7F1025_2_00007FF7C0FF7F10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C101ED3025_2_00007FF7C101ED30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C104453025_2_00007FF7C1044530
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1075D3425_2_00007FF7C1075D34
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE0F0025_2_00007FF7C0EE0F00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107654425_2_00007FF7C1076544
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10EAD6025_2_00007FF7C10EAD60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F115A025_2_00007FF7C0F115A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C102ADB025_2_00007FF7C102ADB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C101D5A025_2_00007FF7C101D5A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0ED366025_2_00007FF7C0ED3660
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107382825_2_00007FF7C1073828
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C108301C25_2_00007FF7C108301C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F1703025_2_00007FF7C0F17030
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C109003825_2_00007FF7C1090038
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C105287025_2_00007FF7C1052870
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F930F025_2_00007FF7C0F930F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10EA8E025_2_00007FF7C10EA8E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C100B11025_2_00007FF7C100B110
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0ED691025_2_00007FF7C0ED6910
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107AF2025_2_00007FF7C107AF20
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDE8F025_2_00007FF7C0EDE8F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1075F3825_2_00007FF7C1075F38
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C109DF6C25_2_00007FF7C109DF6C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C109FF5825_2_00007FF7C109FF58
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C107678825_2_00007FF7C1076788
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0F9FFA025_2_00007FF7C0F9FFA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10727A025_2_00007FF7C10727A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10DE7D025_2_00007FF7C10DE7D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C103F7E025_2_00007FF7C103F7E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EE782025_2_00007FF7C0EE7820
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EDCA8026_2_00007FF7C0EDCA80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F7645026_2_00007FF7C0F76450
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EDDCC026_2_00007FF7C0EDDCC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0ED94A026_2_00007FF7C0ED94A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EF09B026_2_00007FF7C0EF09B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107329026_2_00007FF7C1073290
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10992AC26_2_00007FF7C10992AC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10EA2A026_2_00007FF7C10EA2A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F62AE026_2_00007FF7C0F62AE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1045AE026_2_00007FF7C1045AE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F7631026_2_00007FF7C0F76310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE2B1026_2_00007FF7C0EE2B10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EFC31026_2_00007FF7C0EFC310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EEDB0026_2_00007FF7C0EEDB00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EF1AF026_2_00007FF7C0EF1AF0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107613C26_2_00007FF7C107613C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EECAB026_2_00007FF7C0EECAB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10A29D426_2_00007FF7C10A29D4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10721F026_2_00007FF7C10721F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE7A4026_2_00007FF7C0EE7A40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10251E026_2_00007FF7C10251E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EFDBD026_2_00007FF7C0EFDBD0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F6EC8026_2_00007FF7C0F6EC80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EEBBA026_2_00007FF7C0EEBBA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C108148026_2_00007FF7C1081480
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EF034026_2_00007FF7C0EF0340
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10A533026_2_00007FF7C10A5330
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE8D1026_2_00007FF7C0EE8D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1075B3026_2_00007FF7C1075B30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0FD935026_2_00007FF7C0FD9350
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107634026_2_00007FF7C1076340
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE3C7026_2_00007FF7C0EE3C70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1098BCC26_2_00007FF7C1098BCC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0ED3DB026_2_00007FF7C0ED3DB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1098EB426_2_00007FF7C1098EB4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0FF6EA026_2_00007FF7C0FF6EA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10386B026_2_00007FF7C10386B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0FF66B026_2_00007FF7C0FF66B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE4D6026_2_00007FF7C0EE4D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C102CEC026_2_00007FF7C102CEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F53F0026_2_00007FF7C0F53F00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0FF7F1026_2_00007FF7C0FF7F10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C101ED3026_2_00007FF7C101ED30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C104453026_2_00007FF7C1044530
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1075D3426_2_00007FF7C1075D34
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE0F0026_2_00007FF7C0EE0F00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107654426_2_00007FF7C1076544
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10EAD6026_2_00007FF7C10EAD60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F115A026_2_00007FF7C0F115A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C102ADB026_2_00007FF7C102ADB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C101D5A026_2_00007FF7C101D5A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0ED366026_2_00007FF7C0ED3660
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107382826_2_00007FF7C1073828
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C108301C26_2_00007FF7C108301C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C109003826_2_00007FF7C1090038
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C105287026_2_00007FF7C1052870
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F930F026_2_00007FF7C0F930F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10EA8E026_2_00007FF7C10EA8E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C100B11026_2_00007FF7C100B110
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0ED691026_2_00007FF7C0ED6910
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107AF2026_2_00007FF7C107AF20
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EDE8F026_2_00007FF7C0EDE8F0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C1075F3826_2_00007FF7C1075F38
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C109DF6C26_2_00007FF7C109DF6C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C109FF5826_2_00007FF7C109FF58
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C107678826_2_00007FF7C1076788
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0F9FFA026_2_00007FF7C0F9FFA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10727A026_2_00007FF7C10727A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10DE7D026_2_00007FF7C10DE7D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C103F7E026_2_00007FF7C103F7E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C0EE782026_2_00007FF7C0EE7820
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: String function: 00007FF7C10ADD70 appears 36 times
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: String function: 00007FF7C1097390 appears 46 times
Source: C:\Windows\Installer\MSI751E.tmpCode function: String function: 00A6A03C appears 102 times
Source: C:\Windows\Installer\MSI751E.tmpCode function: String function: 00A6A400 appears 40 times
Source: C:\Windows\Installer\MSI751E.tmpCode function: String function: 00A6A06F appears 59 times
Source: onestart_installer.exe.part.6.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: onestart_installer.exe.part.6.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 2150199 bytes, 1 file, at 0x2c "setup.exe", number 1, 151 datablocks, 0x1 compression
Source: setup.exe.7.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: widevinecdm.dll.15.drStatic PE information: Number of sections : 13 > 10
Source: setup.exe.7.drStatic PE information: Number of sections : 14 > 10
Source: chrome.dll.8.drStatic PE information: Number of sections : 15 > 10
Source: classification engineClassification label: mal52.spyw.evad.winMSI@84/316@0/18
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A462B0 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,20_2_00A462B0
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A46FE0 CoInitialize,CoCreateInstance,VariantInit,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,VariantInit,LocalFree,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,20_2_00A46FE0
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A41D80 LoadResource,LockResource,SizeofResource,20_2_00A41D80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile created: C:\Program Files\chromium_installer.logJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InstallerJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2240:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2240:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:304:WilStaging_02
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_6568215876866717414
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:304:WilStaging_02
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_6568215876866717414
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9DF2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: onestart.exe, 0000000F.00000003.22759841501.00002B1402D28000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE plus_addresses (profile_id VARCHAR PRIMARY KEY, facet VARCHAR, plus_address VARCHAR);
Source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SmartEasyPDF.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BA5B668C86246B4B76A2E748C6F2A6C7 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B385DF9E52CFAC2C87A6C4EC5EDF80A
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2" "1" "1"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\ONESTART.PACKED.7Z" "install" "15" "2" "1" "1"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe "C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff6620ee638,0x7ff6620ee644,0x7ff6620ee650
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI751E.tmp "C:\Windows\Installer\MSI751E.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /c
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6228,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BA5B668C86246B4B76A2E748C6F2A6C7 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B385DF9E52CFAC2C87A6C4EC5EDF80AJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2" "1" "1"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI751E.tmp "C:\Windows\Installer\MSI751E.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\ONESTART.PACKED.7Z" "install" "15" "2" "1" "1"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installerJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff6620ee638,0x7ff6620ee644,0x7ff6620ee650Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vss_ps.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iri.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wpnapps.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: perfos.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptowinrt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptngc.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: pcpksp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ngcksp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: tbs.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncryptprov.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}\InprocServer32Jump to behavior
Source: OneStart.lnk.12.drLNK file: ..\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk0.12.drLNK file: ..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk1.12.drLNK file: ..\..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook\Capabilities\UrlAssociationsJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeDirectory created: C:\Program Files\chromium_installer.logJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir2096_443923138Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_457162524Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_2107674891Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2096_2107674891\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dll.sigJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\LICENSEJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.jsonJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_metadata\Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_metadata\verified_contents.jsonJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.fingerprintJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir2096_1716231334Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_BITS_2096_84950856Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903\History
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir7268_1605161903\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: SmartEasyPDF.msiStatic file information: File size 4000768 > 1048576
Source: Binary string: se.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI751E.tmp, 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp, MSI751E.tmp, 00000014.00000000.22753773984.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: mini_installer.exe.pdb source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: xe.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: setup.exe.pdb source: setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000001A.00000002.22791116403.00002B70000CC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome_elf.dll.pdb source: onestart.exe, 0000001E.00000002.22814304643.00007FFF3F0F6000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: y_.pdbb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome_proxy.exe.pdb source: setup.exe, 00000008.00000003.22727806744.000002218021C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb` source: onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI751E.tmp, 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp, MSI751E.tmp, 00000014.00000000.22753773984.0000000000A8F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: ll.pdb+p source: onestart.exe, 0000001A.00000002.22789745747.00002B7000048000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: chrome.exe.pdb source: onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000022.00000000.22790033558.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000023.00000000.22795061660.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDD390 GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,LoadLibraryW,GetProcAddress,GetLongPathNameW,SetLastError,25_2_00007FF7C0EDD390
Source: MSI8280.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9DF2.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9E7F.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9EEE.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9F3D.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9F8C.tmp.0.drStatic PE information: section name: .fptable
Source: MSI9FCB.tmp.0.drStatic PE information: section name: .fptable
Source: MSIA02A.tmp.0.drStatic PE information: section name: .fptable
Source: MSIA079.tmp.0.drStatic PE information: section name: .fptable
Source: MSIA0C8.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8156.tmp.0.drStatic PE information: section name: .fptable
Source: MSIB032.tmp.1.drStatic PE information: section name: .fptable
Source: MSIB0BF.tmp.1.drStatic PE information: section name: .fptable
Source: MSIB14D.tmp.1.drStatic PE information: section name: .fptable
Source: MSIB21A.tmp.1.drStatic PE information: section name: .fptable
Source: MSIB315.tmp.1.drStatic PE information: section name: .fptable
Source: MSI751E.tmp.1.drStatic PE information: section name: .fptable
Source: onestart_installer.exe.part.6.drStatic PE information: section name: .gxfg
Source: onestart_installer.exe.part.6.drStatic PE information: section name: .retplne
Source: onestart_installer.exe.part.6.drStatic PE information: section name: _RDATA
Source: setup.exe.7.drStatic PE information: section name: .gxfg
Source: setup.exe.7.drStatic PE information: section name: .retplne
Source: setup.exe.7.drStatic PE information: section name: .rodata
Source: setup.exe.7.drStatic PE information: section name: CPADinfo
Source: setup.exe.7.drStatic PE information: section name: LZMADEC
Source: setup.exe.7.drStatic PE information: section name: _RDATA
Source: setup.exe.7.drStatic PE information: section name: malloc_h
Source: chrome.dll.8.drStatic PE information: section name: .gxfg
Source: chrome.dll.8.drStatic PE information: section name: .retplne
Source: chrome.dll.8.drStatic PE information: section name: .rodata
Source: chrome.dll.8.drStatic PE information: section name: CPADinfo
Source: chrome.dll.8.drStatic PE information: section name: LZMADEC
Source: chrome.dll.8.drStatic PE information: section name: _RDATA
Source: chrome.dll.8.drStatic PE information: section name: malloc_h
Source: chrome.dll.8.drStatic PE information: section name: prot
Source: widevinecdm.dll.15.drStatic PE information: section name: .00cfg
Source: widevinecdm.dll.15.drStatic PE information: section name: .gxfg
Source: widevinecdm.dll.15.drStatic PE information: section name: .retplne
Source: widevinecdm.dll.15.drStatic PE information: section name: .rodata
Source: widevinecdm.dll.15.drStatic PE information: section name: _RDATA
Source: widevinecdm.dll.15.drStatic PE information: section name: malloc_h
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6A019 push ecx; ret 20_2_00A6A02C

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI751E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8280.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9F3D.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIA0C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8156.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB315.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9FCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI751E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIA02A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB14D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9E7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB21A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9EEE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB032.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9DF2.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIA079.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9F8C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB315.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI751E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB14D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB21A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB032.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile created: C:\Program Files\chromium_installer.logJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromiumJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdateJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0BJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestoreJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromiumJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromiumJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdateJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdateJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0BJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0BJump to behavior
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1021870 rdtsc 25_2_00007FF7C1021870
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 593
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 578
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8280.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9F3D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIA0C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB315.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8156.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9FCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIA02A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB14D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9E7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB21A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB032.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9EEE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9DF2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIA079.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDropped PE file which has not been started: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9F8C.tmpJump to dropped file
Source: C:\Windows\Installer\MSI751E.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_20-33991
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeAPI coverage: 6.0 %
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeAPI coverage: 8.6 %
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Program Files\scoped_dir2096_443923138 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\blob_storage\4d304a4b-ee6d-40d7-8986-081bce6e196c FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Program Files\scoped_dir2096_1716231334 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A81860 FindFirstFileExW,20_2_00A81860
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-binJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\NULLJump to behavior
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^?
Source: onestart.exe, 0000001E.00000002.22804936852.0000027A1FC87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllz
Source: onestart.exe, 0000001A.00000002.22796317151.00007FFF2B1A1000.00000020.00000001.01000000.00000009.sdmpBinary or memory string: uVMcI
Source: explorer.exe, 00000021.00000000.22816917498.000000000D41B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000021.00000000.22816917498.000000000D3F2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW9&
Source: onestart_installer.exe, 00000007.00000003.22403984075.000002EA58671000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.22738656784.000002EA58674000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Installer\MSI751E.tmpProcess queried: DebugPort
Source: C:\Windows\Installer\MSI751E.tmpProcess queried: DebugPort
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C1021870 rdtsc 25_2_00007FF7C1021870
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6A1F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00A6A1F1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDD390 GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,LoadLibraryW,GetProcAddress,GetLongPathNameW,SetLastError,25_2_00007FF7C0EDD390
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A425A0 GetProcessHeap,20_2_00A425A0
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6A1F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00A6A1F1
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6E23B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00A6E23B
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6A385 SetUnhandledExceptionFilter,20_2_00A6A385
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A6985D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_00A6985D
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C106F6D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,25_2_00007FF7C106F6D8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C10985FC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_00007FF7C10985FC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C106F6D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF7C106F6D8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 26_2_00007FF7C10985FC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF7C10985FC
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A47800 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,EnumWindows,SetWindowPos,WaitForSingleObject,GetExitCodeProcess,GetWindowThreadProcessId,GetWindowLongW,20_2_00A47800
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff6620ee638,0x7ff6620ee644,0x7ff6620ee650Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_39f0b.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_39f0b.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6228,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_39f0b.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_39f0b.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
Source: explorer.exe, 00000021.00000000.22793000299.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000021.00000000.22818640915.000000000D64F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22801076486.0000000004B10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000021.00000000.22793000299.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000021.00000000.22791324483.0000000000DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000021.00000000.22793000299.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 00000021.00000000.22793000299.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager~
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,20_2_00A850B7
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoW,20_2_00A7F310
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoEx,FormatMessageA,20_2_00A526C1
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetACP,IsValidCodePage,GetLocaleInfoW,20_2_00A84714
Source: C:\Windows\Installer\MSI751E.tmpCode function: EnumSystemLocalesW,20_2_00A849D3
Source: C:\Windows\Installer\MSI751E.tmpCode function: EnumSystemLocalesW,20_2_00A84AB9
Source: C:\Windows\Installer\MSI751E.tmpCode function: EnumSystemLocalesW,20_2_00A84A1E
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,20_2_00A84B50
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoW,20_2_00A84DB0
Source: C:\Windows\Installer\MSI751E.tmpCode function: EnumSystemLocalesW,20_2_00A7EDE2
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,20_2_00A84ED5
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoEx,20_2_00A68F9C
Source: C:\Windows\Installer\MSI751E.tmpCode function: GetLocaleInfoW,20_2_00A84FDB
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: GetLocaleInfoW,25_2_00007FF7C1096C74
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,25_2_00007FF7C109C3F8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,25_2_00007FF7C109C688
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,25_2_00007FF7C1097588
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,25_2_00007FF7C109BDDC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,25_2_00007FF7C109C0DC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: GetLocaleInfoW,26_2_00007FF7C1096C74
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,26_2_00007FF7C109C3F8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,26_2_00007FF7C109C688
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,26_2_00007FF7C1097588
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,26_2_00007FF7C109BDDC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: EnumSystemLocalesW,26_2_00007FF7C109C0DC
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\master_preferences VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\130.0.6723.134\PrivacySandboxAttestationsPreloaded\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\130.0.6723.134\MEIPreload\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\130.0.6723.134\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\130.0.6723.134\MEIPreload\preloaded_data.pb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\conversion-tracking.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\page.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.32_0\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.32_0\conversion-tracking.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.32_0\conversion-tracking.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.32_0\page.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\page.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\iogmhikihfgnimkplhkcpapibpafdmmh\101.0.1.14_0\page.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeCode function: 7_2_00007FF613076EB4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_00007FF613076EB4
Source: C:\Windows\Installer\MSI751E.tmpCode function: 20_2_00A7F7A4 GetTimeZoneInformation,20_2_00A7F7A4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 25_2_00007FF7C0EDCA80 GetVersionExW,GetProductInfo,GetNativeSystemInfo,25_2_00007FF7C0EDCA80
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		11
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		11
Windows Service		2
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		1
DLL Side-Loading		NTDS35
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Registry Run Keys / Startup Folder		1
File Deletion		LSA Secrets41
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts133
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Modify Registry		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1577104 Sample: SmartEasyPDF.msi Startdate: 18/12/2024 Architecture: WINDOWS Score: 52 10 msiexec.exe 11 36 2->10         started        14 msiexec.exe 14 2->14         started        16 cmd.exe 2->16         started        18 3 other processes 2->18 file3 85 C:\Windows\Installer\MSI751E.tmp, PE32 10->85 dropped 87 C:\Windows\Installer\MSIB315.tmp, PE32 10->87 dropped 89 C:\Windows\Installer\MSIB21A.tmp, PE32 10->89 dropped 97 3 other files (none is malicious) 10->97 dropped 125 Drops executables to the windows directory (C:\Windows) and starts them 10->125 20 onestart_installer.exe 17 10->20         started        24 msiexec.exe 13 10->24         started        26 msiexec.exe 10->26         started        28 MSI751E.tmp 10->28         started        91 C:\Users\user\AppData\Local\...\MSIA0C8.tmp, PE32 14->91 dropped 93 C:\Users\user\AppData\Local\...\MSIA079.tmp, PE32 14->93 dropped 95 C:\Users\user\AppData\Local\...\MSIA02A.tmp, PE32 14->95 dropped 99 8 other files (none is malicious) 14->99 dropped 30 onestart.exe 16->30         started        32 conhost.exe 16->32         started        34 chrome.exe 18->34         started        36 conhost.exe 18->36         started        38 conhost.exe 18->38         started        signatures4 process5 dnsIp6 111 3.161.150.2 AMAZON-02US United States 20->111 113 3.166.181.126 AMAZON-02US United States 20->113 115 127.0.0.1 unknown unknown 20->115 75 C:\Users\user\AppData\Local\...\setup.exe, PE32+ 20->75 dropped 40 setup.exe 86 114 20->40         started        117 3.163.101.34 AMAZON-02US United States 24->117 77 C:\Users\user\...\onestart_installer.exe.part, PE32+ 24->77 dropped 79 C:\Users\...\onestart_installer.exe (copy), PE32+ 24->79 dropped 43 onestart.exe 30->43         started        file7 process8 file9 81 C:\Users\user\AppData\Local\...\chrome.dll, PE32+ 40->81 dropped 83 C:\Users\user\...\chrome_proxy.exe (copy), PE32+ 40->83 dropped 45 onestart.exe 37 386 40->45         started        50 setup.exe 1 8 40->50         started        52 setup.exe 3 40->52         started        54 onestart.exe 43->54         started        process10 dnsIp11 121 192.168.11.20 unknown unknown 45->121 101 C:\Users\user\AppData\Local\...\History, SQLite 45->101 dropped 103 C:\Program Files\...\widevinecdm.dll, PE32+ 45->103 dropped 127 Creates multiple autostart registry keys 45->127 129 Tries to harvest and steal browser information (history, passwords, etc) 45->129 56 onestart.exe 45->56         started        59 cmd.exe 45->59         started        61 explorer.exe 45->61 injected 65 14 other processes 45->65 63 setup.exe 3 50->63         started        file12 signatures13 process14 dnsIp15 123 Tries to harvest and steal browser information (history, passwords, etc) 56->123 68 onestart.exe 59->68         started        71 onestart.exe 61->71         started        105 9.9.9.9 QUAD9-AS-1US United States 65->105 107 18.165.53.102 MIT-GATEWAYSUS United States 65->107 109 10 other IPs or domains 65->109 signatures16 process17 dnsIp18 119 13.32.230.84 AMAZON-02US United States 68->119 73 onestart.exe 71->73         started        process19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SmartEasyPDF.msi0%ReversingLabs
SmartEasyPDF.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dll0%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.part3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134\chrome.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI8156.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI8280.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9DF2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9E7F.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9EEE.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9F3D.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9F8C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI9FCB.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIA02A.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIA079.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIA0C8.tmp0%ReversingLabs
C:\Windows\Installer\MSI751E.tmp0%ReversingLabs
C:\Windows\Installer\MSIB032.tmp0%ReversingLabs
C:\Windows\Installer\MSIB0BF.tmp0%ReversingLabs
C:\Windows\Installer\MSIB14D.tmp0%ReversingLabs
C:\Windows\Installer\MSIB21A.tmp0%ReversingLabs
C:\Windows\Installer\MSIB315.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-dark0%Avira URL Cloudsafe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe
https://api2.onestart.ai/api/bb/updates.txt0%Avira URL Cloudsafe
https://powerpoint.office.comC6-40%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/rendering.html#flow-content-30%Avira URL Cloudsafe
https://drafts.csswg.org/css-page-3/#margin-text-alignment0%Avira URL Cloudsafe
http://anglebug.com/422619240%Avira URL Cloudsafe
https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATA&wversion=&bversion=ht0%Avira URL Cloudsafe
https://issuetracker.google.com/2200699030%Avira URL Cloudsafe
http://anglebug.com/414886370%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd4-dark0%Avira URL Cloudsafe
http://anglebug.com/400968380%Avira URL Cloudsafe
https://crbug.com/6505470%Avira URL Cloudsafe
http://anglebug.com/422641930%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi30%Avira URL Cloudsafe
http://e5.o.lencr.org00%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark0%Avira URL Cloudsafe
http://ocsp.r2m02.amazontrust.com060%Avira URL Cloudsafe
https://crashpad.chromium.org/0%Avira URL Cloudsafe
https://crbug.com/5930240%Avira URL Cloudsafe
http://anglebug.com/400966080%Avira URL Cloudsafe
https://issuetracker.google.com/3494892480%Avira URL Cloudsafe
http://crbug.com/9416200%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:0%Avira URL Cloudsafe
http://anglebug.com/422655090%Avira URL Cloudsafe
http://en.w0%Avira URL Cloudsafe
https://outlook.comB744-20%Avira URL Cloudsafe
http://anglebug.com/3556458240%Avira URL Cloudsafe
https://shared-storage-demo-publisher-a.web.app0%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements0%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd40%Avira URL Cloudsafe
https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://onestart.ai/chr/uninstall?iid=setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpfalse
    		high
    https://api2.onestart.ai/api/bb/updates.txtonestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://drafts.csswg.org/css-page-3/#margin-text-alignmentonestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://duckduckgo.com/ac/?q=onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://d-edgeconnect.mediaonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-darkexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.msn.com/en-us/news/politics/dhs-overhauls-h-1b-visa-program/ar-AA1w1STjexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
          		high
          https://powerpoint.office.comC6-4explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.pngexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
            		high
            https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATA&wversion=&bversion=htonestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.pngonestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.thepioneerwoman.com/products/a34221687/the-pioneer-woman-slow-cooker/explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000021.00000000.22791324483.0000000000DD9000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.thepioneerwoman.com/food-cooking/meals-menus/g31954573/best-soup-recipes/explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                      		high
                      https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.msn.com/en-us/travel/news/southwest-shares-more-details-on-assigned-seating-and-extra-leexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        http://log.onestart.ai/tart.aionestart_installer.exe, 00000007.00000002.22739568078.000064B00007C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22807902767.000012300008C000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://resources.onestart.ai/onestart_installer_128.0.6613.125.exeonestart.exe, 0000001E.00000003.22799283441.0000123000136000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22799952862.0000027A216F0000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798452750.000012300012C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22806319631.0000123000004000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798452750.0000123000136000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22799283441.000012300012C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000003.22798911420.0000123000128000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://trkkn.comonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://onestart.ai/chr/ri?onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpfalse
                                		high
                                https://retargetly.comonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newsetup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://onestart.ai/chr/gcsett?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&bversion=130.0.6723.134&wveronestart.exe, 0000001E.00000002.22807690712.000012300007C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://issuetracker.google.com/220069903onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://anglebug.com/41488637onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://img.s-msn.com/tenant/amp/entityid/BBj8zm6.imgexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.comonestart.exe, 0000000F.00000003.22805036015.00002B14024F8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000012.00000003.22774334189.00006C9C000CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.pngKonestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.eicar.org/download-anti-malware-testfile/:onestart.exe, 00000019.00000003.22767290349.00000219AA894000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/42261924onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.google.com/chrome/static/images/favicons/favicon-32x32.pngonestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://a-mo.netonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd4-darkexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://wns.windows.com/yexplorer.exe, 00000021.00000000.22818640915.000000000D82A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.ecosia.org/search?q=searchTermsonestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://secure.eicar.org/eicar.com;onestart.exe, 00000019.00000003.22767290349.00000219AA894000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://crbug.com/650547onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://anglebug.com/40096838onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://anglebug.com/42264193onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crt.r2m02.amazontrust.com/r2m02.cer0onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://e5.o.lencr.org0onestart.exe, 0000000F.00000003.22805341372.00002B1403458000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.msn.com/en-us/money/companies/honeywell-s-quantum-computing-business-could-be-worth-20-bexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.msn.com/IEexplorer.exe, 00000021.00000000.22803930883.0000000009935000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-darkexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://momento.devonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.msn.com/en-us/news/world/who-is-igor-kirillov-the-russian-nuclear-defense-chief-killed-iexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.msn.com/v1/news/Feed/Windows?activityId=2A885B03C9E04092BA63E8AF31514D2B&timeOut=5000&ocexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://crashpad.chromium.org/setup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://word.office.comexplorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.svgexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ocsp.r2m02.amazontrust.com06onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://crbug.com/593024onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://onestart.ai/chr/gcsett?iid=&bversion=130.0.6723.134&wversion=4.5.264.2ionestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.eicar.org/download-anti-malware-testfile/&Downloadonestart.exe, 00000019.00000002.22785809228.00006A2C000E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.msn.com/en-us/foodanddrink/recipes/these-crock-pot-soup-recipes-were-made-for-cozy-nightexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.msn.com/en-us/health/wellness/the-11-rudest-things-you-can-do-in-someone-else-s-house-acexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://secure.eicar.org/eicar.comonestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://issuetracker.google.com/349489248onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://sitescout.comonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/40096608onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://crbug.com/941620onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icoonestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.msn.com/en-us/news/politics/a-weary-biden-heads-for-the-exit/ar-AA1w2wyGexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ocsp.rootca1.amazontrust.com0:onestart.exe, 0000000F.00000003.22805036015.00002B14024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240908.1/Weather/W34_Mostexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:onestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://aka.ms/odirmOM;.EXEexplorer.exe, 00000021.00000000.22803930883.0000000009816000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.google.com/search?q=eicaronestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://en.wonestart.exe, 00000023.00000003.22811155591.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22808882502.000002239FAF7000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22810737320.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22811585680.000002239FAF6000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22809806068.000002239FAF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://www.google.com/favicon.icoonestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.eicar.org/download-anti-malware-testfile/onestart.exe, 00000019.00000003.22772586502.00000219AA87C000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22785809228.00006A2C000E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/42265509onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://outlook.comB744-2explorer.exe, 00000021.00000000.22818640915.000000000D8E0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://anglebug.com/355645824onestart.exe, 0000000F.00000003.22781176524.00002B14026C4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762391770.000077EC0016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000011.00000003.22762295538.000077EC00164000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=130.0.6723.134&wversion=4.5.264.2Startonestart_installer.exe, 00000007.00000002.22739473511.000064B00006C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://onestart.ai/chr/ui?iid=onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                      		high
                                                                                                      https://shared-storage-demo-publisher-a.web.apponestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.msn.com/en-us/lifestyle/love-sex/these-are-the-7-things-divorce-lawyers-avoid-doing-at-aexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000021.00000000.22818640915.000000000D4BB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://demand.supplyonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://html.spec.whatwg.org/multipage/rendering.html#hidden-elementsonestart.exe, 00000022.00000003.22800438385.000031B4002E0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799104343.000031B40018C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799287664.000031B400170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000022.00000003.22799781126.000031B4002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803404077.000062040016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803801445.00006204002D0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22803264266.0000620400188000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.22804295040.00006204002E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://log.onestart.ai/onestart_installer.exe, 00000007.00000002.22739568078.000064B00007C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000001E.00000002.22807902767.000012300008C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://gemini.google.com/app?q=onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://onestart.ai/chr/ri?productbrowsertyphttps://onestart.ai/chr/ui?iid=onestart_installer.exe, 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000000.22363801965.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://secure.eicar.org/eicar.com.txtonestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.msn.com/en-us/sporX0;explorer.exe, 00000021.00000000.22803930883.00000000096ED000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000021.00000000.22816917498.000000000D3AF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMd4explorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrowonestart.exe, 00000019.00000002.22779754387.00000219AAB3A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://gemini.google.com/app?q=searchTermsonestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=130.0.6723.134&wversion=4.5.264.2init_bdonestart_installer.exe, 00000007.00000002.22739623961.000064B000080000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://windows.msn.com:443/shellv2?osLocale=en-us&chosenMarketReason=implicitExistingexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.msn.com/en-us/money/markets/dow-suffers-worst-losing-streak-in-nearly-50-years-this-stocexplorer.exe, 00000021.00000000.22818640915.000000000D6BD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://mobon.netonestart.exe, 0000000F.00000003.22760697937.00002B1402B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.ecosia.org/search?q=onestart.exe, 0000000F.00000003.22761426321.00002B1402E98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://crashpad.chromium.org/bug/newsetup.exe, 00000008.00000000.22441547377.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.22443330403.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000000.22718111225.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000000.22720308063.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000D.00000002.22729909365.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 0000000F.00000000.22728971582.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000010.00000000.22730701210.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000011.00000000.22742889470.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000012.00000000.22748038541.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000013.00000000.22750781370.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000019.00000000.22764964880.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000000.22770266125.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001B.00000000.22778339242.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001D.00000000.22782003145.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000002.22812372928.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000001E.00000000.22782136074.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.unicode.org/copyright.htmlonestart.exe, 00000024.00000002.22815643688.00000290E88B2000.00000002.00000001.00040000.00000015.sdmpfalse
                                                                                                                                        		high

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        3.166.181.126
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        9.9.9.9
                                                                                                                                        		unknownUnited States
                                                                                                                                        		19281QUAD9-AS-1USfalse
                                                                                                                                        1.1.1.1
                                                                                                                                        		unknownAustralia
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        34.104.35.123
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        173.194.210.94
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        142.250.9.105
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        3.161.150.2
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        74.125.21.95
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        13.32.230.84
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        18.165.53.102
                                                                                                                                        		unknownUnited States
                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                        3.161.150.69
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        3.163.101.34
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        3.161.150.19
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        172.217.215.94
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        172.217.215.84
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        172.64.41.3
                                                                                                                                        		unknownUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                        Private

                                                                                                                                        IP
                                                                                                                                        192.168.11.20
                                                                                                                                        127.0.0.1

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1577104
                                                                                                                                        Start date and time:2024-12-18 01:56:42 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 13m 55s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                        Number of analysed new started processes analysed:47
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:SmartEasyPDF.msi
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal52.spyw.evad.winMSI@84/316@0/18
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 33.3%
                                                                                                                                        HCA Information:Failed
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .msi

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, VSSVC.exe, svchost.exe
                                                                                                                                        • Execution Graph export aborted for target onestart_installer.exe, PID 2976 because there are no executed function
                                                                                                                                        • Execution Graph export aborted for target setup.exe, PID 3456 because there are no executed function
                                                                                                                                        • Execution Graph export aborted for target setup.exe, PID 5108 because there are no executed function
                                                                                                                                        • Execution Graph export aborted for target setup.exe, PID 7464 because there are no executed function
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        01:59:46Task SchedulerRun new task: OneStartAutoLaunchTask-19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e path: cmd.exe s>/C "START /MIN /D "%LOCALAPPDATA%\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
                                                                                                                                        01:59:48AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneStartChromium "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                        01:59:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneStartUpdate "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
                                                                                                                                        02:00:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OneStartChromium "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                        02:00:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OneStartUpdate "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
                                                                                                                                        19:59:49API Interceptor494x Sleep call for process: explorer.exe modified

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        9.9.9.9Software_Tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                              Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                    ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                      allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            1.1.1.16fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1/ctrl/playback.php
                                                                                                                                                            PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                            • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                            AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1/
                                                                                                                                                            INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                            Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1/

                                                                                                                                                            Domains

                                                                                                                                                            No context

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            CLOUDFLARENETUShades.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1
                                                                                                                                                            hades.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1
                                                                                                                                                            Credit Card Authorization Form.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.17.24.14
                                                                                                                                                            https://adobe.blob.core.windows.net/adobe/adobe.html?sp=r&st=2024-12-17T20:58:07Z&se=2025-01-11T04:58:07Z&spr=https&sv=2022-11-02&sr=b&sig=vDeHaevGyq9deO2tRq9D03JLZreACGon6EF%2FhhJQk7s%3DGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.17.25.14
                                                                                                                                                            https://pdf-ezy.com/pdf-ezy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.21.40.135
                                                                                                                                                            PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 172.67.177.134
                                                                                                                                                            Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 172.67.74.152
                                                                                                                                                            hades.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 1.1.1.1
                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYSBrowse
                                                                                                                                                            • 104.21.23.76
                                                                                                                                                            https://drive.google.com/file/d/1t3oVTU9WVeXXW61-QBDfjBrcece1DEFY/view?usp=sharingGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.17.25.14
                                                                                                                                                            QUAD9-AS-1USSoftware_Tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 149.112.112.112
                                                                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 9.9.9.9
                                                                                                                                                            rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                            • 149.112.112.112
                                                                                                                                                            AMAZON-02UShttps://workflowspace.m-pages.com/8wJEXg/lee-cpa-audit-groupGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 3.66.78.109
                                                                                                                                                            Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 13.227.8.64
                                                                                                                                                            https://workflowspace.m-pages.com/8wJEXg/lee-cpa-audit-groupGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 18.156.205.65
                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 99.83.136.84
                                                                                                                                                            http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 44.235.193.153
                                                                                                                                                            jew.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 35.155.144.152
                                                                                                                                                            jew.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 54.116.148.229
                                                                                                                                                            jew.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 44.243.245.73
                                                                                                                                                            jew.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 34.248.106.89
                                                                                                                                                            https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpub-c51a5b71098c4a50b29ad0816d037292.r2.dev%2525252Findex.html%25252F1FPh%25252FkO25AQ%25252FAQ%25252F3e065842-509e-4fd5-abbb-5283a8ac4086%25252F1%25252FRkloQ4shWG%252F1FPh%252Fk_25AQ%252FAQ%252Fdde43c95-583c-418a-adc0-08f493a126f6%252F1%252FJb7OErMoyM%2F1FPh%2Fk_25AQ%2FAQ%2Fb4b83026-0c0f-44d4-9e59-6245afb2c831%2F1%2F0MDiG0XvGK/1FPh/le25AQ/AQ/97716a3f-8a20-4219-bc1f-a50876348ddc/1/HkaU6VJ0d2#Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 3.251.43.2

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dllpdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                              allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                Complete_with_DocuSign_49584.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  https://averellharriman.sharefile.com/public/share/web-sab7e0a816d3e4e0ca3a0899254901a6dGet hashmaliciousUnknownBrowse
                                                                                                                                                                    DRL-272112.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                      View alert details #20GBQ4J.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                        shelbycountytn.gov.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          EPAYMENT_Receipt.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                            Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              https://qrco.de/bfQgn5Get hashmaliciousUnknownBrowse

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\Config.Msi\81aedb.rbs

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):796923
                                                                                                                                                                                Entropy (8bit):6.7267973038534885
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:CBhvCCzRj0XiKelqEcWYewoqTNjph0lhSMXleywMG/5:+JCNKqEbCTNVh0lhSMXljG/5
                                                                                                                                                                                MD5:2853B1ED746B9A3640D2F12670FA1E04
                                                                                                                                                                                SHA1:E009D8894BBDFB294C2E0FEDA83B4429FD40981E
                                                                                                                                                                                SHA-256:C09D3734441E9A155AEA12AD79FAE10C6CBF89B88491357EDA3F08110B02473F
                                                                                                                                                                                SHA-512:EF129FFA743F732EA746C394269EFC29C866F432CEDB6CF067841791F58E23EDF5B5151DDDAE2725EFA0885DFC1F9D9CB43E0932B911F1DEDA153BD2DBEE801B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@IXOS.@.....@\..Y.@.....@.....@.....@.....@.....@......&.{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}..OneStart PDF..SmartEasyPDF.msi.@.....@.....@.....@........&.{249F5AB3-2E2B-4EC5-91BA-1BEA3464F645}.....@.....@.....@.....@.......@.....@.....@.......@......OneStart PDF......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FEE34822-BEE6-46CA-8BC7-812252175977}&.{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}.@......&.{D8511B6D-3FAD-4D18-929C-23F5ACD99D44}&.{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}.@........CreateFolders..Creating folders..Folder: [1]#.*.C:\Users\user\AppData\Local\OneStart.ai\.@....#.=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@........AI_FdRollback..Rolling back downloaded files#.Rolling back downloaded file: "[1]"L...AI_FdRollback.@.-....h$..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\LICENSE

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):473
                                                                                                                                                                                Entropy (8bit):4.388167319950301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:LOT6w+DmsDZrkrDxBYRgELGNB+cIMLohXOl0t1iKR/UFioWd9+iAt4jZMeLhJoUs:iwDtVEDsCDLeelyigqBjt4eK2f55
                                                                                                                                                                                MD5:F6719687BED7403612EAED0B191EB4A9
                                                                                                                                                                                SHA1:DD03919750E45507743BD089A659E8EFCEFA7AF1
                                                                                                                                                                                SHA-256:AFB514E4269594234B32C873BA2CD3CC8892E836861137B531A40A1232820C59
                                                                                                                                                                                SHA-512:DD14A7EAE05D90F35A055A5098D09CD2233D784F6AC228B5927925241689BFF828E573B7A90A5196BFDD7AAEECF00F5C94486AD9E3910CFB07475FCFBB7F0D56
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Google LLC and its affiliates ("Google") own all legal right, title and.interest in and to the content decryption module software ("Software") and.related documentation, including any intellectual property rights in the.Software. You may not use, modify, sell, or otherwise distribute the Software.without a separate license agreement with Google. The Software is not open.source software...If you are interested in licensing the Software, please contact.www.widevine.com.

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_metadata\verified_contents.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1550
                                                                                                                                                                                Entropy (8bit):5.9461543350675905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:p/hFkmoyMTI1jglp6NjkakKwk+R2VJAz5s:RhMka5adwTYQz5s
                                                                                                                                                                                MD5:98B310FC33843D771DA0089FA155EDB2
                                                                                                                                                                                SHA1:5690A43F43673B947EB4C433CB4F5488A287E29C
                                                                                                                                                                                SHA-256:28F09A4AF935D2894689CC00658D597257422CAFF20A01055EFD8E78AD5E829F
                                                                                                                                                                                SHA-512:E76830974EA54C94E857179CA0DA893E088034367CA5C33E71C1016B788E737D65AB49AD9A9E6FEB85385B963AF5C13DB0A91E3F3072AC91600E91A1CEA0AB6F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoicjdVVTVDYVZsQ05MTXNoenVpelR6SWlTNkRhR0VUZTFNYVFLRWpLQ0RGayJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy93aW5feDY0L3dpZGV2aW5lY2RtLmRsbCIsInJvb3RfaGFzaCI6IjIyaDRkdGc4WEx5b2pnb3h3STdVUWppQTRXZ1ZMSFg1YV9oWVZaTFpBNUEifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMvd2luX3g2NC93aWRldmluZWNkbS5kbGwuc2lnIiwicm9vdF9oYXNoIjoiMDJOMUd3N2toUmZhRzFiQmZfelhqZFZfSmJDU3NKaDVabjJ4QXpnSGRpRSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKYWNDM1ZPSnpIc0hmR3RPQnNINjJiM3FkS25EZEZNNGlZYlFrOEozMkNjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2ltb21wZWNhZ25hamRlamdubmppam9iZWJhZWlnZWsiLCJpdGVtX3ZlcnNpb24iOiI0LjEwLjI4MzAuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KnESAO6ts6E14P0aoVwC_yghkUn7_i9PCMh0NvK44eLJL04dv

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19236784
                                                                                                                                                                                Entropy (8bit):7.70214269860876
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:393216:FPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8P:DFyjs0pYl1hwDJeVT7erq8P
                                                                                                                                                                                MD5:9D76604A452D6FDAD3CDAD64DBDD68A1
                                                                                                                                                                                SHA1:DC7E98AD3CF8D7BE84F6B3074158B7196356675B
                                                                                                                                                                                SHA-256:EB98FA2CFE142976B33FC3E15CF38A391F079E01CF61A82577B15107A98DEA02
                                                                                                                                                                                SHA-512:EDD0C26C0B1323344EB89F315876E9DEB460817FC7C52FAEDADAD34732797DAD0D73906F63F832E7C877A37DB4B2907C071748EDFAD81EA4009685385E9E9137
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: pdfguruhub.msi, Detection: malicious, Browse
                                                                                                                                                                                • Filename: allpdfpro.msi, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Complete_with_DocuSign_49584.pdf, Detection: malicious, Browse
                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                • Filename: DRL-272112.htm, Detection: malicious, Browse
                                                                                                                                                                                • Filename: View alert details #20GBQ4J.html, Detection: malicious, Browse
                                                                                                                                                                                • Filename: shelbycountytn.gov.pdf, Detection: malicious, Browse
                                                                                                                                                                                • Filename: EPAYMENT_Receipt.html, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.html, Detection: malicious, Browse
                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Gf.........." ......o.........P.l......................................p].....c.%...`A..........................................!.......!...... ]......`[..$...f%..!...0].0:....!.8.....................!.(...`cp.@...........p.!..............................text.....o.......o................. ..`.rdata..x.....o.......o.............@..@.data...pv8...".......".............@....pdata...$...`[..&....#.............@..@.00cfg..0.....\.......$.............@..@.gxfg... (....\..*....$.............@..@.retplne......\.......%..................rodata.......\.......%............. ..`.tls..........\.......%.............@..._RDATA..\.....]...... %.............@..@malloc_h......]......"%............. ..`.rsrc........ ]......$%.............@..@.reloc..0:...0]..<...*%.............@..B................................................................................................

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\_platform_specific\win_x64\widevinecdm.dll.sig

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1427
                                                                                                                                                                                Entropy (8bit):7.572464059652219
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:38H/VZn47VBRxgCUQuODHBJeriJ8yojUdnkLvXWgl0oHLrUXAokYH/o8j/bmspTh:38HdurRxHSOlAiqYoXWVDXJ/o8zbmsFh
                                                                                                                                                                                MD5:A19EC48B4B28F3AA9C32150DCA8C0E39
                                                                                                                                                                                SHA1:02981E40B643C2A987D47BF58F42B7F3CA5AAF07
                                                                                                                                                                                SHA-256:D363751B0EE48517DA1B56C17FFCD78DD57F25B092B09879667DB10338077621
                                                                                                                                                                                SHA-512:718A24E1FB45AB0FD3DB5A5C45B0E0061D9061D8615E2A8D6DB2150BF72267E96774094A6FC07A250D5BBBC5133A1CB635D8F7ADC5B1751FA99327FCE9555941
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....0...0...........6cd/+J.v{..B...0...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...171013173909Z..271011173909Z0y1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1.0...U....widevine-vmp-codesign0.."0...*.H.............0.........2F..8.e..-....$r...{^........0.%.HA...sA"D.q.=6...#.J.N.......&..k;.+...<xF.......B8.)S....o..|Ci.F.A6....J.......Y..4..{.5u.9N...=...#.M..s.F!j.f%&ld.R...?!Ot@......#.f..O..[.V.p0y....+...S.].....M.=.9...>.. ........>.:....1tl.....`D/c..j..........0..0...U......L...cC.E..R.n...$.0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H.............g.."..[..t{.4~.,.G....4K.....(x$...} .*...N..b|d......h..u6?.L.(&.Oup...$!...4R. 5.-...s...K/..U[..[.+.sAX*.~...^0..ba>;.#....x...b.-1...E..l....S.n.a....)U .q..C>d:...<[..F5...7...[.-.l}.T Lc.X..Qf...z..:.Q..e.m

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.fingerprint

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                Entropy (8bit):3.9232676497295262
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:SQTWAEVtGbSHaqHGDTzoARPkBDF:SQyANeayyTzTP6
                                                                                                                                                                                MD5:5BFBCC6E7AA3E9C1570C5C73F38FA8EA
                                                                                                                                                                                SHA1:497BAFA5658C6CE8C8010D12F104EEBEC7A1BAE2
                                                                                                                                                                                SHA-256:84470096167EA43C0880B39FE44B42F552014E4F85B66805C2935C542BA3CB8E
                                                                                                                                                                                SHA-512:41BBED6CC317FF190189D63D6D5910D30E23A5160E5FF5F635FF408AAB13452DA8174556D7120DB176701435A3329A93A7450583404D56C34A37B67F1A332EDC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2096_623586144\manifest.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1001
                                                                                                                                                                                Entropy (8bit):4.774546324439748
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ulaihI11X1TRuRckckH3WoA0UNqLQxUNqmTxyNq+TA:C1hYl1uRfckHkseDA
                                                                                                                                                                                MD5:2FF237ADBC218A4934A8B361BCD3428E
                                                                                                                                                                                SHA1:EFAD279269D9372DCF9C65B8527792E2E9E6CA7D
                                                                                                                                                                                SHA-256:25A702DD5389CC7B077C6B4E06C1FAD9BDEA74A9C37453388986D093C277D827
                                                                                                                                                                                SHA-512:BAFD91699019AB756ADF13633B825D9D9BAE374CA146E8C05ABC70C931D491D421268A6E6549A8D284782898BC6EB99E3017FBE3A98E09CD3DFECAD19F95E542
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{. "manifest_version": 2,. "update_url": "https://clients2.google.com/service/update2/crx",. "name": "WidevineCdm",. "description": "Widevine Content Decryption Module",. "version": "4.10.2830.0",. "minimum_chrome_version": "68.0.3430.0",. "x-cdm-module-versions": "4",. "x-cdm-interface-versions": "10",. "x-cdm-host-versions": "10",. "x-cdm-codecs": "vp8,vp09,avc1,av01",. "x-cdm-persistent-license-support": true,. "x-cdm-supported-encryption-schemes": [. "cenc",. "cbcs". ],. "icons": {. "16": "imgs/icon-128x128.png",. "128": "imgs/icon-128x128.png". },. "platforms": [. {. "os": "win",. "arch": "x64",. "sub_package_path": "_platform_specific/win_x64/". },. {. "os": "win",. "arch": "x86",. "sub_package_path": "_platform_specific/win_x86/". },. {. "os": "win",. "arch": "arm64",. "sub_package_path": "_platform_specific/win_arm64/". }. ],. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].

                                                                                                                                                                                C:\Program Files\chrome_url_fetcher_2096_2107674891\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14507539
                                                                                                                                                                                Entropy (8bit):7.999857010958995
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:196608:xtNkRLBghAdmkjek3vps8oUarofQnLJJaTLj6llFwyrvQCGDZjaPRwFJs1:YLKhh6vpsZUaBJJaTfazrvQRDJIRwF21
                                                                                                                                                                                MD5:3DB950B4014A955D2142621AAEECD826
                                                                                                                                                                                SHA1:C2B728B05BC34B43D82379AC4CE6BDAE77D27C51
                                                                                                                                                                                SHA-256:567F5DF81EA0C9BDCFB7221F0EA091893150F8C16E3012E4F0314BA3D43F1632
                                                                                                                                                                                SHA-512:03105DCF804E4713B6ED7C281AD0343AC6D6EB2AED57A897C6A09515A8C7F3E06B344563E224365DC9159CFD8ED3EF665D6AEC18CC07AAAD66EED0DC4957DDE3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........d.x.,.......o.6.......|..gn{F..d.."....L.....!_qC/..#......E.Z..tA....s..=...6*.%@..K(.v...D.v.z..ZO$...v.,....m.V?;'...e.ajM.@1.`..Fa.}......g.C.5...+.9...F|.b.nY.K....p..z...E.....|...Q..Gt.<....[.")nt+.....sw.i.`c.m}.....p.p..2:. .{..N.......0..0...*.H............0............<.bi.......'o..h...ZD..".^.`...........zG(.....d..,.t<...ZD..g.*_wI.5.-..g.).._......:.P.......B..4S....$..d...............E^.A...L.>F...E.A./VpY<.O3.....!.+Pv....6.a.r..?n.L .....s...V.^..x\.T.J...5...%aGe.0"}.QGc......T.Ljh.2..k.t.ym.....H..?.y....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!.......t.>g'=>.o.k....{..

                                                                                                                                                                                C:\Program Files\chromium_installer.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1025
                                                                                                                                                                                Entropy (8bit):5.320468245074565
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:JLo/d+pBTXHTHiTv/dfT8JX1r4DOp5NSteYpeNSYxYpINSbdYpr:JEQbHriR21kDOxYQYrYF
                                                                                                                                                                                MD5:EFD94700EDB3529158B34EDFCF992C17
                                                                                                                                                                                SHA1:E1F4F86E70A621C3368F64B1D891062B0435E673
                                                                                                                                                                                SHA-256:14FEB16F80853D96D13E649765E8824D8ED43F8C8A85CC90EF8CDD0D4D85AA1E
                                                                                                                                                                                SHA-512:B7C411E26368479B6AE8F38C732C550B5D37C2FBC56FAF0C2AFF1DB634EBDE2F225B84788BDD26A301782923DAC1E04F05AB0D3E7FE3DBED442E760E1A120697
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[1217/195942.190:ERROR:install_worker.cc(192)] Unexpected result creating NotificationActivator; hr=0x0.[1217/195942.444:VERBOSE1:setup_main.cc(1471)] Command Line: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0.[1217/195942.444:VERBOSE1:setup_main.cc(1477)] system install is 0.[1217/195942.444:VERBOSE1:installer_state.cc(87)] Install Chrome.[1217/195942.694:VERBOSE1:install_util.cc(247)] Windows NT 10.0.19042.[1217/195942.694:VERBOSE1:install.cc(120)] Creating per-user Desktop "OneStart" shortcut to C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe..[1217/195942.819:VERBOSE1:install.cc(120)] Creating per-user Quick Launch "OneStart" shortcut to C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe..[1217/195942.866:VERBOSE1:install.cc(120)] Creating per-user Start menu "OneStart" shortcut to C:\Users\user\AppData\Local\OneStart.ai\OneStart\A

                                                                                                                                                                                C:\Program Files\scoped_dir7268_1605161903\Favicons

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 18, database pages 39, 1st free page 13, free pages 24, cookie 0x8, schema 4, UTF-8, version-valid-for 18
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):81920
                                                                                                                                                                                Entropy (8bit):1.5749364057089108
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:scw2ALUAw2AuuMsHXzCFPo1AwlwALum4TfWyYOnW3LEQVc4mhxYvL:JAoMAbHXeiYXqyxnkEIaxYj
                                                                                                                                                                                MD5:E031C97C587586B176498FFCFA1736B0
                                                                                                                                                                                SHA1:CF76750D3F5F264CEAA1DAE104E0901CECBB35C5
                                                                                                                                                                                SHA-256:2562D003CF42EEA5AFE2FABCE4B1D1D0243A5398BA1A260A09B5783BD0103F89
                                                                                                                                                                                SHA-512:C0A54BF23B0F11111A86218175EF15F730B0176BA2E83B609D54003CA60E5DA76415912A17BB0D2E2DD9805374264F9A6686CA15435020E8434C31B9A79FAD4E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ .......'..................................................................v..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                C:\Program Files\scoped_dir7268_1605161903\History

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 21, database pages 54, 1st free page 10, free pages 14, cookie 0x50, schema 4, UTF-8, version-valid-for 21
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):229376
                                                                                                                                                                                Entropy (8bit):0.8702785449902919
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:u0ATqjAfepy42PWoo/oftTBBE3utC7UqrDvQoJMAa:rATq8feA42PWoo/oftTBBjuUVAa
                                                                                                                                                                                MD5:E782D8B6164B8CF64500A01B85E5FD38
                                                                                                                                                                                SHA1:C9D4CEAAE1A4FA6E8E74281520262B9ABCA02E18
                                                                                                                                                                                SHA-256:E42275C994991D8927C6FAAF7F38E394FFC080CAB5AE61136343DA5686C9B99F
                                                                                                                                                                                SHA-512:1C0D174F9CF3B0AC3331013C7E9E45B5646BECF11617E635E20370E4C9289D529CE922DF9719BC3354D0B78DD2AB990AC9DE81908E5D8F799386CF3936DE340A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ .......6...........P......................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\LocalLow\Intel\ShaderCache\d8c6ae4c33664fdd6a6a6fd7a4b90579babd05307e64a853668c87454a58f5e8

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45876
                                                                                                                                                                                Entropy (8bit):7.92337287822355
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:bIUvx/uYmY7knTCD4CHp7nl2hwm1iAqqr1zR4R+xSr4XoI60BCCdAIhj:bRmYmY7knGMsR2w3IRKMSr4l6DC26j
                                                                                                                                                                                MD5:BC5214330592641990E660BB2690B74E
                                                                                                                                                                                SHA1:C15195DFB6249EC7079FEA8C7570F1EDDC3D4BD5
                                                                                                                                                                                SHA-256:7A30EA366EF38D7F183A3B44B7783F79631C81151823F6063BB46C0A147692EB
                                                                                                                                                                                SHA-512:6608107E2781F315074D8F709595C65D3720711598688FDC5BA00DE19C3D38104D2953FEDCC5724238A1CF809F903B38FB1004A17A50F8BFB5EEC1153F60281D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:INSC.>.....Mar222021151921.J...P..i$;..?f.....1|..6...Wo....D~..j......................=I..p.Ex..=KC1..O"M....?PR..`._."..E.A......"~.Z/........vu......kNN...Q...O.......=...81...y.-.M..{?...........6...5.....30;m>.........@%.*.N......jn..8......"i....$|.M"............|...vW...U..f.s.U......PK\...u.......N..+y.`m....?...(nH..........3...0.y..P@.......Y....O]..$...`.2..X.)y~...9.u.x.$^.... ..;.*..........%a`......O.o..YfD.^;..[=).../...L.q.<....)....o.........(................6..pHLY&x...k.U....I7Y..../...Y..EW..".."....%aC.eE.4..m..=h.#.C)..T...%U..[..!...............ZQ.n.....{.....G..z...._.o'......o.....G.{..[.1.G.6..j.R.]..2EK.......T.."I.......R....B.m...:..%.2.$.B.u7.........t{Y.....n..)........Iq.vZ..b...<...^.o.k.m..w.....G..-O].......W........M/C.m.g..uckkL..._f.Y.....(.#..x.<.....O^..y....j.f..i....F....`J...~......./....../.2._.R.K=!*.K=.zKTF.V.9QyF..~..p......n.=:...5d...v...e.q0nY>...G.....{.rz...guy..ie...

                                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                Entropy (8bit):3.254162526001658
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:FkXzcrK4sGe:+zcxne
                                                                                                                                                                                MD5:1FFC8D842569A9307FC85E7587770C05
                                                                                                                                                                                SHA1:E4A8E698E8A20F3BC0AE027C7DE553C0691C66F4
                                                                                                                                                                                SHA-256:448E44A1487C1EFA839B3DE46C71EB52D6B163E01274A9F8482E056B3AC9E1CC
                                                                                                                                                                                SHA-512:3F0261C27609BF5C87B325F4C2D18060D74D85C747ABAD9A24E3D6403B724B760E1E0BEE94EC93402D4C3AA0720000DFC9F96012F46E9923F83B01D1E63465B1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:sdPC....................{...UN..Fe\.c{

                                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\NotificationHelperMetrics\2692_13378957182192622.pma (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1136
                                                                                                                                                                                Entropy (8bit):4.193402025622679
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:bi4xPEMbMkb1s1DSVQrdYWoIU2lWMwHbaAgI6:bi2PXMM3WNW7b6I6
                                                                                                                                                                                MD5:8CF31B5ABF6F612933EB6E0FA0DF98AE
                                                                                                                                                                                SHA1:58365F82B5BD35A69941258DDC0A9F3D15EA6CEB
                                                                                                                                                                                SHA-256:32E4219E253D4BA5BE65E657EB1F205265640C2E105A6E90908A0A91CF0A81A6
                                                                                                                                                                                SHA-512:664BDE741CC197CCB35BEFFBD7341A8481FDC128F71105EAC44ECF046649797961443AE7E6A242554F4F34E3BE29C502C5B869B8C273BD8CA7AB87FCD761E04F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@....................@...............p...................p...0...i.y.........NotificationHelperMetrics...........i.y..Yd.x.......A.......e............,..........=[L....................=[L................UMA.PersistentAllocator.NotificationHelperMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.8.......A...................V..>......m.&Y@..................m.&Y@................UMA.PersistentAllocator.NotificationHelperMetrics.Errors........ ...i.y.[".........................i.y..Yd.........A.............................(%.+g..................(%.+g................Notifications.NotificationHelper.ComServerModuleStatus..0...i.y.[".........................................i.y..Yd.0.......A....... ...2................%[:.....................%[:....................Notifications.NotificationHelper.ServerRuntime......i.y.["......................................................... ...)...4...B...T...

                                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\NotificationHelperMetrics\29baf147-8eef-4acd-98cc-090e16e1c377.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1136
                                                                                                                                                                                Entropy (8bit):4.193402025622679
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:bi4xPEMbMkb1s1DSVQrdYWoIU2lWMwHbaAgI6:bi2PXMM3WNW7b6I6
                                                                                                                                                                                MD5:8CF31B5ABF6F612933EB6E0FA0DF98AE
                                                                                                                                                                                SHA1:58365F82B5BD35A69941258DDC0A9F3D15EA6CEB
                                                                                                                                                                                SHA-256:32E4219E253D4BA5BE65E657EB1F205265640C2E105A6E90908A0A91CF0A81A6
                                                                                                                                                                                SHA-512:664BDE741CC197CCB35BEFFBD7341A8481FDC128F71105EAC44ECF046649797961443AE7E6A242554F4F34E3BE29C502C5B869B8C273BD8CA7AB87FCD761E04F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@....................@...............p...................p...0...i.y.........NotificationHelperMetrics...........i.y..Yd.x.......A.......e............,..........=[L....................=[L................UMA.PersistentAllocator.NotificationHelperMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.8.......A...................V..>......m.&Y@..................m.&Y@................UMA.PersistentAllocator.NotificationHelperMetrics.Errors........ ...i.y.[".........................i.y..Yd.........A.............................(%.+g..................(%.+g................Notifications.NotificationHelper.ComServerModuleStatus..0...i.y.[".........................................i.y..Yd.0.......A....... ...2................%[:.....................%[:....................Notifications.NotificationHelper.ServerRuntime......i.y.["......................................................... ...)...4...B...T...

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\ONESTART.PACKED.7Z

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:7-zip archive data, version 0.4
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):100431188
                                                                                                                                                                                Entropy (8bit):7.999997985540364
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1572864:vJxL+aIcl5xwL22+KLpiyErNqc8bPUzoOk3aV1W+fSy2OR3Bybg/blWpY1/:hN+aIcDxwL22tMy//zUJk3arfSuR34gl
                                                                                                                                                                                MD5:DEA5890ADE3DD57F2718048029C3000C
                                                                                                                                                                                SHA1:5A59063D94A9CE2CB42B339BFA3D62AA1A914AE7
                                                                                                                                                                                SHA-256:8E7E4033FAE4B49B56E89D23F82188E908BE20ACB4EA87E444E75B089C6F74F6
                                                                                                                                                                                SHA-512:719014256BCA3B223A7C6C28E9C9184BCCD2223A627821B4B2B795056B5D357B0B10E4A61A446573837F8E0A26814B4579C696879F3CF15FE2405B183318B11A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7z..'....G...t.................^......8%D..s.D#..d...a.._-..9...B.....\..\..ScC>......Q../.......E..V.,.ma<[...E.?.Q.h .ee...8.~Y..A...jD.I. ..kL0C.......b.ZU...m..C...e.....t.A..A{......v...k.."+J2+.Jo....cXvf.z.:jn.'.;W.;.Yt|.0.}..?q.....^.sY3.x.#...S#.r.iO.,xW...?......7Ecz..ii.m9....BF..CzVx.bE.yl......\...8.o.. ......V.....)Ie.v.Q.....#..2...._].5~\...e..l/.....y.n?........}.\...Q.@..OW.w.....4...=:.Mw..........F..W..n^....[../$..5.zY.....Z./....V..x..J...%3/.._..L...=B..W....m-/..M..........(P~.p.}.C[Fg..O:...>{YHnK.#.Z...*.fY.N|oG5.Qi......7c5X!;)!.#m.{....`..A...ykL....Mu.....2Xo=.F..E.D........./.x}.<..$9.....x.-.n..-..)C.^....EbP.C..#0..n.e6..p..'O...b^;......0.A..J.n.1z.O...)_f.j{.<;......9>W.]P...DYe0.|.,..L.....>.&v...9T..aE.S..j.p...q...#s...m.[<@..!9...o.A....i...c.[..Q...$..9..e...e..Y.1.".to..7../.?.!......K.U.=~.n.......fH|....!.....,..o.k.o...Z...Z.....z ....B....E..c...l....@...{.m)U`..|.x.)!L....8o.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\SETUP.EX_

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 2150199 bytes, 1 file, at 0x2c "setup.exe", number 1, 151 datablocks, 0x1 compression
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2150199
                                                                                                                                                                                Entropy (8bit):7.998448042625016
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:49152:M8kRd2gqK6ooNA2CzMxn8rtBC3D6Nnp8jOV6TTW19X0SUud1as:AD+Kg37gtBDNnp86D19Zzdp
                                                                                                                                                                                MD5:116D9EED8FEA4CF1F2D10FECE0F0938A
                                                                                                                                                                                SHA1:3489E0D619804C4DB91FB84FEC57A07C2CBDA2AB
                                                                                                                                                                                SHA-256:49CBB3296BD12D6701E1D26B80A6C7DC6720751E145A88DB1F1DBA35ACAFEB70
                                                                                                                                                                                SHA-512:4AD1C3FE4FCEEAB0118AF72F5D7D19123D3EF850E2909B4827E6BA46DD3B3B33E249AE5761A4121D4DB84B296E8D16077BC79744688524321300B04A51899E7A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MSCF....7. .....,...................F.......@.K........YFm..setup.exe.........CK.].P.W....N..7...<n..vn..r...H..d.6;F..Lr&.(.R.i...]y...a...*u{U..J.e..vS[.;.pS.. ...5:...'.]...#2...^..bP.........=.}....}...u?.?..Y.cV....n...[...R..{.?.....P...GU............./x..^.s............+..~X..f.w.}.....\.Z.(..~...."...0v...s.].Mc,.......|,.5./`.......p,dU.....{)...`yYT.b..g...e..[S.0...{....b=...C.3..6.W.zC-...&W.D.O.....{^u.......m..1.2.Oy,.:.7O^.n.....].......U........t....l......{.{.p.u.k.*...1..F.....h.....-...g.uB......R=.E.....nsAq....9Tp.h.....Y..,,`..P..u.c......3.$............TV.V....q]k.=.k.W!/8.n......c.c.56...OD_..%...q.+U.O....jci.....j\.U.L.V..n{..n.....,..gi..i._..%^......>b...uUi..jq6.q.w..w..s......5.....6..6=..:...#+.S.....K.uS.C....$..{lyr!.I.g...@.............M....}.i...h.L..-"......c%...u.Q?(.\{...z.7......G..:|.G.X/..%...q.0...F..@.B.h.....IR\.K?..7..;.c.5t.>xw.~.2n{.-.......C.......zvG..0H..."...w...l..*;5.{?......p.+

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4918336
                                                                                                                                                                                Entropy (8bit):6.566405491610466
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:49152:JGpKFjdXeTn5M4O70U0MLc4WD7t4bFo1sFSqf1uTikGcZdDJzyqYvoXOYI7sFz1f:voUdc4WDp4q1US81uO8C7O10C
                                                                                                                                                                                MD5:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                SHA1:9D5258311F06A5FDA36107E435733DFD30973C0B
                                                                                                                                                                                SHA-256:882FA58642A270884BD432F4788C6DA583F42FE185AFD083746E2F4FDECB9AAC
                                                                                                                                                                                SHA-512:E0C23D30AB021EDAE4741F38E7EB05B5901753644EC83D4AA23AA5253D93007F51BFFB5D4609987E0BA6C5EF51B54066F2F1B0CFBC4EB8FBEFD38BA1BABFE2A2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f..........".......:...........'........@.............................PL.....(.K...`.........................................s%B.l....%B...... G.p.....E..Q....J.@(... L.t+....B.......................B.(...P';.@...........P6B......$B.@....................text.....:.......:................. ..`.rdata..|.....;.......;.............@..@.data........0C.......C.............@....pdata...Q....E..R....D.............@..@.gxfg...P4...`F..6...fE.............@..@.retplne......F.......E..................rodata.......F.......E............. ..`.tls....E.....F.......E.............@...CPADinfo8.....F.......E.............@...LZMADEC.......F.......E............. ..`_RDATA........G.......E.............@..@malloc_h......G.......E............. ..`.rsrc...p.... G.......E.............@..@.reloc..t+... L..,....J.............@..B........................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):103834688
                                                                                                                                                                                Entropy (8bit):7.999200202442297
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3145728:qBN+aIcDxwL22tMy//zUJk3arfSuR34g/blWi1A:ghxoPz36fSng/blWAA
                                                                                                                                                                                MD5:1D599092628613F06912EC455CA61F96
                                                                                                                                                                                SHA1:9DFCD7BC88F597F199E336F262E52195EE2514E4
                                                                                                                                                                                SHA-256:FDB0CAAAE3AEF5B7DB2F8AE96424AD0C2A3FAA5FE7DC4DB35A5A85BB6935EB5D
                                                                                                                                                                                SHA-512:DEAECA59EE40E280D49290283B6E8220B47554F9D9C904E7E238DC7BC4EBE8FB13833A11291E9AC10C32B8E471F1C370A993FF8E926D17B9FB05BF8443FE277B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f.........."...........!......n.........@.............................@1.......0...`.........................................h...W................Q.......l...<0.@(... 1.P..............................(.......@............................................text...v........................... ..`.rdata.............................@..@.data....p...p.......T..............@....pdata...l.......n...6..............@..@.gxfg....,...`......................@..@.retplne.................................tls....2...........................@..._RDATA..............................@..@.rsrc....Q.......R..................@..@.reloc..P.... 1......*0.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.part

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):103834688
                                                                                                                                                                                Entropy (8bit):7.999200202442297
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:3145728:qBN+aIcDxwL22tMy//zUJk3arfSuR34g/blWi1A:ghxoPz36fSng/blWAA
                                                                                                                                                                                MD5:1D599092628613F06912EC455CA61F96
                                                                                                                                                                                SHA1:9DFCD7BC88F597F199E336F262E52195EE2514E4
                                                                                                                                                                                SHA-256:FDB0CAAAE3AEF5B7DB2F8AE96424AD0C2A3FAA5FE7DC4DB35A5A85BB6935EB5D
                                                                                                                                                                                SHA-512:DEAECA59EE40E280D49290283B6E8220B47554F9D9C904E7E238DC7BC4EBE8FB13833A11291E9AC10C32B8E471F1C370A993FF8E926D17B9FB05BF8443FE277B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f.........."...........!......n.........@.............................@1.......0...`.........................................h...W................Q.......l...<0.@(... 1.P..............................(.......@............................................text...v........................... ..`.rdata.............................@..@.data....p...p.......T..............@....pdata...l.......n...6..............@..@.gxfg....,...`......................@..@.retplne.................................tls....2...........................@..._RDATA..............................@..@.rsrc....Q.......R..................@..@.reloc..P.... 1......*0.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\OneStart.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):865
                                                                                                                                                                                Entropy (8bit):5.466907650952622
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:YREkzZTE9+VOYbYD9T1D0jal/nbF5W76S:Y7Za+eDzD0sxiB
                                                                                                                                                                                MD5:52FE816630B92A0413A34BDD5B0D0B76
                                                                                                                                                                                SHA1:A1223B30B9711F9C34F9B83C53A4D92CED8FE075
                                                                                                                                                                                SHA-256:50042A13B87FE9E538E163DD7C6AE25E9B4322E8561478D0DDBA84F53A574E7D
                                                                                                                                                                                SHA-512:60CBC2E73AD73249112FA014A98402ACB6984C5C308EDE8E4F7D0D52F1650BD52321455342DFD2B6BA93542C1C1F57CD71BEA595F36B07CAE69A263E3C6A670D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"ai":"15","bb_mode":"0","cid":"","cpa":"qQukKWvzqWFSqpfHKwFzeVfdKVv1qVfYDIvADsFHKOuTDpvkDNuHDIuSDHunepuYDOfz6Zf0DpFkDjuGD9vAgrF1DI8zKxvTDWfhDOvAqQvbDsF0qVFnD9fkqmfHKWuae1ukepfdqVFbDNvGKruTqNF0qmvnKpvdDZuAK1uaqpu0DWFA2sFaDjfaKIv0KZvS2mfaejfzgWuTDOvheNF0qVvAesvbKxfYq1fMDsF1qpfkKsuae9vTqWfzK1FYqNvkDpvAKmuMKOu1eNvhKOFS2rF1DjFUKpubKVuA2pFkKOFSqzvSe9vTDjf0exF1DBFkeVFbDNvGeBvTDOvSKpuADxvzDIudKpubKVvaejuTKsFG2mFkDmFkDIuSDwv0gBuGDpvkKNuMeBvTDIfTejFMDHFRemfkDxvUejuADpFkepFrDpFheBFbqZfhqmfwqzvSqmfSKWCSD9FSDRfYqVfdeV8hDZubKHfUDZuAe9vAKWFYqzFUDsFaemFnDjudeQvSDZvMKmfUDNFbeHfYeBF0eVfdqOvbemfnDRCUDBFYK9FTe9fnej8bDxfYKIv0eQvSDxfMeWfADQFaeNF1DxurqZ","date":"1734483550","db_mode":"1","fhkey":"","iid":"19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e","init_background":"1","init_startup":"1","min_wake":"96","p_index":"2","uac":"","uac_attempt":"","uac_last":"","wake":"24","wciid":""}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\updates.dat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Generic INItialization configuration [OneStart]
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1004
                                                                                                                                                                                Entropy (8bit):5.282811382938802
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:1V+K8ruyxmPeyxmQhfQY6ETKYMM9iKsMgIY+KT2WUWEIVheuyygkOXBvh651kOXA:1VWaPeQZ6ETdgN2WrhVngNJh6/NA
                                                                                                                                                                                MD5:838717AF68D8F22A25689B3B806FA46D
                                                                                                                                                                                SHA1:51C0E65924B4BA390909CA93F9B7F095C1AB250A
                                                                                                                                                                                SHA-256:0D900A020C1E29FFD70E1D00FB887C716634CF29D97D1313CD948E8AD6410C63
                                                                                                                                                                                SHA-512:7A06E5BDABE4B86C930DDF0FBB2C2A193B9C64E1E52FFB755FB40A7CA6D6E9BD947487D014D5003509A97A29A1D11A41167BAAA680825FDA8C7AC826B064722B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:;aiu;......[Update]...Name = OneStart Software...ProductVersion = 10.116.180.0...URL = https://resources.onestart.ai/OneStartSetup-v10.116.180.0.msi...URL1 = https://resources.onestart.ai/OneStartSetup-v10.116.180.0.msi...Size = 90251776...MD5 = a6bcc328c50138792caf8c546081b750...CommandLine = /qn...ServerFileName = OneStartSetup-v10.116.180.0.msi...Flags = SilentInstall...RegistryKey = HKCU\SOFTWARE\OneStart.ai\OneStart Software\Version...Version = 10.116.180.0...UpdatedApplications = OneStart Software(1.0-1.1.102.18136]......[OneStart]...Name = OneStart...ProductVersion = 128.0.6613.125...URL = https://resources.onestart.ai/onestart_installer_128.0.6613.125.exe...Size = 100703296...MD5 = 6e916c44a4b1da39536ee07f1b4b234b...CommandLine = /qn...ServerFileName = onestart_installer_128.0.6613.125.exe...Flags = SilentInstall...RegistryKey = HKUD\Software\OneStart.ai\OneStart Software\Version...Version = 128.0.6613.125...UpdatedApplications = OneStart[125.0.6422.142];OneStart[126.0.6478.128

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\130.0.6723.134\Installer\onestart.7z (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:7-zip archive data, version 0.4
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):356276085
                                                                                                                                                                                Entropy (8bit):6.918198460533539
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3145728:Bbt3V/71/nGoes+ManVo02b2yiGhHAARWPvdZ:Bbt3d75nGq+YIN
                                                                                                                                                                                MD5:E7C6CFA0744134E939CDEF6A9B409BD6
                                                                                                                                                                                SHA1:5C05B4BD136A38B3903773EF9DD8D011C3B9AD97
                                                                                                                                                                                SHA-256:5C70C82651CB90F20C181242B3E7E1ACA2CE7D25D5AB964D47844CFD8C94D9A0
                                                                                                                                                                                SHA-512:798EA48BCB26656FB712F577DA1B1BE035A6F72A12F189865A60CEE63CC83FF51475264300B0E3F10DC33CCBAB1E650FEF237865881C7EBC4902120BCD69A8F6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7z..'...E..$/W<.....&.........&G<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='130.0.6723.134'.. version='130.0.6723.134'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f.........." ......C.........0Sk.......................................|.....y.Y...`A.........................................................._......0....]...X.@(....c.....`...8...................px..(...@.C.@...........@................................text.....C.......C................. ..`.rdata........C.......C.............@..@.data........`.......L..............@....pdata....]..0....].................@..@.gxfg....C....^..D....;.............@..@.retplne.....0_.......;..................rodata......@_.......;............. ..`.tls.........`_.......;.............@...CPADinfo8....p_.......;.............

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\SetupMetrics\5108_13378957182897973.pma (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):3.4385863420423908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:1B7CDDDFB06152AE01F12D9F253237D6
                                                                                                                                                                                SHA1:1EF358781A086A0727F4FA95CD53510EB328BC52
                                                                                                                                                                                SHA-256:FD668D6EDCF6B6CC176EDD9BF7B0D7F1881FE2F0D94EBAE656127C27A359550E
                                                                                                                                                                                SHA-512:4705C93B233BE92DD2D04649D404B538BC76607BBE655D5E35A739653AC1AF776ECDD12EC1CBF81476070EC5BAE633F891817155014730A06939EFB21BD132EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@....................@...............X...`...............`... ...i.y.........SetupMetrics........i.y..Yd.0.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e.......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\SetupMetrics\ffefb9c6-0836-4fe5-8e3c-7db14967ead7.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):3.4385863420423908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:1B7CDDDFB06152AE01F12D9F253237D6
                                                                                                                                                                                SHA1:1EF358781A086A0727F4FA95CD53510EB328BC52
                                                                                                                                                                                SHA-256:FD668D6EDCF6B6CC176EDD9BF7B0D7F1881FE2F0D94EBAE656127C27A359550E
                                                                                                                                                                                SHA-512:4705C93B233BE92DD2D04649D404B538BC76607BBE655D5E35A739653AC1AF776ECDD12EC1CBF81476070EC5BAE633F891817155014730A06939EFB21BD132EA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@....................@...............X...`...............`... ...i.y.........SetupMetrics........i.y..Yd.0.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e.......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4918336
                                                                                                                                                                                Entropy (8bit):6.566405491610466
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                SHA1:9D5258311F06A5FDA36107E435733DFD30973C0B
                                                                                                                                                                                SHA-256:882FA58642A270884BD432F4788C6DA583F42FE185AFD083746E2F4FDECB9AAC
                                                                                                                                                                                SHA-512:E0C23D30AB021EDAE4741F38E7EB05B5901753644EC83D4AA23AA5253D93007F51BFFB5D4609987E0BA6C5EF51B54066F2F1B0CFBC4EB8FBEFD38BA1BABFE2A2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f..........".......:...........'........@.............................PL.....(.K...`.........................................s%B.l....%B...... G.p.....E..Q....J.@(... L.t+....B.......................B.(...P';.@...........P6B......$B.@....................text.....:.......:................. ..`.rdata..|.....;.......;.............@..@.data........0C.......C.............@....pdata...Q....E..R....D.............@..@.gxfg...P4...`F..6...fE.............@..@.retplne......F.......E..................rodata.......F.......E............. ..`.tls....E.....F.......E.............@...CPADinfo8.....F.......E.............@...LZMADEC.......F.......E............. ..`_RDATA........G.......E.............@..@malloc_h......G.......E............. ..`.rsrc...p.... G.......E.............@..@.reloc..t+... L..,....J.............@..B........................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\master_preferences

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):159
                                                                                                                                                                                Entropy (8bit):4.286966456484247
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:746E45D4BE2D95012AFF9A0716E811F6
                                                                                                                                                                                SHA1:3AF1BEF7086D7512F800084FC7C95FE994C6A459
                                                                                                                                                                                SHA-256:5269F6E042E298253D298CBE4A10EFECE8276BF8058A679DD81A9FA6FE91C060
                                                                                                                                                                                SHA-512:33A491D07D6360655D2DF4191458CBB57E6FEF8C583B7B049EC016CA43E5436711DCEEFDAF10335A90DF5FE1C7328A51530BCC87FD1268352B385532D11C2412
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"distribution":{"import_bookmarks":"true","import_history":"true","verbose_logging":"true","log_file":"onestartsetup.log"},"session":{"restore_on_startup":1}}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134\130.0.6723.134.manifest

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):228
                                                                                                                                                                                Entropy (8bit):4.927404756013095
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:74FDC169A52ECB1E99AA9723F382D51D
                                                                                                                                                                                SHA1:9434DAF455A278F3FA7B50E968D2AF477C7B18B2
                                                                                                                                                                                SHA-256:69E5814DDD288374E83BA2EF7DC85CCA106CE3AA5A1D87B10C23616AFF940C8F
                                                                                                                                                                                SHA-512:9843B9BF53712FF23BB65CFF0156283FC87C4E15AF3CCA6810EAE31ED50F5EB39205CC53929243E87D2C0D1B8C61A5868648FA090A31D74153F7D730AA05CE09
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='130.0.6723.134'.. version='130.0.6723.134'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart-bin\130.0.6723.134\chrome.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):240705600
                                                                                                                                                                                Entropy (8bit):6.71353073494746
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:698C4FCE06F97A57CDE2A407F5FA324B
                                                                                                                                                                                SHA1:B7E760C5DC8BDB3A1658145020C319CA828A2F37
                                                                                                                                                                                SHA-256:1711C8729B85C5070D63D3122253A86B7740FE3283187B3DA037DF155D31F918
                                                                                                                                                                                SHA-512:E89C42852214C85B260E82EFCAA25FB96570BF21CE7AB96AEB1283B9A9A1A2FD660B4B31D262069B0C5C7A37666532D5DE8394917DB9B4CE946E82CC1BDCA91F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f.........." ......C.........0Sk.......................................|.....y.Y...`A.........................................................._......0....]...X.@(....c.....`...8...................px..(...@.C.@...........@................................text.....C.......C................. ..`.rdata........C.......C.............@..@.data........`.......L..............@....pdata....]..0....].................@..@.gxfg....C....^..D....;.............@..@.retplne.....0_.......;..................rodata......@_.......;............. ..`.tls.........`_.......;.............@...CPADinfo8....p_.......;.............@...LZMADEC......._.......;............. ..`_RDATA........_.......<.............@..@malloc_h......_.......<............. ..`prot.........._.......<.............@..@.rsrc........._.. ....<.............@..@.reloc........c.......@.............@..B................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source7464_891043544\onestart.7z

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:7-zip archive data, version 0.4
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):356276085
                                                                                                                                                                                Entropy (8bit):6.918198460533539
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E7C6CFA0744134E939CDEF6A9B409BD6
                                                                                                                                                                                SHA1:5C05B4BD136A38B3903773EF9DD8D011C3B9AD97
                                                                                                                                                                                SHA-256:5C70C82651CB90F20C181242B3E7E1ACA2CE7D25D5AB964D47844CFD8C94D9A0
                                                                                                                                                                                SHA-512:798EA48BCB26656FB712F577DA1B1BE035A6F72A12F189865A60CEE63CC83FF51475264300B0E3F10DC33CCBAB1E650FEF237865881C7EBC4902120BCD69A8F6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7z..'...E..$/W<.....&.........&G<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='130.0.6723.134'.. version='130.0.6723.134'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2~.f.........." ......C.........0Sk.......................................|.....y.Y...`A.........................................................._......0....]...X.@(....c.....`...8...................px..(...@.C.@...........@................................text.....C.......C................. ..`.rdata........C.......C.............@..@.data........`.......L..............@....pdata....]..0....].................@..@.gxfg....C....^..D....;.............@..@.retplne.....0_.......;..................rodata......@_.......;............. ..`.tls.........`_.......;.............@...CPADinfo8....p_.......;.............

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\Update\transfer.dat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:15

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\1a72d51c-9340-438a-8f2a-7381f9924aa7.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1219
                                                                                                                                                                                Entropy (8bit):5.630912088315415
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:08D8B25E97E5CC908D48759A228DEBD4
                                                                                                                                                                                SHA1:2F4F6B610ACB6008DCBD27087125A7B22C62CCD8
                                                                                                                                                                                SHA-256:B5443EF334F0D5D2A51450A13B20E50BDBE410306517D7DD38914727102B2A87
                                                                                                                                                                                SHA-512:E6E3BAC46813C66C552E997CEE902F2CAD0B0036260EA75FC1F15E63F86102EFE55533A925AAB93280ED80F16C6CD8253A9FFB1E281080A4AA9A8DB15C8A0A90
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"privacy_budget":{"meta_experiment_activation_salt":0.6330742157159411},"profile":{"info_cache":{},"profile_counts_reported":"13378957184448329","profiles_order":[]},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\2ea42bc3-149f-4dc3-a48d-4d229f3a0871.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3822
                                                                                                                                                                                Entropy (8bit):5.38696419434653
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C32BBC9FBA614D517A1D18A48E562D1F
                                                                                                                                                                                SHA1:960A6C71059BD4B914B5C83A0772D6F3BCD867D1
                                                                                                                                                                                SHA-256:5F904D4818518E976100504590DA55DBF1E32147A9ED6120F3BDD23DE3536545
                                                                                                                                                                                SHA-512:22408B3605FD1EDFB6F9E18BC835A7DA9B597A989B8F7C7577DF20389523001FA592DF7FD8F1E1169CD0CE9F629C946D9939CB8F94C160E2E7F72CE828A5D696
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"accessibility":{"captions":{"soda_registered_language_packs":["en-US"]}},"autofill":{"ablation_seed":"RW6H+ZHaGY4="},"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13378957184660008"},"browser":{"first_run_finished":true,"shortcut_migration_version":"130.0.6723.134"},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAE

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\5f099737-95f2-4db0-89ae-e5cf347f66d4.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3710
                                                                                                                                                                                Entropy (8bit):5.374232844090651
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:20FA8A7232665E9513D74DE976E2F806
                                                                                                                                                                                SHA1:5EC3E68312631C2485B27013ED746EEB67B960FC
                                                                                                                                                                                SHA-256:E9C42DA1F7975A569577F58CFA36AD23D7ABA0BD4FEC750C6E822A8A2AE2741D
                                                                                                                                                                                SHA-512:FBB0D05D5C8A8443BABE3F00014A3877407CA6FEC50940B7E26C419F3357D26E6C955432065307983871B94B699A639807C611E7460ABA91AFDF0CC07EE12CC9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"accessibility":{"captions":{"soda_registered_language_packs":["en-US"]}},"autofill":{"ablation_seed":"RW6H+ZHaGY4="},"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13378957184660008"},"browser":{"first_run_finished":true,"shortcut_migration_version":"130.0.6723.134"},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAE

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\BrowserMetrics\BrowserMetrics-67621E80-830.pma

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                Entropy (8bit):0.5248916682165616
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:AB70274CE2091F5F22A7C0175CA934C2
                                                                                                                                                                                SHA1:8B6339373DA02EF440B2AF63A67FA93862480A51
                                                                                                                                                                                SHA-256:F913AAAEAA09F0E30F8BE0237837F6CC4ACE9280B28FAE2D0F9AEB40031D416A
                                                                                                                                                                                SHA-512:641C74ED464A8C4A9561BAE8C043DF0DCCBA6F86166BABA58B609C03127A34F2E9FDC9332A650A19236FE1623377239FE3154296994C3AE455AA6991021AB7DF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@..@...@.....C.].....@...............p..................`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3...............130.0.6723.134-64-devel".en-US*...Windows NT..10.0.1904224..x86_64..|.......".To Be Filled By O.E.M....x86_64J..m#:^...YP....................<..~.S...{...8..4...#...SyntheticHeapProfilingConfiguration.....Default..<..8...(...SyntheticOptimizationGuideRemoteFetching....Disabled.@..<...+...SyntheticModelEx

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\BrowserMetrics\BrowserMetrics-67621E84-1F64.pma

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                Entropy (8bit):0.005655678470455652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A26782E6286229F35179E9113CA1E96B
                                                                                                                                                                                SHA1:21777022ACDBCE681AE67593735752EE9B190402
                                                                                                                                                                                SHA-256:511B8601565846AE7CC570CEE978C6308F74CA15C9269C1A1377D8526E97AECE
                                                                                                                                                                                SHA-512:6D1877B40A4A354E9A9F35A1454D2D0EE83E829AE0E7F2F1B9C348A165B791D752A65928E0400DAEFFD043F4A9FB90C77FF2DA3072149F882BC2394701C9A3AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\BrowserMetrics\BrowserMetrics-67621E8C-D80.pma

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                Entropy (8bit):0.005655678470455652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A26782E6286229F35179E9113CA1E96B
                                                                                                                                                                                SHA1:21777022ACDBCE681AE67593735752EE9B190402
                                                                                                                                                                                SHA-256:511B8601565846AE7CC570CEE978C6308F74CA15C9269C1A1377D8526E97AECE
                                                                                                                                                                                SHA-512:6D1877B40A4A354E9A9F35A1454D2D0EE83E829AE0E7F2F1B9C348A165B791D752A65928E0400DAEFFD043F4A9FB90C77FF2DA3072149F882BC2394701C9A3AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad\settings.dat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                Entropy (8bit):3.3041625260016576
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:96C2A60BC86A3BF4B44B157D3578F124
                                                                                                                                                                                SHA1:99F5EAD07FBD5D716821E58776681C31636C22E0
                                                                                                                                                                                SHA-256:014741659E5C26353F422AD66F9979E8F891A369BC912796053F1D4A628419E1
                                                                                                                                                                                SHA-512:00E994660E5A15431C5292865AE761388E6F0D133EAFAA61CCE4543EF7AA76A03E1AA1BDE0B6D8E66006322CB74E8C4C409ACE7E033045B0EA1E3280D507198E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:sdPC......................r..w.J.S..K..*

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\24304732-6842-42c7-9952-ba74b2894bee.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\3e5b2d64-e7f4-48cc-90c5-7bff762a9d37.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1475
                                                                                                                                                                                Entropy (8bit):4.370162913410539
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3F1363F1DA8EC9F490A6DBBEE39A4018
                                                                                                                                                                                SHA1:A51E2EAD51CE729F9C9B127A489B1BA5796F6798
                                                                                                                                                                                SHA-256:CEE16142C414FD8E8ED26624855AB06CC41244CFEC4DCE0B49ECE5E169F20758
                                                                                                                                                                                SHA-512:03AC1EA4FFA58AFD6CF13FBA4E35B6833426B8112F21625CBE3175D5B69A399EC7D9BE136FBF9013B26E755AE24E293FA814E6BE9FCDFCE594DD132E4C2E31C0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "checksum": "c4a2f0eb689f2a37f44d796728dd3a59",.. "roots": {.. "bookmark_bar": {.. "children": [ ],.. "date_added": "13378957185455016",.. "date_last_used": "0",.. "date_modified": "0",.. "guid": "0bc5d13f-2cba-5d74-951f-3f233fe6c908",.. "id": "1",.. "name": "Bookmarks bar",.. "type": "folder".. },.. "other": {.. "children": [ {.. "date_added": "13378957185566388",.. "date_last_used": "0",.. "guid": "f4a36f3a-a019-4d07-afaf-9f30247a48db",.. "id": "5",.. "meta_info": {.. "power_bookmark_meta": "".. },.. "name": "New Tab Search",.. "type": "url",.. "url": "https://onestart.ai/chr/newtab?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e".. } ],.. "date_added": "13378957185455021",.. "date_last_used": "0",.. "date_modified": "13378957185566388",.. "guid"

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\4a82024b-71f0-4efc-a9f5-dd7c77e0629f.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10563
                                                                                                                                                                                Entropy (8bit):5.54145484416455
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:39DADFDDB43DB4BCBF567CDD20D3E6B8
                                                                                                                                                                                SHA1:D47863C1D476F71C08513FCFE0860A5BADD647F0
                                                                                                                                                                                SHA-256:681B3BE8883F7E1E31BBFBBF907510B3BF57C6D3A0EB7F0784ABA98FE8775488
                                                                                                                                                                                SHA-512:51F192BAA48A26E55AE7DB72526AF57F4A478C388FFBE65E83221C7363815BA4F26219E1BF5535A66B388568124133A54A31CB173F03E0E427DD9574DC01D794
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&q={searchTerms}"],"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13378957188869968","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13378957188869968","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"","starter_pack_id":0,

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\51795a16-c3a1-456e-b320-e95a44984951.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\686e0308-c133-49b5-9be8-6bfe7a26f6b5.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                Entropy (8bit):4.023471592049354
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3433CCF3E03FC35B634CD0627833B0AD
                                                                                                                                                                                SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
                                                                                                                                                                                SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
                                                                                                                                                                                SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\7c1f021c-ff00-4030-9e97-2a14efbec0de.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6213
                                                                                                                                                                                Entropy (8bit):5.514923288115419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2A760FBDF857372F869A144B347FDDE9
                                                                                                                                                                                SHA1:44F2F5360AA4E843BCB2FEE4B50C7CF796F15CA8
                                                                                                                                                                                SHA-256:34DAE33950C6AD4B7957E9D2EDBCF7EA797EC966FE17230962ECB0188D75DADE
                                                                                                                                                                                SHA-512:C4B5814CB8B79D3AD196FD647361F50317DDD7D5DAEA8A2611FBE7F32833767A5C4E2883A173BBDB0710AE8927E2A2E6CCA50FB47EC8A0AF0649075B52369C1A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&q={searchTerms}"],"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13378957188869968","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13378957188869968","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"","starter_pack_id":0,

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\93682210-1de4-4284-be5f-62e6fd988965.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10226
                                                                                                                                                                                Entropy (8bit):5.199359839600307
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:433A4FE9F0773F8FB165B4471F667FB8
                                                                                                                                                                                SHA1:0C47D1FFF4C5C2D874FF25B85C9365A84EAFE344
                                                                                                                                                                                SHA-256:1B64BBB437849572D5C8E396601C7F1642965FB361B06AFB613A6CDD0507B98A
                                                                                                                                                                                SHA-512:19AC66727623DEBC7866F092C261011AC0469414396C0B90955F9AC8B3445623D427CE3864C27473B3B418BB2CE47434C99CAF26B5AAEA9AB945DD153F3B2BF9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"NewTabPage":{"PrevNavigationTime":"13378957189421197"},"accessibility":{"captions":{"live_caption_language":"en-US"}},"account_tracker_service_last_update":"13378957186555570","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13378957185497911","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":130},"autofill":{"last_version_deduped":130},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":true,"right":955,"top":10,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc","synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13378957186555976"},"enterprise_profile_guid":"863db26f-9ba5-4d79-bd28-29fdce159e16","extensions":{"alerts":{"initialized":

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Affiliation Database

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 5, database pages 13, cookie 0x8, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53248
                                                                                                                                                                                Entropy (8bit):0.39884443610815373
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C94F7E7ABFC9942BAE7098B53DEF6FEE
                                                                                                                                                                                SHA1:6D794AA9208322C25E8530F8CC19749BD21204E6
                                                                                                                                                                                SHA-256:20FB68D08674A2FA9FCB64A6CC6B299EF0112429EA96BEE5D48D883C0A7AEC2F
                                                                                                                                                                                SHA-512:413B32B89063541E92FBF42529D22EE6C0ACD03B365C7AC94916E1B5AF13AE121D6D6FC0478D4E44D8B8BC831310DEE3399B2B539A8F1409A19CC9E1CFF0C714
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g.....e...$.y.........H....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Bookmarks (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1475
                                                                                                                                                                                Entropy (8bit):4.370162913410539
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3F1363F1DA8EC9F490A6DBBEE39A4018
                                                                                                                                                                                SHA1:A51E2EAD51CE729F9C9B127A489B1BA5796F6798
                                                                                                                                                                                SHA-256:CEE16142C414FD8E8ED26624855AB06CC41244CFEC4DCE0B49ECE5E169F20758
                                                                                                                                                                                SHA-512:03AC1EA4FFA58AFD6CF13FBA4E35B6833426B8112F21625CBE3175D5B69A399EC7D9BE136FBF9013B26E755AE24E293FA814E6BE9FCDFCE594DD132E4C2E31C0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "checksum": "c4a2f0eb689f2a37f44d796728dd3a59",.. "roots": {.. "bookmark_bar": {.. "children": [ ],.. "date_added": "13378957185455016",.. "date_last_used": "0",.. "date_modified": "0",.. "guid": "0bc5d13f-2cba-5d74-951f-3f233fe6c908",.. "id": "1",.. "name": "Bookmarks bar",.. "type": "folder".. },.. "other": {.. "children": [ {.. "date_added": "13378957185566388",.. "date_last_used": "0",.. "guid": "f4a36f3a-a019-4d07-afaf-9f30247a48db",.. "id": "5",.. "meta_info": {.. "power_bookmark_meta": "".. },.. "name": "New Tab Search",.. "type": "url",.. "url": "https://onestart.ai/chr/newtab?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e".. } ],.. "date_added": "13378957185455021",.. "date_last_used": "0",.. "date_modified": "13378957185566388",.. "guid"

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\BrowsingTopicsSiteData

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                Entropy (8bit):0.43777770140811567
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C2680B82D7A08A6421FA01F1BEAE4EAA
                                                                                                                                                                                SHA1:917CC6212FC90A3E922973E11218D73F10A5AAC3
                                                                                                                                                                                SHA-256:06AB381E06178F2A0062DB9B1D069ADF065C4FF00232426B8D70FA3AD7703A76
                                                                                                                                                                                SHA-512:A94BF1000F16F8699DEF86016BB7BA437D56EDDAA2BC816DDC8690B11F89383C767F6DA8B1CEF23D2CE0DD120FF8998E04ACEF1A6FBCEE55F68BD65594ECCB50
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\BrowsingTopicsState (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):414
                                                                                                                                                                                Entropy (8bit):5.066562499504783
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE909613FA719DF5168845038BF17E1D
                                                                                                                                                                                SHA1:A662B146A2BEC6643BBDED26D3DA1ED99C0C273F
                                                                                                                                                                                SHA-256:B2D618DECA99D201C28B5A3F652297851DBC82FC8EF504D83B903610BE9E92B0
                                                                                                                                                                                SHA-512:D0E1D9F9DE88B7BB3C36EF8A0813665EDEC44C4B5624B0255E75247601E342C15EFB06C90111DADE880C497A2B47B4CBCD4F33BB7DD17E168929C0309CD8C8D8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "epochs": [ {.. "calculation_time": "13378957195806577",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "25D6781AA10348E001C11EEC456DE697D35106ACA4B80F864CA4164BDB7F8F2D",.. "next_scheduled_calculation_time": "13379561995806611"..}..

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                Entropy (8bit):0.03550406069253737
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F735E8BB654C8318B28FC289BE8FD3E1
                                                                                                                                                                                SHA1:0037A5BC5C121E20391244DAA60C64B04BE30540
                                                                                                                                                                                SHA-256:E9204D7B2B9A88B3F4C0FEFC5836790A72EA5182F7CD7D9FCC534AFCEA5AFD34
                                                                                                                                                                                SHA-512:886C0313BFE5B8B1E61449D0768F61C1FF8E43B1D8779C8C7A0E45BE4A4337019246AB922ECC05A44D69127A41F8D017BBEB46EF75447AD5C3865513E50626DD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):0.03688339202665363
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:DF5661316B43AAB7C43AEDB8A496745F
                                                                                                                                                                                SHA1:7A39B503D62B93B82C3C872D8AFDB78984A6D992
                                                                                                                                                                                SHA-256:3A262DA83B709E30C722BA7D3EE9BAA5B9A5E4A1C16D790791FED87F10CF55EE
                                                                                                                                                                                SHA-512:7F21077B3BE7E3208D336E48B9EC608CDEE91FB6898D12C894BCAF0028B1DA570D26907538649E3F80F941801E2E2FE3B22D29A5337732302B74C2A53A41B539
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1056768
                                                                                                                                                                                Entropy (8bit):0.11682054667433588
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5CE950B7A811A63A30BEA8B68E131C7C
                                                                                                                                                                                SHA1:C5C36C122D5FB77B096B5C390B961A81510243B1
                                                                                                                                                                                SHA-256:E4FEF16913EB922FB21B531C6A52F7BD84D059E7E7233843BEF0C85CC7CA6E91
                                                                                                                                                                                SHA-512:39ADCC2841D1AA5A74127E59CF36DEC04E383B536F372D9595035352CF53A076152A47F4A2F920235F68C6089A8EEF085C67F95621C0E75207B1BA42F43179DA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4202496
                                                                                                                                                                                Entropy (8bit):0.056180421891261094
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9C56AD495E8C5F075C49F5164EE67678
                                                                                                                                                                                SHA1:D763DC22A5B9D4C43B81D59CA7F6543B75EC970B
                                                                                                                                                                                SHA-256:CF0927522399BEAEB9CFCD17A9D354249F6008F9D8102A43E4F95348425FA435
                                                                                                                                                                                SHA-512:0F683B62368EF7F47B6A0DD0288E0C63CEB5BF380D8088AF52BD1C5C694B26A60FE201DFA09700FAA6BF1F56EB1E2C39E40B870F513BD002053C9E83693C1E22
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:gzip compressed data, max speed, original size modulo 2^32 143189
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):27429
                                                                                                                                                                                Entropy (8bit):7.980332697984524
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2749599D0C760696078E0DD60CEAFB68
                                                                                                                                                                                SHA1:6DC1986B7DC4AC7085FE4DAD796A10ADBCAD2106
                                                                                                                                                                                SHA-256:B55B06AA049446C48B48F4C36C0588B290E292A12EAA394E6F4E9B95F6689152
                                                                                                                                                                                SHA-512:BE4E91A49B6C5FA34AC7276398E03CA53A4EAD76610A9EB00856CAA04210AEEE0B3FF909CB88FD8B2CBFA63F4B042E4EC63703B0CCA5453B29174D4DFBA78A0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............[..H.&.W...3@....~....>h...........S......B.]..t.3.rg.0.QA...]................._...?.......n......+.~........._......SJ?L.^...y.....?~..A.V).<......o._~.....~~................/.......w..E.,....E.?........O..?~../.*..^.p.e....e.......!/...3c^|y./y1...*.Z..T....)...zn.0....}....^.U..z..eo........E3.W.j.v.e......Y7.~..j...Y7.........u5..o7h...n>.Y7.o......p3.j...z5......fo.v_....u....j.M.....Jo.j..c.%s....z+.Y7....j......us/..98..k.n.1{.-2...)..Y7.R\W.n.....\..j...E7. \......R^-..j...T2.\.u.....}Kz]..W....K..{R.....KD..s.n.V...M..........n.....kIKY........._../,|V..n_M.Y...=.d.>...b.&.Y..3.\>...^.....]..L!...v...........P.7w.1....z.l..U...........9...*V..9dU.q.&...".V.L.t....&.U.w..A...PF..BV..7..(d7b..\.E7.Iy..f.71......]..n.Y..6k.S..n]ec.j..;mL^-.y.L.z.....&[=.e...U..MY7...I?w...OY.t..87..Mz.a].b.....j....fUS.v].b..Y.....TV5...VYW,.j9;2y..O....&#O.....j.(h.K.\44.f2P.**....#.X-.%...r.R{o2.u.e..Z.Z

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):524656
                                                                                                                                                                                Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:71E1878AC527B74455D14CBD914050EA
                                                                                                                                                                                SHA1:8FD2F7D168A5E78740821912DD5B520055B6C2DB
                                                                                                                                                                                SHA-256:06392727EF3EB01F091BF775A4A55E151ABDAAD17D54DFF8FD9D0C71DEE1822A
                                                                                                                                                                                SHA-512:B8FB2DF79C07C4842E19A5CDA1018A191EB98BD7D421528CA6EEC05C935B500CD7CFC74F00ACD2B47B14A671F8726941B6E2870E516C7DF9704E39F9BDD20180
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................F..6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FF5FF52E77EC86112245CD03B7E9B244
                                                                                                                                                                                SHA1:1113A0191DD6A91D7C99E91BA583E5A790ECD0EF
                                                                                                                                                                                SHA-256:A309C5F1225B2CC4FEBE216085DF2EB8ECD28C850AE4956D484D58AD89711B0E
                                                                                                                                                                                SHA-512:32C9F297C26852B712E8AC94075C7BADC32C79C2F2F9724BBAD6B916545A0C94960788C2175EDCAE1134EFC5FFE0D9E886F191D86676CE7A5C44CD6179852BD0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(...v1O.oy retne..........................6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FF5FF52E77EC86112245CD03B7E9B244
                                                                                                                                                                                SHA1:1113A0191DD6A91D7C99E91BA583E5A790ECD0EF
                                                                                                                                                                                SHA-256:A309C5F1225B2CC4FEBE216085DF2EB8ECD28C850AE4956D484D58AD89711B0E
                                                                                                                                                                                SHA-512:32C9F297C26852B712E8AC94075C7BADC32C79C2F2F9724BBAD6B916545A0C94960788C2175EDCAE1134EFC5FFE0D9E886F191D86676CE7A5C44CD6179852BD0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(...v1O.oy retne..........................6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F36EA2E241C6E1F19EF44C6B4FF6515E
                                                                                                                                                                                SHA1:A0D6CF5910C4E05914618DE9F7F59EF588D349DE
                                                                                                                                                                                SHA-256:BACD53078269995DA9C6E1BB159541C32645B6EADFA95FAF043D4DB9A3BA63AC
                                                                                                                                                                                SHA-512:B84E5FCC968373BDD8F5F506689469A949EA499311DB5AF85AE564333B647B9BFD9835D1033F3A98AAAB392CA74F42D887C17C7CDB184D276F38339E62E2C074
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(...J..oy retne..........................6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F36EA2E241C6E1F19EF44C6B4FF6515E
                                                                                                                                                                                SHA1:A0D6CF5910C4E05914618DE9F7F59EF588D349DE
                                                                                                                                                                                SHA-256:BACD53078269995DA9C6E1BB159541C32645B6EADFA95FAF043D4DB9A3BA63AC
                                                                                                                                                                                SHA-512:B84E5FCC968373BDD8F5F506689469A949EA499311DB5AF85AE564333B647B9BFD9835D1033F3A98AAAB392CA74F42D887C17C7CDB184D276F38339E62E2C074
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(...J..oy retne..........................6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DIPS

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                Entropy (8bit):0.40972302069460326
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:6F3CD4B2AB21426EBBC40C2B0ACE6695
                                                                                                                                                                                SHA1:7F86ED617EB1346B426F974AE352ECCAF4A619EE
                                                                                                                                                                                SHA-256:3C55796960AE0B314542F3EA3ACA7F1672186BC67BE19167F90E366325DD0641
                                                                                                                                                                                SHA-512:EB2158EE44626E1D9E2059F17D92CC987579D206F10622A9B65590947030373414EDF244C5A81A35EAAD75170C7783E1EC70266A7B8D414CB08BCB4CACAD725D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g.....:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:60DF0BB245E9D3E6724DFFA136830079
                                                                                                                                                                                SHA1:C159142932E839B36134BFFBD8F116ABE79FFAD8
                                                                                                                                                                                SHA-256:1E6D9341621A14F914587FCE18D55005DCD3F8F3ADDC5D1899C7EF75E72890F2
                                                                                                                                                                                SHA-512:F0297B24E4AB28F198871FCAE8A374856E310A7405F2B64FE2046F0A075884A20987B0AB6ABBEF7E9F0D4ADE75222747AFD006137A2FB03B03378DACA8D231A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.........................................!.6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:1838F983C384866A5EE1C7E5AC260486
                                                                                                                                                                                SHA1:50156BCCD679524C4E9803ED6A1900FA22489DBD
                                                                                                                                                                                SHA-256:6758F21B0FB436BA054C03C0D5FFB8987B5ECE3219D85E2F9A9E57F2EE4E473B
                                                                                                                                                                                SHA-512:B72D6351669AA60115E3908A1AB732AF4960E4B23C8EFA463118E33027C190D9013C867BC1CC910AC62D5F9BE6229C0468DF4343BDF3ACC813E4ED8364A5D42C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................cK.6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):152
                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5649E96DCAC327DDE1B450B1C06A27D3
                                                                                                                                                                                SHA1:7AA5F9FB94F95F5977AE9BFA7A4957724FD66F19
                                                                                                                                                                                SHA-256:FBCBAF8740CB027FF6A147C013B6745071CF2A1FDE4450AB2A7A04FBC401F0C9
                                                                                                                                                                                SHA-512:0BF8D7E6582330D8C362C85EE0688F2A38D3768ECD6DDB9277EFFAA718B2B6C7FD82F665CECCEFD164C2921FE4EB30C43DFB7A3AB3A8FA4496E5B8F3F8DF10C3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                Entropy (8bit):5.14400915387725
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0FA91A638ABADC651D3C703005FEFE1F
                                                                                                                                                                                SHA1:67185082944C3DB3DB9F7FE67ED82F03AF81D3E5
                                                                                                                                                                                SHA-256:9A2ADFAE29CED24FBA0DF2FEB296E42760219A6EE1101A2BA4BD86363E9E9444
                                                                                                                                                                                SHA-512:44A741ED07317D15B4B2FBAD7B055780AAD81AC32A14923E4D7786676A245EEF5FD73494124DD9FA6BFF4BADDA9A2D257BFECF3334D78D3986E766A57DB1902B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:45.646 1e24 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules since it was missing..2024/12/17-19:59:46.063 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):76
                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CC4A8CFF19ABF3DD35D63CFF1503AA5F
                                                                                                                                                                                SHA1:52AF41B0D9C78AFCC8E308DB846C2B52A636BE38
                                                                                                                                                                                SHA-256:CC5DACF370F324B77B50DDDF5D995FD3C7B7A587CB2F55AC9F24C929D0CD531A
                                                                                                                                                                                SHA-512:0E9559CDA992AA2174A7465745884F73B96755008384D21A0685941ACF099C89C8203B13551DE72A87B8E23CDAAE3FA513BC700B38E1BF3B9026955D97920320
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5...............

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):299
                                                                                                                                                                                Entropy (8bit):5.124652607149496
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:DFE1F0D676188A68FEC431BEE031E413
                                                                                                                                                                                SHA1:4546E1A248AEB3A2FEF5ADCB97E39DE4FC1F39FC
                                                                                                                                                                                SHA-256:D69CEE2E1B0C00C8B5E2008ADA902BE6ABD9FA802E0407E48A69C7D83714EA8E
                                                                                                                                                                                SHA-512:18562FEAA99861769E5CF4C772018C26730D1BB5DDF6E8DA2477D333A65B6C625E128D3D9C3EB4EA396CB66CB3C206345F40FC971889C54B6DCF1B3A0D2C2D77
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:46.071 1e24 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts since it was missing..2024/12/17-19:59:46.366 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):228
                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:AF1D95E1F9EB485393273B25446E1AE5
                                                                                                                                                                                SHA1:1D762C96B1C38BA6A849A5B76D12FAC636B8D780
                                                                                                                                                                                SHA-256:48D535BB330519C00D150578734C6CECB056C4B5CDD2A45C70590BC896D27D9F
                                                                                                                                                                                SHA-512:826D207EDD55401E1C13249350814ADBB3AB00A135C46B8DA8BB7267751C70580F183982CCCBC1E47BF3E3F433F20BA1D2F2AFD601FCB67B635C0E7429558165
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                Entropy (8bit):5.12570591573093
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:38FF9351DAA42705D8820C06B3A623E5
                                                                                                                                                                                SHA1:468BB7863C31D7227A83E765AEA656BD567729D2
                                                                                                                                                                                SHA-256:B0B069414AB068402DB35E749F8C09476FF14539410E2FD9E4E100D0AC6B3890
                                                                                                                                                                                SHA-512:53F27FE48841C2F793621144EBC0475E95779714723EDEFBE56346004455AB4517117E7FAC97344BE36272C45C77EF05B71349C454F6F10A4040DAA735479EA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:46.565 1cd4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State since it was missing..2024/12/17-19:59:47.016 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Favicons

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.6971789213866791
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BABD43551F1B29EB82E221460676126A
                                                                                                                                                                                SHA1:E9BFF307613A14B35830893BDB6D1ECC931B425D
                                                                                                                                                                                SHA-256:46B5ECADA4EDB2585F87953F7847AEFC938BE2404B9D9455C772B97295B7B1CB
                                                                                                                                                                                SHA-512:5AB681C170DBD1D374BD66EDD02CBE21272819EF7389AD1E886BCBA112DEB91EB68FA930747986DA5CA794881939570013E38EDD9F8E6F718F7D202E74A82F41
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):305
                                                                                                                                                                                Entropy (8bit):5.174557861462585
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:91250D6AF1EA169155E00F96B0E81E81
                                                                                                                                                                                SHA1:975005CA33BB7CC5CFC6037024494DADDF1932C0
                                                                                                                                                                                SHA-256:C9E82D8C535550679C8C82884B1071D7709C578D13608484C26F1A8875C7C3C0
                                                                                                                                                                                SHA-512:F845426EC82E7AA505CF3C5E3737AD972C878122EFC6B7C3CB894616244F920FE5F1B5FB31C6E672E198A6F1BADE6B065369EA5200A6350CEE4697847A123814
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:56.820 14e4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption since it was missing..2024/12/17-19:59:57.023 14e4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E261BEB5C6751FFFBC95CC0F54BEC557
                                                                                                                                                                                SHA1:A8597B514657B96163514468AE67E2C24AAC6DEC
                                                                                                                                                                                SHA-256:28BC2AB1EB39F71E4A32FA13CEFDB2F58D2D211D20D582436732701173FF0F72
                                                                                                                                                                                SHA-512:A11490209FE097E474632802E50F716F5A97B5ECD1949FDCE64275267A6AD12EC5B710D271A21025B66C70F2D54E3B9DF1BF19A03375240F320C92CD54E427A1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................O..6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RF827a48.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RF828247.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RF8283ed.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\History

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 40, cookie 0x21, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):163840
                                                                                                                                                                                Entropy (8bit):0.5406611253484088
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9B85A4B842B758BE395BC19ABA64799C
                                                                                                                                                                                SHA1:C32922B745C9CF827E080B09F410B4378560ACB3
                                                                                                                                                                                SHA-256:ECC8D7540D26E3C2C43589C761E94638FC5096AF874D7DF216E833B9599C673A
                                                                                                                                                                                SHA-512:FAD80745BB64406D8F2947C1E69817CFF57CC504D5A8CDCA9E22DA50402D27D005988F6759EAA91F1F7616D250772C9F5E4EC2F98CE7264501DD4F436D1665F0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:SQLite format 3......@ .......(...........!......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\History-journal

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                Entropy (8bit):0.2189355459462149
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:1AD81991D9A00FEE40D103994BA52352
                                                                                                                                                                                SHA1:D7F0FE264175FCCC276B33A47253BB7F5D35C326
                                                                                                                                                                                SHA-256:97541BD79E0273FB9F72C944DFA62AC9987422A2F3E92B256B13E22A54498CEB
                                                                                                                                                                                SHA-512:ECD2A9B06F580E6A71EFDC898F93AA9608DC0DBEC38E207E5ABEE1B768820F35CED7A425C5AD1E3A9427A983062D2BACB01E7F6BAB6743CF8F67ABE5E0D42569
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...............c...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.0905602561507182
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B9263BBF24428AACA95D04D04F3AEB6F
                                                                                                                                                                                SHA1:5346015345F6DF766DF4BC9B42DA076F6FDD440F
                                                                                                                                                                                SHA-256:1FE8F6113488865C546D2FAA55B21482662CE4BE19D4F505EEEFA09BC3131489
                                                                                                                                                                                SHA-512:5BC2978BC96E1347500DB552E2A2DFD9E5DF25C8E16D3AB57E5519DE43CB9C08F5AEEFD1A6F6947D7FA253505918763B932F622636FC2A7A429FA72A5B49C7CC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups-journal

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite Rollback Journal
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.28499812076190567
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E5B6407B0F7414D5D6A0C787563337F2
                                                                                                                                                                                SHA1:2F74E1C4492D377FB2FC28190F702061C187AD64
                                                                                                                                                                                SHA-256:A0913B50AEA425B2C65280DC97916861BB28B2083E0462F9E8E647BB7A363A61
                                                                                                                                                                                SHA-512:679BB340791DE4379284D7CB0FA7122548D371515FE41A2BBAA3EA10D02592A5F0CF54F67EF2C838C60E2D173BD91737714CC729B9F78FD6D4FB7D1A25DA58F5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.... .c.....K...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups-wal

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):173072
                                                                                                                                                                                Entropy (8bit):2.1820463557172447
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:7DAE8987FED6E97787AD1ED261BB09BF
                                                                                                                                                                                SHA1:0E2D000BD89102C842E4CBD267A307598877F886
                                                                                                                                                                                SHA-256:28E5B5A2CEAD3F277C390E9CF11657832292DD27D1702815B4CD35CD7E6E77D3
                                                                                                                                                                                SHA-512:1F7F7A099D9E04EE74CE74FBF59F69076BB97D09B526E3A0877C1B3E604705E77DBCB9A5AB48E8A77160B2A438DEA5BC8872A603588A3F1EBB3E2683FCE84B9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:7....-..........E?G....!..BX.E..........E?G....!.P..KF..SQLite format 3......@ ..........................................................................zp......g..g..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):379
                                                                                                                                                                                Entropy (8bit):5.24278449348679
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:68E1F12E97F0E5ECBA97F4979028F85B
                                                                                                                                                                                SHA1:45708BE1F760A9EF2B6E4CC8B9223571DD0D0BA1
                                                                                                                                                                                SHA-256:18279C4800693B2D1688FF87DB76A7ECB6885835085F028FEC8F0F4EC4698325
                                                                                                                                                                                SHA-512:4E7D3D009C2CA2C94BFA02FB8AB423D8495B1989962B66E6B0BB55B47FFBC1DE17E5EC5BFF5F6A09F98F1D6281F626B8098F792F69CF995149F30F4107D551E7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:58.102 1cd4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc since it was missing..2024/12/17-19:59:58.267 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                Entropy (8bit):5.167663733262074
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:7D47B3474AADFE54CA2BB2EA25236B6F
                                                                                                                                                                                SHA1:5B1D0BFAC166219E6BE181C7F9A51C3A7056CC6F
                                                                                                                                                                                SHA-256:DBB070BA76A4C0E43AF3C606182457A33F58D7194C4B2706E6D29A591E48E70E
                                                                                                                                                                                SHA-512:444726D143323647C7C43E97DC732222F9DFE8BF70A4E9B2571D77138F3072D7E3EE3DA93C2DD7BF664B6DAC12434861BC1EAD5723DEC48A50F3BAE02BD4B660
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:45.957 1a18 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb since it was missing..2024/12/17-19:59:46.427 1a18 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Login Data

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.8620707756645608
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:DFD4F60ADC85FC874327517EFED62FF7
                                                                                                                                                                                SHA1:F97489AFB75BFD5EE52892F37383FBC85AA14A69
                                                                                                                                                                                SHA-256:C007DA2E5FD780008F28336940B427C3BFD509C72A40BFB7759592149FF3606E
                                                                                                                                                                                SHA-512:D76F75B1B5B23AA4F87C53CE44C3D3B7E41A44401E53D89F05A114600EA3DCD8BEDA9CA1977B489AC6EA5586CF26E47396E92D4796C370E89FAB0AA76F38F3C4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Login Data For Account

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.8620707756645608
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:DFD4F60ADC85FC874327517EFED62FF7
                                                                                                                                                                                SHA1:F97489AFB75BFD5EE52892F37383FBC85AA14A69
                                                                                                                                                                                SHA-256:C007DA2E5FD780008F28336940B427C3BFD509C72A40BFB7759592149FF3606E
                                                                                                                                                                                SHA-512:D76F75B1B5B23AA4F87C53CE44C3D3B7E41A44401E53D89F05A114600EA3DCD8BEDA9CA1977B489AC6EA5586CF26E47396E92D4796C370E89FAB0AA76F38F3C4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network Action Predictor

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                Entropy (8bit):0.4028030029546618
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0B7DFE23FF1EC5FC89AEDDAD1F0C6602
                                                                                                                                                                                SHA1:441670D308D07B948A197051F5C6E0DBE4813916
                                                                                                                                                                                SHA-256:23E922DB393564D971769505239DD2159730535C596831FD3A85B3ADC01A2871
                                                                                                                                                                                SHA-512:59446510D127B9B09E9CFDF541E030EED4CE265242A10EF0B6FD09A6917BB9B8FDA2EF601EE686078664CD11729612CF271F02CEB05049989DB2AE3525C186D7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......?......\.v.-.@.......?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\7230058e-ceb0-47d7-af1b-dc6f8967844f.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Cookies

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.8466322921433865
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FFFD095F8B37C7AA7834D525221ACC78
                                                                                                                                                                                SHA1:2F7A997AF37DFF092E7B1A180039A78F6014E5A2
                                                                                                                                                                                SHA-256:E2D1835323A4CABA43AF86178BAF6D6FC7A247A4F12A7A611E03F76A9764F49F
                                                                                                                                                                                SHA-512:475970D89659CFED02D23D32ADA628455E54F02A5478356E71AB378CA323A92FF4E0D87CA86BD75EAC3340E3DFCE9B92CA75B5C339CB995F4A5DC62C8F2633A0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......@..g.....@....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                Entropy (8bit):0.6942065878125493
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9508159B34FBA35E8BA0C217580C133D
                                                                                                                                                                                SHA1:6057CAF78D35FDBDFC95C7182EA0D34ADF88B652
                                                                                                                                                                                SHA-256:51E0624F5B6606FAF0E6D93D6834B7DFB7ECAB8B823D77D0BAB17FB4890D8966
                                                                                                                                                                                SHA-512:FE8D19C4C2AFE65924AA9A2EB8C28BA46B73D283C80DCF131459675D314C14A16604C9D5AFC9DE4A21805756ABE02E64E4A5872DB9D790D11186F8123E12301E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[]

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports~RF828295.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[]

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):189
                                                                                                                                                                                Entropy (8bit):5.425270099826863
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70DC10AEB416964B87F9521517E8BA1F
                                                                                                                                                                                SHA1:0AE4ABD8E470DAA4CAF3B40301782E361851E0B0
                                                                                                                                                                                SHA-256:DE6AD05E01242247C05DA96999551DA23EA86C2CD8A810FFA4B9C36C364056D8
                                                                                                                                                                                SHA-512:3A37C5C3D7A28B331123E2D603308AD845727D43AA46715E48E2D9B12C5C39276BBEC18FA7F12A963F99F98BFAFFD13C1E17B05E87863B95F522169CBAAE9A07
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"sts":[{"expiry":1766019594.409141,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1734483594.409143}],"version":2}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                Entropy (8bit):0.3649935337037638
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:4203ABA60FD9DE5B4232FC624DB3F817
                                                                                                                                                                                SHA1:1F07DFC552D6B509C83C36CB05986007CE29E250
                                                                                                                                                                                SHA-256:19E1E0D60DC0A70455014FEC98B5E4B73E93A80651600368745AB0D4A49C9529
                                                                                                                                                                                SHA-512:6240F8EF505E093F0EA99306ADFA90969B3DE094CDE08B61076BD2C737763C0815108F532EC17E766FE15F9B1BCB9D82096F799EF04D50C3CE2305D8247BFEB1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\c27606bc-db64-468d-9f38-a7bd5018ad89.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):189
                                                                                                                                                                                Entropy (8bit):5.425270099826863
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70DC10AEB416964B87F9521517E8BA1F
                                                                                                                                                                                SHA1:0AE4ABD8E470DAA4CAF3B40301782E361851E0B0
                                                                                                                                                                                SHA-256:DE6AD05E01242247C05DA96999551DA23EA86C2CD8A810FFA4B9C36C364056D8
                                                                                                                                                                                SHA-512:3A37C5C3D7A28B331123E2D603308AD845727D43AA46715E48E2D9B12C5C39276BBEC18FA7F12A963F99F98BFAFFD13C1E17B05E87863B95F522169CBAAE9A07
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"sts":[{"expiry":1766019594.409141,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1734483594.409143}],"version":2}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\c7b5eb7e-b222-41f8-89f4-24d6c09b7a38.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[]

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\f2f02473-033c-4aba-9cc7-84454765e402.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[]

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2119
                                                                                                                                                                                Entropy (8bit):4.7877506659692015
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:4C374C95BE74627E47826B5A01FAD7B9
                                                                                                                                                                                SHA1:B7F916A40394024CED17B6CD2A3FB1879A84FEFE
                                                                                                                                                                                SHA-256:7EECE1FCC74700D2F7E3AC251590C070C3859A84700CA0B885206374B2322BDD
                                                                                                                                                                                SHA-512:C1694FB7F81497F59627FC980FA5C780EDA0647AAF6140961659B149D536D0CDB5F21898F470CDE380E49B3E38E2AFB1E50C7756053A37E79C31C0DF46CFB523
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "enterprise_signin": {.. "policy_recovery_token": "7D3124ECAF7E96407EB65EAF5A43B02C7EE5F2D4A9FA38A9F371F9E1B74D6383".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_signed_in_username": "82DB8D884695C643C31778B7B50DBB376848E2F81B5A1AECDA34FD448CECD10D",.. "last_username": "24FCEF9BF7DF12A2935BE143E58951E09DBAA1D3E0E24430C0FF93009F5D6AFD".. }.. },.. "homepage": "B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E",.. "homepage_is_newtabpage": "368

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RF829cf3.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2119
                                                                                                                                                                                Entropy (8bit):4.7877506659692015
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:4C374C95BE74627E47826B5A01FAD7B9
                                                                                                                                                                                SHA1:B7F916A40394024CED17B6CD2A3FB1879A84FEFE
                                                                                                                                                                                SHA-256:7EECE1FCC74700D2F7E3AC251590C070C3859A84700CA0B885206374B2322BDD
                                                                                                                                                                                SHA-512:C1694FB7F81497F59627FC980FA5C780EDA0647AAF6140961659B149D536D0CDB5F21898F470CDE380E49B3E38E2AFB1E50C7756053A37E79C31C0DF46CFB523
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "enterprise_signin": {.. "policy_recovery_token": "7D3124ECAF7E96407EB65EAF5A43B02C7EE5F2D4A9FA38A9F371F9E1B74D6383".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_signed_in_username": "82DB8D884695C643C31778B7B50DBB376848E2F81B5A1AECDA34FD448CECD10D",.. "last_username": "24FCEF9BF7DF12A2935BE143E58951E09DBAA1D3E0E24430C0FF93009F5D6AFD".. }.. },.. "homepage": "B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E",.. "homepage_is_newtabpage": "368

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RF82c403.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2119
                                                                                                                                                                                Entropy (8bit):4.7877506659692015
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:4C374C95BE74627E47826B5A01FAD7B9
                                                                                                                                                                                SHA1:B7F916A40394024CED17B6CD2A3FB1879A84FEFE
                                                                                                                                                                                SHA-256:7EECE1FCC74700D2F7E3AC251590C070C3859A84700CA0B885206374B2322BDD
                                                                                                                                                                                SHA-512:C1694FB7F81497F59627FC980FA5C780EDA0647AAF6140961659B149D536D0CDB5F21898F470CDE380E49B3E38E2AFB1E50C7756053A37E79C31C0DF46CFB523
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "enterprise_signin": {.. "policy_recovery_token": "7D3124ECAF7E96407EB65EAF5A43B02C7EE5F2D4A9FA38A9F371F9E1B74D6383".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_signed_in_username": "82DB8D884695C643C31778B7B50DBB376848E2F81B5A1AECDA34FD448CECD10D",.. "last_username": "24FCEF9BF7DF12A2935BE143E58951E09DBAA1D3E0E24430C0FF93009F5D6AFD".. }.. },.. "homepage": "B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E",.. "homepage_is_newtabpage": "368

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RF831223.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2119
                                                                                                                                                                                Entropy (8bit):4.7877506659692015
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:4C374C95BE74627E47826B5A01FAD7B9
                                                                                                                                                                                SHA1:B7F916A40394024CED17B6CD2A3FB1879A84FEFE
                                                                                                                                                                                SHA-256:7EECE1FCC74700D2F7E3AC251590C070C3859A84700CA0B885206374B2322BDD
                                                                                                                                                                                SHA-512:C1694FB7F81497F59627FC980FA5C780EDA0647AAF6140961659B149D536D0CDB5F21898F470CDE380E49B3E38E2AFB1E50C7756053A37E79C31C0DF46CFB523
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "enterprise_signin": {.. "policy_recovery_token": "7D3124ECAF7E96407EB65EAF5A43B02C7EE5F2D4A9FA38A9F371F9E1B74D6383".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_signed_in_username": "82DB8D884695C643C31778B7B50DBB376848E2F81B5A1AECDA34FD448CECD10D",.. "last_username": "24FCEF9BF7DF12A2935BE143E58951E09DBAA1D3E0E24430C0FF93009F5D6AFD".. }.. },.. "homepage": "B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E",.. "homepage_is_newtabpage": "368

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\PreferredApps

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                Entropy (8bit):4.051821770808046
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\PrivateAggregation

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.34918676921052166
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:ACF6736F1860F509DF093FDEF82F3163
                                                                                                                                                                                SHA1:8004B1692C2638C36BF7422A3D502830B54132C0
                                                                                                                                                                                SHA-256:1995D295FBDC4A993462B46676932EC3E0E9C8E9F3079F71D64A6D080FA677A0
                                                                                                                                                                                SHA-512:D85678F7E101EF11A5066C202A0D4AE524B3697E2D8B5B0DC1AD46710BE9D36300F4AE9C3F3E7854DECCACC1C23798485363422E29F7331CF46F3BE8C8B08923
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......d..g...d......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Safe Browsing Network\Safe Browsing Cookies

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.6122081297903206
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FEBE8B30C72B9ED5786AE265EBAF844A
                                                                                                                                                                                SHA1:010452344E00FCF8609B9DF083803311EFE683E9
                                                                                                                                                                                SHA-256:72D049174F8BB874A5DB67735CE76CAB400F25A72391EC557EF2720785B4C4AC
                                                                                                                                                                                SHA-512:01863FD726D2BB344F368673A31DF809A58C810940200A8CF02D1BE09CE92F1D097419FFFABBADA9651D2977948111E0916E2012D92974F96CE7C942EF01732E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......@..g.....@....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6213
                                                                                                                                                                                Entropy (8bit):5.514923288115419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2A760FBDF857372F869A144B347FDDE9
                                                                                                                                                                                SHA1:44F2F5360AA4E843BCB2FEE4B50C7CF796F15CA8
                                                                                                                                                                                SHA-256:34DAE33950C6AD4B7957E9D2EDBCF7EA797EC966FE17230962ECB0188D75DADE
                                                                                                                                                                                SHA-512:C4B5814CB8B79D3AD196FD647361F50317DDD7D5DAEA8A2611FBE7F32833767A5C4E2883A173BBDB0710AE8927E2A2E6CCA50FB47EC8A0AF0649075B52369C1A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&q={searchTerms}"],"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13378957188869968","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13378957188869968","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"","starter_pack_id":0,

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Secure Preferences~RF82cd5a.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6213
                                                                                                                                                                                Entropy (8bit):5.514923288115419
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2A760FBDF857372F869A144B347FDDE9
                                                                                                                                                                                SHA1:44F2F5360AA4E843BCB2FEE4B50C7CF796F15CA8
                                                                                                                                                                                SHA-256:34DAE33950C6AD4B7957E9D2EDBCF7EA797EC966FE17230962ECB0188D75DADE
                                                                                                                                                                                SHA-512:C4B5814CB8B79D3AD196FD647361F50317DDD7D5DAEA8A2611FBE7F32833767A5C4E2883A173BBDB0710AE8927E2A2E6CCA50FB47EC8A0AF0649075B52369C1A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=19c85f07-ac1c-4aa1-937c-fa9e7f45dd6e&q={searchTerms}"],"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13378957188869968","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13378957188869968","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"","starter_pack_id":0,

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2017
                                                                                                                                                                                Entropy (8bit):5.813938348763485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:76D0D9C5E52B6ECD771B68484E3856AB
                                                                                                                                                                                SHA1:2C876DB216C9C82E60E3CBAE4226F79E22E0567A
                                                                                                                                                                                SHA-256:50896CB2AD27C6A2A810F8D564E02511A23A95DDFA55EBC00DD0053750199B46
                                                                                                                                                                                SHA-512:B779A8293341D988407630E715634CFE06B8C405AF198FD5F466C0E518A76195D04D83B7EDAD04587D895CB3CC56EB9C28275F1FD1C2D7C1CE3F079469971822
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.}~..................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.KINITDATA_UNIQUE_ORIGIN:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/..:REG:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.0.....4chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js .(.0.8.....@...Z.b.....trueh.h..h..h..p.x..............................REGID_TO_ORIGIN:04chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/..RES:0.0.....Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js...."@32048DD2666412A087C9C4DDF11DBE2CC6BEC6AC302717DF9165ED90AF30A6A0..URES:0..PRES:0b...................:REG:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.0.....4chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js .(.0.8.....@...Z.b.....trueh.h..h..h..p.x........

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):311
                                                                                                                                                                                Entropy (8bit):5.120062267196642
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B3E9298B4238E952986D33F3A49AC2EF
                                                                                                                                                                                SHA1:DBE61740F3BEC434A82EBBE0726D02EA5EB8CB64
                                                                                                                                                                                SHA-256:0E88CC05D3F2BA2EF96F1364E328C42AC54436263E8D1675338F22AF2EC74F64
                                                                                                                                                                                SHA-512:1673A851667D27A451749CAC4F34A4C3000CEFE8498C295EB780914042260C7912B5F03D196F8388E55169C0E13EC6980CF0E78C1CE6511657362A18CA9EA88F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:57.930 1e24 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database since it was missing..2024/12/17-19:59:58.052 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):35064
                                                                                                                                                                                Entropy (8bit):4.9245206775057735
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE1DC35A555665DDD16A2B7C4FD3A860
                                                                                                                                                                                SHA1:0D2F923A337C9295AD66EC8CE0804738BC9124A0
                                                                                                                                                                                SHA-256:C6FF03528EB8533EE7DEF37F23F77B8ED5CF4F841639F6750C303ABDC7324CEF
                                                                                                                                                                                SHA-512:DBAB54F827F542D24DF78455AF9D2C4D2DDAEF2878DF03E6F896947BF7DD439E3004C7AE30A9B689BBD0F3BA41062F0B1699C1C7FC974CD30F00D65EF6CCEA00
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..........rSG.....0/******/ (() => { // webpackBootstrap./******/ ."use strict";./******/ .var __webpack_modules__ = ({../***/ 700:./***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {...// EXPORTS.__webpack_require__.d(__webpack_exports__, {. A: () => (/* binding */ Ads).});..// EXTERNAL MODULE: ./src/background/user.ts.var user = __webpack_require__(223);.// EXTERNAL MODULE: ./src/common/tabs.ts.var tabs = __webpack_require__(655);.// EXTERNAL MODULE: ./src/common/messages.ts.var messages = __webpack_require__(95);.;// CONCATENATED MODULE: ./src/background/spotlight.ts..const showSpotlight = async (adData, tabId)=>{. const tab = await (0,tabs/* getTab */.i)(tabId);. const tabWidth = tab.width ?? 0;. const tabHeight = tab.height ?? 0;. // Spotlight unit can fit into the screen. if (tabWidth <= adData.width || tabHeight <= adData.height) {. return;. }. // Tab is in focus. if (!tab.active) {. return;. }. await

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41953
                                                                                                                                                                                Entropy (8bit):5.960290228692878
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D3EBECF3CB70BC4F7D18EABB83BA0375
                                                                                                                                                                                SHA1:8D7161ACE08DAF504B7069299BB25570CAC033C9
                                                                                                                                                                                SHA-256:4A6ED2679D6089352438BE6CA7FBD41567DED944787055F837234F34201ADBA1
                                                                                                                                                                                SHA-512:1CB784C4D52E53EA4C132597CB64D9D9FE8E160D83530263CE0927A87807C1E993B9B38F1C70C42F15C80CA937231B99AF1E2341D5A6E6AFB0CC1488A5F68A12
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..........rSG.....0....{..C........l.....bw.......V0c.`.............0T..4...`............`.... .). ...}.`.....0T....`<.........`.... . .<.`.....<Sddp................... Rf.......__webpack_modules__..$Rg..._....__webpack_module_cache__. Rf.W".....__webpack_require__.b............I`....D.0T..h..`z........4`.... . ...`.......g.....b...............g....b............r8................1..../...........7...........1.../.........._..../.......`.....(Sd.qA.........L........,`....D. ....d..........0..........H......PQ.L.'..D...chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.jsa........Db............D`........i.`............0T......`...........``.... .). .`.}.`,....xSddpW.............$M....RbR^.,....user..Rb..}.....tabs..Rc........messages..Re.J.?....showSpotlight.....Re...'....common_static.....Rd~.......REQUEST_URL...Rd"?.p....AD_FILL_URL...Re.Y.u....CONVERSION_URL... Rf&.M.....MAX_KEYWORDS_LENGTH...Rb6......Ads.i..........................................Rb........7

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):18439
                                                                                                                                                                                Entropy (8bit):4.131306200255055
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C25163E9493D9392678F82FC64E003EA
                                                                                                                                                                                SHA1:6902E30FA56304A29038170DA4DACD7FCC823FAE
                                                                                                                                                                                SHA-256:2CFDBD3E31C4B40A0DD5E87C450495CFFC145F45154F11FE2C66467BF4B2D85E
                                                                                                                                                                                SHA-512:E0C32381A7B74B470FE96E1EF4B29F25996E7B391DE7FAE0AA4E70E224A6B6909D1CF19E49BEA80E4EB2C1E28DAD7DE4081FCE27D259A2A4D19EDB34D40C8ECA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..........V.......1/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..// UNUSED EXPORTS: C1_Offer_Key, checkIfExtensionInstall, default..;// CONCATENATED MODULE: ./src/common/messages.ts.const openShadTab = 'open-shad-tab';.const notif_frame_id = 'notf_' + chrome.runtime.id;.const c1_ext_id = 'nenlahapcbofgnanklpelkaejcehkggg';.const os_coupon_ext_id = 'npimbikeicamplnnndojgkmfdejbpbin';.const close_ls_id = 'ls_close';..;// CONCATENATED MODULE: ./src/common/utils.ts.const isValidUrl = (url)=>{. try {. return !!new URL(url);. } catch {. return false;. }.};.const inQueue = (fn)=>{. const promises = [];. return (...args)=>{. const promise = Promise.all(promises).then(()=>fn(...args));. promises.push(promise);. return promise;. };.};.function wrapInPromise(wrapper) {. return new Promise((resolve, reject)=>wrapper((result)=>{. if (chrome.runtime.lastError) {. re

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20065
                                                                                                                                                                                Entropy (8bit):6.171897526630667
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:59CC6087E03A94E563A4E8EBD79F8C5F
                                                                                                                                                                                SHA1:981E911CFF2E40A12C36F4744B6973BE1B306616
                                                                                                                                                                                SHA-256:4CE14B35C70B154F1814BB594711874EFA0B3007ECD0D37FEDC8EAD171E770C5
                                                                                                                                                                                SHA-512:225C6041F46C62DFED8C0FD6EBEFF7245EAE089E2A0C8B6147B47CAA820BBA32A688BC0A95FBC236A5D9AF0B4DD1162958EAFAF8CA091462C8F746005C1A1772
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..........V.......1....{..C........l.....bw.F.....V0c.`.N...........0T..4...`............`.... .). ...}.`.....0T..i...`|.........`.... . ...`T.....Sddp......".......*.....Rd...Z....c1_ext_id.....Re........os_coupon_ext_id. Rf^e.5....checkCookieExists.....Rd..r.....USER_ID_KEY...ReV.......INSTALL_ID_KEY....Rb.z>.....User.,Ri.=O6....registerOnestartCouponExtension...Rdj.wx....requestOffer. RfF......getNewTabBookmarkUrl..Rd..4N....getInstallId.$Rg........checkIfExtensionInstall...Re.1g.....createShadTab.....Re...&....installExtension..Re^.g.....isUpdatedVersion..Rd...M....getBVersion...Rd..e.....C1_Offer_Key..Rbr..+....C1..p....................................................................I`....D.0T..X..``........l`.... .....d .......'...s....... ...`.....E..0T..T...`T...........`.... .). ...}.`.....8SddpW.........Bq...t...}....a....(...I`....D. ..Rc.(......chrome....Rd..P.....bookmarks.........0T..L..`H.........`.... . ...`.............0T..T...`V...........`.... .). ...}.`......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):96
                                                                                                                                                                                Entropy (8bit):3.60498125036058
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:05C19E96BF113F0139B727F78F9AA730
                                                                                                                                                                                SHA1:F97204AC91FAE6474E02FB38CB7900CF028FB3FA
                                                                                                                                                                                SHA-256:576850E1045E94CF92214CB0C9999C6FE5B024EDCDE00C9D02E4B91177C92695
                                                                                                                                                                                SHA-512:F1E84FD7D29DFFDA954B5D3011C21B015C174382649569D0BE862D312F5DBCD6FF930E4021CB988E975C058756543BE4C1BC94FAB17E3186FC4A71A7A608C097
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:X...|D..oy retne........................5j.+y..L<................X....,<........-.......M7../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):96
                                                                                                                                                                                Entropy (8bit):3.60498125036058
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:05C19E96BF113F0139B727F78F9AA730
                                                                                                                                                                                SHA1:F97204AC91FAE6474E02FB38CB7900CF028FB3FA
                                                                                                                                                                                SHA-256:576850E1045E94CF92214CB0C9999C6FE5B024EDCDE00C9D02E4B91177C92695
                                                                                                                                                                                SHA-512:F1E84FD7D29DFFDA954B5D3011C21B015C174382649569D0BE862D312F5DBCD6FF930E4021CB988E975C058756543BE4C1BC94FAB17E3186FC4A71A7A608C097
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:X...|D..oy retne........................5j.+y..L<................X....,<........-.......M7../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF82f842.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):96
                                                                                                                                                                                Entropy (8bit):3.60498125036058
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:05C19E96BF113F0139B727F78F9AA730
                                                                                                                                                                                SHA1:F97204AC91FAE6474E02FB38CB7900CF028FB3FA
                                                                                                                                                                                SHA-256:576850E1045E94CF92214CB0C9999C6FE5B024EDCDE00C9D02E4B91177C92695
                                                                                                                                                                                SHA-512:F1E84FD7D29DFFDA954B5D3011C21B015C174382649569D0BE862D312F5DBCD6FF930E4021CB988E975C058756543BE4C1BC94FAB17E3186FC4A71A7A608C097
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:X...|D..oy retne........................5j.+y..L<................X....,<........-.......M7../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):189
                                                                                                                                                                                Entropy (8bit):4.951615393585565
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:94749CA9DCAE6161E992CC741F20C3AB
                                                                                                                                                                                SHA1:10531970846BD8B06F74693EB726A54206E321B9
                                                                                                                                                                                SHA-256:0A8036D7CCC425C39CE0FFE8685C6A54817164891334E84D004F4ADF07F650A2
                                                                                                                                                                                SHA-512:D64A3BE6D51AFF5CA96C5EFBA9B4DF38D8B2D4F2C59A99C8DC799A8304509EEFB0F4B4925EF6BF1E8F6CA220A9398595E6741211829B5695E4C7AC4120C5F15D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f...............#..{y................next-map-id.1.Znamespace-b0a02384_cd90_4ef6_bee4_fa19d8a4db07-https://onestart.ai/^0chrome://new-tab-page.0

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                Entropy (8bit):5.075059066142816
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F2B81A74239C40FFE732698873881A99
                                                                                                                                                                                SHA1:6A2317C5DB962B9530F8374272814492D474AABB
                                                                                                                                                                                SHA-256:725F9E291CC67DEDA0B5DBD52772D649F98785002F16D3DF917DF9705118A83E
                                                                                                                                                                                SHA-512:837C6028B38BCD1F8A0A2B71D0C88E44D8BCB7BED568392CE407AAF2726B9A9A1770FF18B26371905D104CF06FBD9A6F925CDEE2E0E3FE1415CC9992B381263C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:48.878 1a18 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage since it was missing..2024/12/17-19:59:49.025 1a18 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sessions\Session_13378957191723284

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5836
                                                                                                                                                                                Entropy (8bit):2.9831664533656435
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FB5F9914265ED87E5077200F16B67A61
                                                                                                                                                                                SHA1:E2766ACAB0930EE60B0732982272C3649F62D89E
                                                                                                                                                                                SHA-256:AD1926EA2F041B1D09EFA42F048EA7FDCC3DE6AF9E530A14E84BA1DE9518C193
                                                                                                                                                                                SHA-512:F5D6E2F24A4244F7D56D008D658EB8F1388E30F9E8F8C016436A492A763FC057F343A92BADFB6510D9A04FEC81DC65191E78361BDCB7E222E0C737E81C170A7E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SNSS........$.x............$.x............$.x............$.x...... .$.x........$.x........$.x....!...$.x................................$.x.$.x1..,....$.x$...b0a02384_cd90_4ef6_bee4_fa19d8a4db07....$.x........$.x....G..6../.....$.x....$.x....................5..0....$.x&...{96ADBEFA-1A51-4766-B187-DD7038AF7169}.... .$.x........$.x........................$.x............$.x........chrome://newtab/....N.e.w. .T.a.b...d...`...!...X.....................................................................................................P.)....P.)..................................h...............................................4.......c.h.r.o.m.e.:././.n.e.w.-.t.a.b.-.p.a.g.e./.....................................8.......0.......8....................................................................... .......................................................P...$...7.c.1.f.c.b.2.f.-.9.d.2.1.-.4.5.8.6.-.a.b.7.9.-.6.9.0.2.1.a.3.3.5.2.5.c.................P...$...5.b.8.e.e.7.c.a.-.a.f.2.d.-.4.f.9.9.-.9

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index-dir\temp-index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9B0482523F768839D85DBA8E4DD4408E
                                                                                                                                                                                SHA1:68ED064A3AFFE7408AB915E5816E9AD4C71D87C4
                                                                                                                                                                                SHA-256:48BCABF5CFD331154778D852859DCE0219996C6103C97145F52A99E61CF291C3
                                                                                                                                                                                SHA-512:F0FE8725CC741A2D5B2C04EA99882400BEE9E69BAE0798A39FD24B41739CEAB47E3D3F36D288A256065BBF6AEAC806269CFF7278EA47396C077D5EE364E9154A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(.....-.oy retne........................N..6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9B0482523F768839D85DBA8E4DD4408E
                                                                                                                                                                                SHA1:68ED064A3AFFE7408AB915E5816E9AD4C71D87C4
                                                                                                                                                                                SHA-256:48BCABF5CFD331154778D852859DCE0219996C6103C97145F52A99E61CF291C3
                                                                                                                                                                                SHA-512:F0FE8725CC741A2D5B2C04EA99882400BEE9E69BAE0798A39FD24B41739CEAB47E3D3F36D288A256065BBF6AEAC806269CFF7278EA47396C077D5EE364E9154A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(.....-.oy retne........................N..6../.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\db

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                Entropy (8bit):0.429182492880771
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B581F0FF8F8AA3371AE47B48C95329E8
                                                                                                                                                                                SHA1:4F588EFADF3675F3526CBE762C50EB8E79D9F2E5
                                                                                                                                                                                SHA-256:F8E7CD835195E4EFF7855D20676484CA75F7E7E4FE5B13164FC926B365E1DEA0
                                                                                                                                                                                SHA-512:E0A79452ACB39838AFEA8CE34E05C7E5CDE68F2A786FE4423DDF2588FC6047339E8E4C3140D7E0447F938B2266F52B9DDBDCC0F40C495D833B47B3F27D7996DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g...|.*.../...W............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\SharedStorage

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                Entropy (8bit):0.0905602561507182
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B9263BBF24428AACA95D04D04F3AEB6F
                                                                                                                                                                                SHA1:5346015345F6DF766DF4BC9B42DA076F6FDD440F
                                                                                                                                                                                SHA-256:1FE8F6113488865C546D2FAA55B21482662CE4BE19D4F505EEEFA09BC3131489
                                                                                                                                                                                SHA-512:5BC2978BC96E1347500DB552E2A2DFD9E5DF25C8E16D3AB57E5519DE43CB9C08F5AEEFD1A6F6947D7FA253505918763B932F622636FC2A7A429FA72A5B49C7CC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\SharedStorage-journal

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite Rollback Journal
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.28499812076190567
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:11026B409AFFDE36C202E91551862751
                                                                                                                                                                                SHA1:74D7F26BFDAF842374F29140097D846687DF0D17
                                                                                                                                                                                SHA-256:648EF66BEA696897401C4A023B918E67443986D92BC4C90997DF56FA36F31076
                                                                                                                                                                                SHA-512:62A61E6FB5A1BBC7DA0CEFD2A460FAB96C4C4649EEDB769BDBDCDE76CB59AE9693179AA2B9B2B5599F4B2FA605CC9FB05E4223440DAA7CD1825F8E1ACEE6123F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.... .c......)kj................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shortcuts

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.43554809000133937
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C135AEDA0EEFFC53BBF903913C861F3E
                                                                                                                                                                                SHA1:C294F21924C0EED4AA1527F8CE867C96833EE834
                                                                                                                                                                                SHA-256:FF1398EDCFA0EA35375AFA95CD25BC086AF7CE25CBA4A85318EEBD1252E29B4F
                                                                                                                                                                                SHA-512:F72555FD484139DD4B59281375CCBF109C8196635F5E08E574E89D137E42886C1B62F4F8D3318963A469725FAAE42C7D64D47DCB41210833383E978D611DC87E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                Entropy (8bit):3.473726825238924
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.On.!................database_metadata.1

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):323
                                                                                                                                                                                Entropy (8bit):5.0488799238090944
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9466E1B4E9E1F251DEF956118A206056
                                                                                                                                                                                SHA1:C4213EEDF1F756964AFB624E38A67315C386AF25
                                                                                                                                                                                SHA-256:1C7EF80131610FF31BF471A941F47E9DDB1E419B2E6B4B752C4FB1123C919090
                                                                                                                                                                                SHA-512:15C5AAE45FADC25CD85B2C112B0BC91A2F59C574F52199C6B635BD41E9EEB333852D8754EE6FDD51B47EDECB5B10EDF7546020582DC60561144641D2523FF010
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:45.498 1cd4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database since it was missing..2024/12/17-19:59:45.962 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65
                                                                                                                                                                                Entropy (8bit):3.8214220438289908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B14764CD1BC1AA64A1F0551CD3682B81
                                                                                                                                                                                SHA1:21FE0B213419AD4EFA4EA03B856F8DA1B3AE9351
                                                                                                                                                                                SHA-256:8FF00D859349A3EA206706CDD3FA2762AE7C8EFE2FDD33A95A72FEE45AAC6BC4
                                                                                                                                                                                SHA-512:86B372FE41C4C2A8E75B5E3CB8979425CA07E6CF0142EF88959C8FD3C35890D8ECA2B83E77BF19CB19900B1C4C296D94ABCA81C135F1D40329C4E3470BDC302A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...n'................_mts_schema_descriptor.....F................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):299
                                                                                                                                                                                Entropy (8bit):5.156506345484774
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:39DD008660005F1C8FFF124DF1C12311
                                                                                                                                                                                SHA1:E0DA2198B5C0D57CB4FF0D2E947D4F991B02A8D8
                                                                                                                                                                                SHA-256:36602D9CAD4A68766AC0FED6C2EB069D8B734BBFDE8FCBE506BD913857E042F8
                                                                                                                                                                                SHA-512:A68F0A5391FA8C517767504967C39B2100E3C3A09F6140D3785FB4C76BE69A271ABC46632E12B16176B9BF4ADDE0D92669B351D0A29DAF0430AA822D9DE87E34
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:45.455 1fb4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB since it was missing..2024/12/17-19:59:45.795 1fb4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Top Sites

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.3717863997943488
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D9F0B0474A300A011F68B46397F7D5A5
                                                                                                                                                                                SHA1:D4310A12F754EF1D88B0B2187A291783DB2673FC
                                                                                                                                                                                SHA-256:2B46A91579A5018DBA7CE0BA48922E2F2E4632DBC4C890180728656955431570
                                                                                                                                                                                SHA-512:E443D1FA73BDC802C29BE024E2389524C84D3639D404582C35BD7C6BE1AE71B5D172BF86A17DABFE76BCB221A878EF023D571D44CCB521D70B64F752168D83A1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp.........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Visited Links

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):131072
                                                                                                                                                                                Entropy (8bit):0.011057894699524604
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CB3CA16CCC74DE87D65904EAD7BF0033
                                                                                                                                                                                SHA1:10A47343410CC3F4535B46A407989F4477838DAC
                                                                                                                                                                                SHA-256:C0CAADC1148C4C0373A57D3E93DECA1E9C4C1512DCF67CFF3BD4D17392699128
                                                                                                                                                                                SHA-512:52A7304C5FECDC41EFA59CAC86385D55CE41B873C22FD58AA53FF9E9EEF5E6296B83723FF9F86A9C214DA2CC21AD1CF9EC3ACBF02253D76E7C5FE3C02ADFAEB5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:VLnk.....?.......I..&.JL................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Web Data

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 3, database pages 59, cookie 0x25, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):120832
                                                                                                                                                                                Entropy (8bit):1.1468728340629148
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3EAE3E414CBE2DC4EA865C7B55B15BAC
                                                                                                                                                                                SHA1:10EA6652177E13B6A32822CA4002AFA18794BCB8
                                                                                                                                                                                SHA-256:F0CFA652059532A117FD1DD6B50CD1888A47065B6438578EEB83BF21DF732053
                                                                                                                                                                                SHA-512:4EE8B573B5CA866574FBDE703465A6EF34D95FC362F126B12BF554389FCB15BDB7436791F233354FDAD9429815B595EF4CDB535EF0EE02429369CF9CF5EAFDCF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ .......;...........%......................................................zp...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.561887280795302
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:7A4F9F65F2A7A3CAE94DA92720803161
                                                                                                                                                                                SHA1:D09CBB157C4654DA66C22B0DB74B3B741DBAF0BC
                                                                                                                                                                                SHA-256:AC2BD6B128890AA6F4515B3115D80F9A45BE918E38D8562DA57DD4A0940407EF
                                                                                                                                                                                SHA-512:CA6A9B71075B9A8C006AB5A64A49F68CD85C970025F139D492B78CAA34A72FF9709C89AC00092D58E4D4E34F4D8365A0BCCE4072DC9525439EC2BB2AFE1BECFC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\ba34c587-b155-4118-b0ba-eca8d88b7a3f.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\bb7dd192-92a3-4363-a1b0-7ef88a5c9e84.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\e2f4a32b-39b0-463f-b8ed-911099117887.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10487
                                                                                                                                                                                Entropy (8bit):5.203245211437841
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:851A0C202E09927D3C1FE47D4D9F7EF2
                                                                                                                                                                                SHA1:81EE7590C4CD169246B4C6C455EFCA076AB5DD2C
                                                                                                                                                                                SHA-256:593756764EA7AE0E80D784C5AF599305B014016C35B566B21063CD9ED5DECEBB
                                                                                                                                                                                SHA-512:0AD39A4DDEAF42AD7DC57CC3ED858F95BBD96D8AD3241044A8161D135172E98A73B2B5A3257AB9B58F1E194260651560A5FB1961C41C0CDA7DF47011DB3FCF30
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"NewTabPage":{"PrevNavigationTime":"13378957189421197"},"accessibility":{"captions":{"live_caption_language":"en-US"}},"account_tracker_service_last_update":"13378957186555570","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13378957185497911","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":130},"autofill":{"last_version_deduped":130},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":false,"right":955,"top":10,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc","synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13378957186555976"},"enterprise_profile_guid":"863db26f-9ba5-4d79-bd28-29fdce159e16","extensions":{"alerts":{"initialized"

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\e567c8c1-8b32-4b49-865b-142d25bf9d2b.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):414
                                                                                                                                                                                Entropy (8bit):5.066562499504783
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE909613FA719DF5168845038BF17E1D
                                                                                                                                                                                SHA1:A662B146A2BEC6643BBDED26D3DA1ED99C0C273F
                                                                                                                                                                                SHA-256:B2D618DECA99D201C28B5A3F652297851DBC82FC8EF504D83B903610BE9E92B0
                                                                                                                                                                                SHA-512:D0E1D9F9DE88B7BB3C36EF8A0813665EDEC44C4B5624B0255E75247601E342C15EFB06C90111DADE880C497A2B47B4CBCD4F33BB7DD17E168929C0309CD8C8D8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "epochs": [ {.. "calculation_time": "13378957195806577",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "25D6781AA10348E001C11EEC456DE697D35106ACA4B80F864CA4164BDB7F8F2D",.. "next_scheduled_calculation_time": "13379561995806611"..}..

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\ea34cb89-e3d0-4e37-bbef-54b4ec6c9f47.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10679
                                                                                                                                                                                Entropy (8bit):5.200491822211716
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0D760E6A054FD74406ABBACB1379F39F
                                                                                                                                                                                SHA1:951C0F3785DE88083901290F59E73588DBA83289
                                                                                                                                                                                SHA-256:E3F24EFF58EC2DABBE2AEFB0A6BC8195433D55E04CEBD3C86ECD0976FE37F24B
                                                                                                                                                                                SHA-512:A32A251E9AE8892C1A15879DEE0F0C7F0380C929091AE271CA6E3FF5381EC7DE844FE10567A879EE19763EF56B791F587F63582418D2B46A11061B18D4254AAC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"NewTabPage":{"PrevNavigationTime":"13378957189421197"},"accessibility":{"captions":{"live_caption_language":"en-US"}},"account_tracker_service_last_update":"13378957186555570","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13378957185497911","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":130},"autofill":{"last_version_deduped":130},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":false,"right":955,"top":10,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc","synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13378957186555976"},"enterprise_profile_guid":"863db26f-9ba5-4d79-bd28-29fdce159e16","extensions":{"alerts":{"initialized"

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\f88d5265-cd4f-4589-82e7-2617d750b51a.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):167109
                                                                                                                                                                                Entropy (8bit):5.081780452241832
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                Entropy (8bit):0.3519416637659325
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:023FD485A16AEB668E5426A8060153A8
                                                                                                                                                                                SHA1:D58B9F186592EACEE051DBA8F85537957B98C05D
                                                                                                                                                                                SHA-256:85C7910F5FF38BB2FDBF88D2D072E50C6EDDA1E774C04B21D19DCDEC158B3DA3
                                                                                                                                                                                SHA-512:2EDBA94F17FF5673F78D7E847A84403ECDC57876C600CBF8484449633D95FEF4FDC21C71CD338D219FB07F887353F96FE7FCF3FDB4FBAB43C3FC6310C1E9DCBA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):9718
                                                                                                                                                                                Entropy (8bit):6.63072214938339
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3E259A65F90B53D132E499E2861C6D2A
                                                                                                                                                                                SHA1:7B35335BDB1C766B0571E0ECDCAAC941FE4B79F6
                                                                                                                                                                                SHA-256:96235B5619CE592CE25A1FE91B0D47CCAD879A4042D0A237BF7B65AE1798F9B9
                                                                                                                                                                                SHA-512:C82136E8E5CB28D757DA59D0EB3F7C0B4ACA242027E3B8A30CE78528861866D7C8CC0B51EABB52F328699F3ADDD190929B54BEA5FA00226FEDD77D3E8062162D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:z.:E.................37_DEFAULT_16v...h.... .(.0.R*.(....Session.TotalDuration.T<.A..GO .(.0.../.'.%....?..ChromeLowUserEngagement..Other...... .(....10.|.^.X................37_DEFAULT_21........... .(.0.RZ.X...CCommerce.PriceDrops.ActiveTabNavigationComplete.IsProductDetailPage.w.cG$.. .(.0.8.R9.7...$Autofill_PolledCreditCardSuggestions...c..vP. .(.0.R>.<...$IOS.ParcelTracking.Tracked.AutoTrack.-.....|. .(.0.E....R". ....*.TotalShoppingBookmarkCount..$........?..ShoppingUser..Other...... .(....10...F3 ................37_DEFAULT_23........... .(.0.RH.F...1Omnibox.SuggestionUsed.ClientSummarizedResultType.q/.v.g:` .(.0.8.Ra._.DSELECT COUNT(id) FROM metrics WHERE metric_hash = '64BD7CCE5A95BF00'......................dh...8.0........?..Low......@..Medium......A..High..None...... .(....10..m...................37_DEFAULT_27........... .(.0.R=.;...."%..wait_for_device_info_in_seconds..60*.SyncDeviceInfoh.p...t.r.p....AndroidPhone..IosPhoneChrome..AndroidTablet..IosTablet..Desktop..Other..

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                Entropy (8bit):5.209958154798568
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF37EFCD6D0A267B95A7F183BA74673
                                                                                                                                                                                SHA1:46907BB0C25E2916D28899E69D15F2756E1FA960
                                                                                                                                                                                SHA-256:2BA42171CBB888B323A3946037E91D2BB500907EC370EAE21E452FA0620D6A44
                                                                                                                                                                                SHA-512:0EFAE7720B14059249B8E59DE05D0812B62606B58FFC4351D04BD428CC008FD8CDF109BB806D319F1C315897553951C78CDD64F614D8639C6ABED1848F482D9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:46.352 1ff0 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db since it was missing..2024/12/17-19:59:46.521 1ff0 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):932
                                                                                                                                                                                Entropy (8bit):4.003383655769617
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:507CD7EAC2177DB8A5A76F7A13C6D2B0
                                                                                                                                                                                SHA1:AD7737E8D910C77F58CAA7DD7795D41021936791
                                                                                                                                                                                SHA-256:E96CACB61FDF6B09E43948A57FDC5B75F7A85EE96BFFEFC38BC171F7A88AACDF
                                                                                                                                                                                SHA-512:21A145CE1DD7991FB4868B619A7D0D3C77F07F76E7C29C8BF1ED6CFB64FE26C723929183D3186C8EB19C66741AF74C04F0ADCAE0751FEAF3C74A336C19B20109
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .y..H.................50_..........................44_.....|G...................49_....../@..................48_.......N..................33_......E...................37_.....`0M..................38_......Hf..................39_........h.................21_.....j...................50_......S.c.................44_.......22.................49_.........................48_......p_..................33_......`...................37_.......C.................21_..........................38_......=.%.................39_..........................20_.....u..m.................19_........x.................9_........D.................3_.......M..................4_..........................18_......d...................20_.........................19_.......:S.................3_......z..................9_.....5}...................4_........q... .............18_.....

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):313
                                                                                                                                                                                Entropy (8bit):5.162307687411719
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FFDF1D498AF591BCF9DA2082E4E1623B
                                                                                                                                                                                SHA1:CE61A7C69BD6662456ADE69B3CED9677436E275F
                                                                                                                                                                                SHA-256:7015C7D067CD0F9DD1B86A3FF4701250092568323113D031E71265F12F6AF126
                                                                                                                                                                                SHA-512:E7603CF5B23BD99A7A4AA026B1E08B908F445CDBC41AE19038BD3D0B84C980E297CD0FFF590D39CE862D260C62AAABBF453F2AF1844EAB2EC4019757057DF455
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:2024/12/17-19:59:45.954 1ff0 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata since it was missing..2024/12/17-19:59:46.276 1ff0 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\trusted_vault.pb (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                Entropy (8bit):4.023471592049354
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3433CCF3E03FC35B634CD0627833B0AD
                                                                                                                                                                                SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
                                                                                                                                                                                SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
                                                                                                                                                                                SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\DeferredBrowserMetrics\BrowserMetrics-67621E84-1F64.pma (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                Entropy (8bit):0.005655678470455652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A26782E6286229F35179E9113CA1E96B
                                                                                                                                                                                SHA1:21777022ACDBCE681AE67593735752EE9B190402
                                                                                                                                                                                SHA-256:511B8601565846AE7CC570CEE978C6308F74CA15C9269C1A1377D8526E97AECE
                                                                                                                                                                                SHA-512:6D1877B40A4A354E9A9F35A1454D2D0EE83E829AE0E7F2F1B9C348A165B791D752A65928E0400DAEFFD043F4A9FB90C77FF2DA3072149F882BC2394701C9A3AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\DeferredBrowserMetrics\BrowserMetrics-67621E8C-D80.pma (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                Entropy (8bit):0.005655678470455652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A26782E6286229F35179E9113CA1E96B
                                                                                                                                                                                SHA1:21777022ACDBCE681AE67593735752EE9B190402
                                                                                                                                                                                SHA-256:511B8601565846AE7CC570CEE978C6308F74CA15C9269C1A1377D8526E97AECE
                                                                                                                                                                                SHA-512:6D1877B40A4A354E9A9F35A1454D2D0EE83E829AE0E7F2F1B9C348A165B791D752A65928E0400DAEFFD043F4A9FB90C77FF2DA3072149F882BC2394701C9A3AD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                Entropy (8bit):0.22450513733977373
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E876BA32D7DB11777251C73584990E33
                                                                                                                                                                                SHA1:5A3384753DBA8406C0E35B0D318CC67A266F9CA1
                                                                                                                                                                                SHA-256:B61649358EEA44489753637E542A67640A86826227D4ABA08F181D17052C7E27
                                                                                                                                                                                SHA-512:10AB0C0AFE13E4A565AC79485F84A98AC902D94EE88B870D04EF7D22A6191BFDBC244179BB4F55D61989BE1C1CBE0C334CDB25E9FB00E354C339226B2D7F5B56
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$......................................................................?....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):0.4054770700145141
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C9848B6577AFADB80726BD7A9AE986D1
                                                                                                                                                                                SHA1:2F8667065C48E082A81013AA43B6B18A0A99D8FE
                                                                                                                                                                                SHA-256:33E508A5A1FC80BF77E733344BF2CA6E41B72BB704CB86E0901D914558DAAA8C
                                                                                                                                                                                SHA-512:B0C92D3AB142163EABFCF9C181F26E9C20EF9FCA1A3BD05A30E4ACF79C2B3A8F92B17393DFAB9E3976CDF83B197848910FB7C2488A1584A13450945FB5F144CB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4202496
                                                                                                                                                                                Entropy (8bit):0.49377724590808847
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B8C9CF7464D2CC564C22A447914B003B
                                                                                                                                                                                SHA1:D1473B2E8877997713029EABAD1C04BA21B347AA
                                                                                                                                                                                SHA-256:9066603D61BDF52B327A1505BDCAE65BDD1E5C9093BC15A2F042528630ABB0D7
                                                                                                                                                                                SHA-512:7BDB963C02CBF1C4FC4827BEA563D3619731EE7754E9C5B67CEF6C4FB89160AE5DDED80B0B5F6D8305ED2119BA8F9446FE3459537F465A38FC37AAC1A388A679
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...................................................................................ww..s...ww...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\f_000001

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16696
                                                                                                                                                                                Entropy (8bit):4.721605647940513
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:DEAEAD8ADADE63AD92867867BC60429F
                                                                                                                                                                                SHA1:CA38E5E508253BAA94DA794583443807ECDC83DF
                                                                                                                                                                                SHA-256:70D6338127921C195C2404135B2281C3FF06EEE12E4998389697F22363235215
                                                                                                                                                                                SHA-512:EBE6309E127B9F352487D6B9591CFBD9221F6D96DCEF362027F5EBAB2586220AD3A474C8C3769BBA96DF1C09F5C91ACC9AD53ED0A3556824AB022567D9653B96
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....BPLG........"A..805be9c448b8781f....g...d.......ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00003E98) Direct3D11 vs_5_0 ps_5_0, D3D11-27.20.100.9415)........................................................................................................................................................................,...............,.......................radii_selector........_uradii_selectorR.......................corner_and_radius_outsets........_ucorner_and_radius_outsetsR.......................aa_bloat_and_coverage........_uaa_bloat_and_coverageR.......................radii_x........_uradii_xR.......................radii_y........_uradii_yR.......................skew........_uskewR.......................translate_and_localrotate........_utranslate_and_localrotateP.......................color........_ucolorR..........................................................................................sk_RTAdjust........_usk_RTAdjust....................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\f_000002

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):17680
                                                                                                                                                                                Entropy (8bit):4.675949594233866
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5A959CAF5BEB1311303BB96CE94737B9
                                                                                                                                                                                SHA1:E76505E9156015A23E8861786E0B83BF8DB08EBB
                                                                                                                                                                                SHA-256:19EB39308259EF8BD50E211AC875215685712EA5930F6FCC8E646424EEA4B063
                                                                                                                                                                                SHA-512:379BCFD0A0C28FC89A757F839FD1D9C8926406784801725700AC929C6B9F43076791AB14C919FAFEFD814F6102E44FC6C2F9D664751DA7609E8C04CC62AD076B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....BPLG.........D..805be9c448b8781f....g...d.......ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00003E98) Direct3D11 vs_5_0 ps_5_0, D3D11-27.20.100.9415)........................................................................................................................................................................,...............,.......................inPosition........_uinPositionP.......................inCoverage........_uinCoverage...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\f_000003

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19116
                                                                                                                                                                                Entropy (8bit):4.7226693188819615
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E32D2E1E69DCE1B142057F74CBF778A0
                                                                                                                                                                                SHA1:62227B35B7019C4C35774AADFD9D0848D07A4D7B
                                                                                                                                                                                SHA-256:CAA846BDA6C35C62717BC19FAEE5DB25C04EE7B24DCAA7F71D192BE7EF40C28F
                                                                                                                                                                                SHA-512:B44B79CBFC21A35ACDDF86F8A2E65985252F836812A476E58C4A2B34C2803122BAAB828CE3A062784677F9092071431F63912931CE7BD94563D6AD27B89F7ECA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:....BPLG.........J..805be9c448b8781f....g...d.......ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00003E98) Direct3D11 vs_5_0 ps_5_0, D3D11-27.20.100.9415)........................................................................................................................................................................,...............,.......................inPosition........_uinPositionP.......................inColor........_uinColorR.......................inTextureCoords........_uinTextureCoords.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B696C82D2C01D224213D10876EB9D946
                                                                                                                                                                                SHA1:E9BB58056D5C7CD89DEC72D12AC217E8CA247D48
                                                                                                                                                                                SHA-256:A1C862970B84DC89691152706029D07DF525ED0AA5E7FDA9C1D3666D9C9F3DF1
                                                                                                                                                                                SHA-512:FC34943E0705BDDD2E589B243DEEE5C55EA36623AE33B839BD05EECD6D7B0BB1606FA07A23FB1A2387D09326726D3DC383AD5A2C930CA0A34E18057292FB9659
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................w.6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A2CAA0F1495BB7E60BF5F59F3E094D74
                                                                                                                                                                                SHA1:0A7C1AAEAD854DA06F7BE95309E23A01926134E0
                                                                                                                                                                                SHA-256:C0A10B8F36D45588F9CDDB2D2704EB7505E6FED3CF3E6A98B0223E9EADF4986E
                                                                                                                                                                                SHA-512:EFE12C048801338D646E382DAE28262A9A1CB5E677A4C03FD159B8A40B7B237CDF608738056999210CE56E780752C238F1A198F1CC7F0C213476E54F53847C44
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.........................................M.6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Last Browser

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):150
                                                                                                                                                                                Entropy (8bit):3.0972865117126833
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D69FCF0BD73E0484E01346D2477CCD25
                                                                                                                                                                                SHA1:299E5D398639F49D5FC60D65B72FB69786571506
                                                                                                                                                                                SHA-256:1FD9F12139BA7F09B3FF97C3AC193424E83481475B1506D20ACAA72819859FC7
                                                                                                                                                                                SHA-512:8ED8FA8D6F650A5A662FD4D7999F8B79C48C6000F5FE49A48CD8F9D247C273C802BEC39A95AAA3B5358B8BB163F06A9A9B799FD7579204823935F83FCCA8DB31
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.o.n.e.s.t.a.r.t...e.x.e.

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Last Version

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14
                                                                                                                                                                                Entropy (8bit):2.8423709931771093
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3BD216A3D78135778B6E0924CE66190B
                                                                                                                                                                                SHA1:A068BD525A1D519BCA419E3055085B6FD310EA8D
                                                                                                                                                                                SHA-256:0DC30E43EC84D74C152CD15C01AFF9D38B002DF72EE28079AC97841F9770A7F0
                                                                                                                                                                                SHA-512:7042EAC8347E7D8AE8261BD514B623A1EFEE332BAA95FAEEDD9430CF55B4A2F5DB3A2D8F1C48D71808E095210B1855CC13E176BD0D18EA5E5B301C9AB525502F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:130.0.6723.134

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RF8272c6.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RF8299a7.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RF82c55b.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RF830022.TMP (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_0

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_2

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_3

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\index

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3AB7933A26AC5A2DC99FDAFC82FD3117
                                                                                                                                                                                SHA1:823F97BB2C3816777A5FA353E11E2514A8991569
                                                                                                                                                                                SHA-256:DC71AB9A56586E0839B370AD046F92340CC2204A8BF3F126EAC35997BD62542A
                                                                                                                                                                                SHA-512:095311292D6A36A6ACEDC3C9F1D64D8E93DE34612A87E31182CB2D63CDA778A3289650A96C8A9F8699DC0E5303FA5D5EFA1941D7404BC75AF986A2EB77438902
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..........................................s6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Variations

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632 (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14507539
                                                                                                                                                                                Entropy (8bit):7.999857010958995
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3DB950B4014A955D2142621AAEECD826
                                                                                                                                                                                SHA1:C2B728B05BC34B43D82379AC4CE6BDAE77D27C51
                                                                                                                                                                                SHA-256:567F5DF81EA0C9BDCFB7221F0EA091893150F8C16E3012E4F0314BA3D43F1632
                                                                                                                                                                                SHA-512:03105DCF804E4713B6ED7C281AD0343AC6D6EB2AED57A897C6A09515A8C7F3E06B344563E224365DC9159CFD8ED3EF665D6AEC18CC07AAAD66EED0DC4957DDE3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........d.x.,.......o.6.......|..gn{F..d.."....L.....!_qC/..#......E.Z..tA....s..=...6*.%@..K(.v...D.v.z..ZO$...v.,....m.V?;'...e.ajM.@1.`..Fa.}......g.C.5...+.9...F|.b.nY.K....p..z...E.....|...Q..Gt.<....[.")nt+.....sw.i.`c.m}.....p.p..2:. .{..N.......0..0...*.H............0............<.bi.......'o..h...ZD..".^.`...........zG(.....d..,.t<...ZD..g.*_wI.5.-..g.).._......:.P.......B..4S....$..d...............E^.A...L.>F...E.A./VpY<.O3.....!.+Pv....6.a.r..?n.L .....s...V.^..x\.T.J...5...%aGe.0"}.QGc......T.Ljh.2..k.t.ym.....H..?.y....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!.......t.>g'=>.o.k....{..

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\da9e8e9a-3eff-4feb-994d-df047a599b8c.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3643
                                                                                                                                                                                Entropy (8bit):5.373301422742559
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C2E961DB96746396F653C67981D2D4AF
                                                                                                                                                                                SHA1:0B9AE2DC31790CEF28A758D0BEFD421F10F8EFB0
                                                                                                                                                                                SHA-256:749B703B8DB3178B2415996D193AD2CFF5BF7D72BAF55CD8864FC674A8C2AC1B
                                                                                                                                                                                SHA-512:E5D02A73671D2DC371343051282373FB79CF641A9E3333C7714C25C2ACDB50AF1AD9BA446CF9E9EBCC50F7F7E69DA6AC3033317DFCC3E2F89BD592B8DEF27691
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"accessibility":{"captions":{"soda_registered_language_packs":["en-US"]}},"autofill":{"ablation_seed":"RW6H+ZHaGY4="},"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13378957184660008"},"browser":{"first_run_finished":true},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/K

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\e9a8c593-37ea-4242-81ef-b6303346a228.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):909
                                                                                                                                                                                Entropy (8bit):5.6722526084328
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5B3A7D956C8AD1C08D142D72CBBBA9E9
                                                                                                                                                                                SHA1:E4EA4E4754F21DA147DEBC343D3CA17A09D16A86
                                                                                                                                                                                SHA-256:FB47B70CBE121ECF0F5FBCE8843B54B6286D626A1AFD21247ADF4A1AD3F4F136
                                                                                                                                                                                SHA-512:2CD20E940BA54F709E25FB6C349AE3522F13E98E7DB781C14C9982D5B5951A23B5B57DB2749CCAA2667ED71E3B99074C268941A6170DC67F3418AB93A839D56F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADd2f/C4BZaRI/ZD4dgnQmZEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAAB7XWLhDb4IBzylb8MBBFRK5v4N3MfDM6HkwGz/KXAJIQAAAAAOgAAAAAIAACAAAAB+E7RpTyPJpr8Ds0FuvM62x7V/IYFfXKLba0NDTmko8jAAAADnHaS1bjCb1raVPwM5zAg+ArR/LMmC89krj6e3Gk8FFxlIG3A9vix45x4HkFHf9GtAAAAAPZjwkB0URKKx86YBPBlcQE65XAE3WDVu/JCcqMLOYksmEtWpZ+eV8FYu59dyZQHLyA+uLobBXRrExasPZc6+yA=="},"signin":{"active_accounts_last_emitted":"13378957184407693"},"uninstall_metrics":{"installation_date2":"1734483584"},"user_experience_metrics":{"limited_entropy_randomization_source":"554D92407D4B1115A4A6BF7CE9BAA2ED","low_entropy_source3":2148,"pseudo_low_entropy_source":7788,"stability":{"browser_last_live_timestamp":"13378957184341127"}},"variations_limited_entropy_synthetic_trial_seed_v2":"18"}

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\first_party_sets.db

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 1, database pages 12, cookie 0xa, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                Entropy (8bit):0.5159703998775244
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FE595C089E6CB7E8BB98F688A148134B
                                                                                                                                                                                SHA1:D3523CBA854FBBBAEFD08EE994FE28D056C63581
                                                                                                                                                                                SHA-256:5BD2196CEB05ACBAAE8CDFAAE7A5DF8D6B6E5A6240E7C273B7E9D14CAF956189
                                                                                                                                                                                SHA-512:D6895129BA6751060DED1A0754F04F689437199DF1FCA0CD8934629A3B038A89E793651808F19FA0C8E4506CA2CBCA128BC3483E9C5F9C34FF460E6E38435678
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......\..g.................C.\......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\segmentation_platform\ukm_db

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 11, database pages 12, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                Entropy (8bit):0.3732303653896058
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:90CE34BFBCBA8198FD96492096CEC8D9
                                                                                                                                                                                SHA1:2AC772AA7E3082562E749180D6C678F757436ABF
                                                                                                                                                                                SHA-256:1B217EED4FBC27609569AF39AC74616138E27F600FB25A25A716D2B81A09B728
                                                                                                                                                                                SHA-512:77A5D2CB46E23926291C19D818C1C33AE7CF2968D28AE94B9F762086678D1F871939FFA7726BA6CD3476B8A9F1B08DC84CE34CB6E442B6EB453864C5681A1605
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................zp......<..........x.....j.....<......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\segmentation_platform\ukm_db-journal

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):21032
                                                                                                                                                                                Entropy (8bit):0.027220743097499663
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:21D77DA3EAEC8CA13432FF3573412D0F
                                                                                                                                                                                SHA1:37FC74843E673B7AC7C1AA99F1486CD4F9B9EB61
                                                                                                                                                                                SHA-256:D918C3433747161247E062599FB7264723ED1C513ADD8A6D1AA5FFBEAB879BE3
                                                                                                                                                                                SHA-512:2DFC5CE078D7D410574DBE9E6C14539153CCC43809C828773EE050D55AFB5FC3E1342283678A2C0CC69DB0E830833F3BFA57907381FC4E09B6DC0D84AC332C84
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\5afff9af-3e3f-4634-afc2-209a0146fe5a.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16877
                                                                                                                                                                                Entropy (8bit):7.962057808506895
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A3CAD70BF82D62E5C29FE9B7D6A8A22E
                                                                                                                                                                                SHA1:B44E4F68AC465D407C102A757CA66EB9381F6F13
                                                                                                                                                                                SHA-256:02961E377CE12BAB3E4A2630DE3F183307E5611101CFA39D74517EFBB3CE41AA
                                                                                                                                                                                SHA-512:D532F11A190015881755C299D050ECA4F1FC655E266850AC5B72C129BEAD6B2659766968829C1AADFB06A8915D6F9E3E2EABEB09A500B9495DA87E9C4C62AC5C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24....E.........0.."0...*.H.............0.........G3fQ.......r.s.-+Dz...4..1)..F.TI..fF2.@H...fn.q.c./.l}..U.&.bFl.#.p..(g............."....L.RM. t..O.....E......OQ..r....w.s...<..`j.......Q..;.}...z..3[.x...^./R.....y.y....z.....g..v.$.&.g.\....5.M..Z.u...}...9F..K.v....dW....a.h..7D._q.............q._..@...K.teX.k ...'.H+d.j.~H...E...=.... ....{....{.^.0.xF......:.a.#vo..*..".....^Q~.....a..8@VU>..,uB'.L......:|....O.T....J.'.:.3h..!..#...J....9!..6..d-.8.n.p..k..I.......}z......X+....2...}G.~R=6..=.,{.t...dF...&.ilQ.H....pZ.h........*.............^...\L.-.rPK..-.....#&.Y..04...........conversion-overlay.js.....................T.n.@.}G.?L.....I..*"..Z)O..[.;.....;8v".{....v%..9saf.Iw"....{x.(...j................5Yv.%..O..19+2.[...7h...!.y...1....K..}."2.XX...1..M..6...3..8.. .IyS..Y....-...ao2.gJB.>9&...8.i...T.l.~..(GY.1S.r.Q\c....%.l.8.......$..Q2..W..#.I.m....f...AA...W.<_.Q..Z/.b..H...~.q\Fh.2O.U._.......X.;.I.eed%..B.....-.....j..b.H...

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI8156.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI8280.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9DF2.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9E7F.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9EEE.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9F3D.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9F8C.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI9FCB.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1201504
                                                                                                                                                                                Entropy (8bit):6.4557937684843365
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                                                                                                                                                SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                                                                                                                                                SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                                                                                                                                                SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSIA02A.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSIA079.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSIA0C8.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\aeef398d-b573-4422-9a37-eb30fb061b5e.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\aef90a3b-8611-4b78-8930-edcca04f9b0c.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):678228
                                                                                                                                                                                Entropy (8bit):7.9404125457686545
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:117B1EF8D0230DFA0D95EE0295B90281
                                                                                                                                                                                SHA1:09B59954983366E7157FB16DF002284847234230
                                                                                                                                                                                SHA-256:00CD5E991DDE2BDD67AD8C3F03C9FCCC167D53148CEB92F23C2EA2D3413B8913
                                                                                                                                                                                SHA-512:1C167353BF1438AA42D388CF20E4865CE9F250524B3CAEC7C4445CB34DDB4B0BE48D1C533EAD0CFC59867B4509033ECDFE1FD1016910BACF7E62F32A46C88A4C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24....E.........0.."0...*.H.............0............>...{]...dq....C....u...b......8....CZ7.. p..ys i.V.0.:7Z.vV|...~.`..]...~.w.4.....K..B..$..u.@.Y.....g..N.....&.....,.....g.F.-f.I...)MW..Xj..=.yy....J...~..8}^.8.B.......kh.N._w>+.aE.q.S. .U.E'J.*....y`H.e.%...a.ta.L:.)...Md,ma....a.A............ ;2q...be.2........!.8.(....=5..l.M.p..;<6...........ma9ko.5..H...O.mq.p4.2c....}....../..m....v.$d.8...J...r.B\..A|.S..,k5!)p..2.>.B:....&N.5.8[..x.*N..W..|.W7.H.m.q.{0.h..N.d..3glR..SV..x.\.rcY=]..6.y...]L..&..?....x...._..\_ZH...............J...........lx.um........<.PK..-......A.Y...sg...........manifest.json....................mR.j.0.=....>..,l.2v...2.a...j.%...t......l..'..'._.....}...=.\........o...S.l....t...Y......#.6....,2..G. ).V.L..+..*.'...Y.Z....v..f..]*P.. .9.h.g....!..._.&....9..C/...{..h.v....s`i.3...v.]....*..;..?.}.\"]...#P.......(.9.3../.I...g!..W@)=B...R.yF1g.].......+i..Hts.frs.x(..v"p....._.A?.m..d...!..Lj....i.........m.t..N

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\dcc6b5a9-cf34-49cb-a4a1-db8a2d78bdad.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\5afff9af-3e3f-4634-afc2-209a0146fe5a.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16877
                                                                                                                                                                                Entropy (8bit):7.962057808506895
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A3CAD70BF82D62E5C29FE9B7D6A8A22E
                                                                                                                                                                                SHA1:B44E4F68AC465D407C102A757CA66EB9381F6F13
                                                                                                                                                                                SHA-256:02961E377CE12BAB3E4A2630DE3F183307E5611101CFA39D74517EFBB3CE41AA
                                                                                                                                                                                SHA-512:D532F11A190015881755C299D050ECA4F1FC655E266850AC5B72C129BEAD6B2659766968829C1AADFB06A8915D6F9E3E2EABEB09A500B9495DA87E9C4C62AC5C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24....E.........0.."0...*.H.............0.........G3fQ.......r.s.-+Dz...4..1)..F.TI..fF2.@H...fn.q.c./.l}..U.&.bFl.#.p..(g............."....L.RM. t..O.....E......OQ..r....w.s...<..`j.......Q..;.}...z..3[.x...^./R.....y.y....z.....g..v.$.&.g.\....5.M..Z.u...}...9F..K.v....dW....a.h..7D._q.............q._..@...K.teX.k ...'.H+d.j.~H...E...=.... ....{....{.^.0.xF......:.a.#vo..*..".....^Q~.....a..8@VU>..,uB'.L......:|....O.T....J.'.:.3h..!..#...J....9!..6..d-.8.n.p..k..I.......}z......X+....2...}G.~R=6..=.,{.t...dF...&.ilQ.H....pZ.h........*.............^...\L.-.rPK..-.....#&.Y..04...........conversion-overlay.js.....................T.n.@.}G.?L.....I..*"..Z)O..[.;.....;8v".{....v%..9saf.Iw"....{x.(...j................5Yv.%..O..19+2.[...7h...!.y...1....K..}."2.XX...1..M..6...3..8.. .IyS..Y....-...ao2.gJB.>9&...8.i...T.l.~..(GY.1S.r.Q\c....%.l.8.......$..Q2..W..#.I.m....f...AA...W.<_.Q..Z/.b..H...~.q\Fh.2O.U._.......X.;.I.eed%..B.....-.....j..b.H...

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\conversion-overlay.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1302
                                                                                                                                                                                Entropy (8bit):4.838614609437837
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3A20B9F4EF495A63BEE5D888E8B4B3DC
                                                                                                                                                                                SHA1:7A9ED620408D90BF48ADAC0B27B60380FB29F6FA
                                                                                                                                                                                SHA-256:3068255B082566CE594DB7981B98C6CA841B79E11E803A4A117BBD2D664A3079
                                                                                                                                                                                SHA-512:C0B28FF9ECAD616A87C2B7B66E318B18B4FE1185B7184B3127731EB76600F873815BF3D3F129A3BD4B887B77C5404551FE62D3C14879CF79548CA9244C8FF8AE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap.var __webpack_exports__ = {};.function createOverlay() {. var tos = "https://onestart.ai/terms-of-use/";. const overlay = document.createElement('div');. overlay.id = 'ostos';. overlay.style.position = 'fixed';. overlay.style.bottom = '0';. overlay.style.left = '0';. overlay.style.width = '100px';. overlay.style.height = '20px';. overlay.style.backgroundColor = '#030347ba';. overlay.style.fontSize = '12px';. overlay.style.color = 'white';. overlay.style.display = 'flex';. overlay.style.alignItems = 'center';. overlay.style.cursor = 'pointer';. overlay.style.borderRadius = '0px 5px 5px 0px';. overlay.style.justifyContent = 'center';. overlay.style.zIndex = '2147483647';. overlay.style.fontFamily = 'sans-serif';. overlay.innerText = 'sponsored';. overlay.onclick = (event)=>{. var link = document.createElement('a');. link.id = 'sponsored';. link.href = tos;. link.r

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\conversion-tracking.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):819
                                                                                                                                                                                Entropy (8bit):4.8709173699654915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0B5436AA7F196CE8725AD7CAEC9FE0D7
                                                                                                                                                                                SHA1:6E87AF5F44BBF815A4B9AF84CF7EE3D4E11DA8D9
                                                                                                                                                                                SHA-256:87278D3FBCBBC86CA143F9AD686975AB5BAC5576C447C34A071DAD69B28DB3F4
                                                                                                                                                                                SHA-512:A4BFA9555799FBA63CFB8C7E1AF22B486D35096A79FFFA705AABF580B2F5C8804FB189C6FF3F3D6B8E63DA2A3ECA77027D492012492D835771D51894B695873A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..;// CONCATENATED MODULE: ./src/common/static.ts.const USER_ID_KEY = 'userId';.const INSTALL_ID_KEY = 'installId';.const OD_CLICK_KEY = 'odb_clk_key';.const OD_OVLAY_KEY = 'odb_ovly_key';.const BK_RED_KEY = 'bk_red_key';..;// CONCATENATED MODULE: ./src/content/conversion-tracking.ts..chrome.storage.local.get(USER_ID_KEY, (result)=>{. const uid = result?.[USER_ID_KEY];. if (uid) {. window.addEventListener('message', ({ data, source })=>{. if (data?.type === 'get-ext-uid') {. source?.postMessage({. type: 'ext-uid',. data: {. uid. }. });. }. });. }.});../******/ })().;

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\manifest.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1183
                                                                                                                                                                                Entropy (8bit):5.573055551204324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2DBC62D7C4E5530D8C8D3A2E239F2620
                                                                                                                                                                                SHA1:FF0566ECF042253BC7B7376B403555469F0ECE38
                                                                                                                                                                                SHA-256:BECF204A8F5FD150C46FEB26EC86B8BD0C3645C2B7E50E67ED04BB9B8C9824AF
                                                                                                                                                                                SHA-512:D468AFA0D680973251613328B4F136C130BC0C10DE84A4313890A5E87F2BD1E9EABEEE276BFF7FEB67345571A591E6B4E9068AC8A158B754C2A51A7E7A2F982C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "background": {.. "service_worker": "serviceWorker.js".. },.. "content_scripts": [ {.. "all_frames": true,.. "js": [ "conversion-tracking.js" ],.. "matches": [ "https://*/*", "http://*/*" ],.. "run_at": "document_start".. }, {.. "all_frames": false,.. "js": [ "page.js" ],.. "matches": [ "https://*/*", "http://*/*" ],.. "run_at": "document_start".. } ],.. "description": "Onestart",.. "host_permissions": [ "https://*/*", "http://*/*" ],.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0czZlHy1hYBpIeZct5zEC0rRHrl0I73NJCLMSkexkYVVEntsd9mRjIEQEi+v5BmbteHcfFj1C/fbH0I5FXFJqliRmyiI9GFcJ3cKGfXxAiqypgUFZvF1e0cwyKQ+BrBTJRSTb4gdBrGT8wXwrvo7IRF5hX3EQblT1GaiHLW/8WkEHfFlHOZnIM8thVgah5/3RgYGoJRDeaoO9p97/v9eu3+M1sJeJy+wV7AL1KN+xz5HnmmefCorqyU9nrvCg7hCWewjHbmJIgmzpFn5FwCvLf2Nb1NmcNa6XXQ9OZ9EuPvOUbv5EuMdoUI+q1kVwnSAOVh/WgWBzdEAV9x9ZGsrQIDAQAB",.. "manifest_version": 3,.. "name": "Onestart",.. "permissions": [ "storage", "alarms"

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\page.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:C++ source, ASCII text, with very long lines (433), with CRLF, LF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):24826
                                                                                                                                                                                Entropy (8bit):5.044116670535731
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9A77A8A3628F086149E2F24D52EB0D41
                                                                                                                                                                                SHA1:251190CD43F319FD36B0D2BD596932C4B2D3348E
                                                                                                                                                                                SHA-256:9B7D27DE249A0FDEF187505E65B0EDA2755BD6D112C65D937747BCC38ED197E5
                                                                                                                                                                                SHA-512:F50968D9BA94D146BE4BB59F1ECA69E7882BE0B1007E1A47E6B7CFEDBEB515647CA89E3141B9FDDF49F311FDD8A526373D14BD81724222D6C9E810862BFCEC44
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..;// CONCATENATED MODULE: ./src/common/utils.ts.const isValidUrl = (url)=>{. try {. return !!new URL(url);. } catch {. return false;. }.};.const inQueue = (fn)=>{. const promises = [];. return (...args)=>{. const promise = Promise.all(promises).then(()=>fn(...args));. promises.push(promise);. return promise;. };.};.function wrapInPromise(wrapper) {. return new Promise((resolve, reject)=>wrapper((result)=>{. if (chrome.runtime.lastError) {. reject(new Error(chrome.runtime.lastError.message));. } else {. resolve(result);. }. }));.}.const debounce = (callback, wait)=>{. let timer;. return (...args)=>{. clearTimeout(timer);. timer = setTimeout(()=>{. callback(...args);. }, wait);. };.};..;// CONCATENATED MODULE: ./src/common/messages.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1389053549\CRX_INSTALL\serviceWorker.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:C++ source, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):34699
                                                                                                                                                                                Entropy (8bit):4.886939880097466
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FF814FA33CBC3D9367E4CE9D0CB9A6BC
                                                                                                                                                                                SHA1:8B72EABF8CB9C51B08D23405999FD869C2658946
                                                                                                                                                                                SHA-256:32048DD2666412A087C9C4DDF11DBE2CC6BEC6AC302717DF9165ED90AF30A6A0
                                                                                                                                                                                SHA-512:4BD33695E3F6F4CD21153C65AFB5F609724BFAF2BF68443BF82000829342A2003811E182E080A01EBA368116F5735A75CB7A1258D7B2B2408D1F22F5EA1DD9C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";./******/ .var __webpack_modules__ = ({../***/ 700:./***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {...// EXPORTS.__webpack_require__.d(__webpack_exports__, {. A: () => (/* binding */ Ads).});..// EXTERNAL MODULE: ./src/background/user.ts.var user = __webpack_require__(223);.// EXTERNAL MODULE: ./src/common/tabs.ts.var tabs = __webpack_require__(655);.// EXTERNAL MODULE: ./src/common/messages.ts.var messages = __webpack_require__(95);.;// CONCATENATED MODULE: ./src/background/spotlight.ts..const showSpotlight = async (adData, tabId)=>{. const tab = await (0,tabs/* getTab */.i)(tabId);. const tabWidth = tab.width ?? 0;. const tabHeight = tab.height ?? 0;. // Spotlight unit can fit into the screen. if (tabWidth <= adData.width || tabHeight <= adData.height) {. return;. }. // Tab is in focus. if (!tab.active) {. return;. }. await chrome.tabs.sendMessage(

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1_lb_1.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14915
                                                                                                                                                                                Entropy (8bit):7.905353274802453
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2596A25889470A45C108D6FD37B4F137
                                                                                                                                                                                SHA1:1B1195A1ADC83BA51EF8F2886445941153BBAC6D
                                                                                                                                                                                SHA-256:C7B0F9EB37EAF86C289033245805DD4A3A97AB9658CCBA278B1BD0393C4B99BD
                                                                                                                                                                                SHA-512:3CD8DA2ED618FC2EEF4051CE861A24CFEF00C3A91775FF520FD93FEBBFEE26491F8E90466AD95DDC3A2D758B059D9506EADE5C91CA8DC3492516106B214E9AC6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....d.d......Ducky.......<.....&Adobe.d................b..._..)...:A............................................................................................................................................Z............................................................................................ ..0@P!1"245p`.6B#3&F......................!..1"2.AQaq.....#3. 0@B......Rr.s`..b...P.Cc......................! `.1Qa"....................!1AQa.q.. 0.....@P.`p................@...................................................../........9.y$...t9u.d.......................G<..R.Z..g<uE.<.U..V.I...^X.............e.fL<....<...|.............P..@.T[T[J.k.E=\f=oG..ot....U.D{...alE'.. .J&..yy.`_.GHS..LQ....Y.E.vE ....~t.....8P...................!Mw'......l.~O...6.o......i^t.&X...g.O2%.yHp.Hs.lq.Zs'DP...t_.1.A.....I.......8P...K..kP.lw...2.H....[c.N......G.r."...kf.y.&.k..!Z%D..@.....T.K..............{.(W..;/...*..cmm...b.|:O7....{.....6..Zf..).......P..@..w'...]....

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1_lb_16.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.13], baseline, precision 8, 1940x500, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):152242
                                                                                                                                                                                Entropy (8bit):7.685194020466907
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A9F1D8CDD1BCF409CC4DCEDCE7381F3D
                                                                                                                                                                                SHA1:6B2D4A8A1957A2922324A39E7A1413E54D52780C
                                                                                                                                                                                SHA-256:E4B98338E8DF4501E3CE72BCACE80CEAA92EB07FE6D341D226CC8B84AA36AB8D
                                                                                                                                                                                SHA-512:1F91EB6D194D13329D1E7FE1FBF87DB2EC2307A3E4559EBD8919D99A40BB18008323C1725B287077307CA6B1E62B4036F0BBF60A9DBA671CA687BC62C1F98F62
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....`.`.....hExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 5.0.13.....C....................................................................C.........................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..9.....6...........`.V..#..f..q_*..4....|3....@..2. .....z./.^......^.p..p.l....M..7..E......].......wG-..}.9....X....R.ns....../....(.Q.d..e...?$........#...i_...L......4............/.L...?......eyq..lq]..7....k...x.*......#:.=.mZR..F.5....S....Z......8

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1_lb_2.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 980x120, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):23794
                                                                                                                                                                                Entropy (8bit):7.96440831363997
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D59FCDCD3022C0304B35CD2A10A13C32
                                                                                                                                                                                SHA1:EC5352DA59DCFF776CFB300175EDB44CF6C94767
                                                                                                                                                                                SHA-256:77557F6040906D410036FF39B14FD476F53C5C7B24D91A4548384DB4300EED3B
                                                                                                                                                                                SHA-512:A9BA1DF594BF952CD6FD18652D3535293A4DD15A4B26C154402C3A21C5988D8554FED7E45229BF55DF064180DB82D96558B7F1A2B20B216D7032B1F930D661D7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF..............Compressed by jpeg-recompress......................................................"..."*%%*424DD\.................................................."..."*%%*424DD\......x...."...................................................................+L.^.nU....d9.%.SI}.K~......C+...Jz]....0...q..)..LJ...h..N.|q.j...#..C>.G.J.}....,......K.....{.=..*{.=..."1.."-.U.TK.yV...._g...'/............9............`......8.......|...^.{..a..p..8..........5$.K..]g..\....o..@>...b..x.q....E..............f.=a...l.i..n.?.~W^l..Q.{....ds.A/......Q.....q.|..Z......o....}...zu...~..,.duJGC....`..sOr.9.S.[.3Xm....OguO.zu.`q:..-:.o.~.1..u>..a....s.r...&..m../8.&w..k...L...}..JbK...l.*...............[.G....7.....!?]?.o.....}..............z.....m'.w.A.....i..e..W9.*...F..=#. j.;..KG.Yy.y.}e.~.....7..:.$&..L....t{.....k#..[g.]......:-....j..T.zz..r[+..........U.uR......d..m.+...d.YL..F..OCA..P%..Fo(......Z.....I.Og.5...._a........3.,..N..}..GdQ.#... 2......

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1_lb_3.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):18437
                                                                                                                                                                                Entropy (8bit):7.96459795791236
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9E483B1CFF41498A4734B98346342137
                                                                                                                                                                                SHA1:8B4A1F9BB00AC1AD9613DB364CAEFAB445C3954B
                                                                                                                                                                                SHA-256:B3009C71B5948B2F504114E43DE86C3ECF14D943B9579CC9614809F0814446A5
                                                                                                                                                                                SHA-512:62E3F49980A718009207D841A12C38ACA2C91EDAE6DE051080F3762C5DEE191840EF30E52F27DD2810661AF561EA1041058F2AC03027D5AF37BAE1854FB0245F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF..............Compressed by jpeg-recompress......................................................"..."*%%*424DD\.................................................."..."*%%*424DD\......Z...."..............................................................g).......&n.......+.l....O.[J%....*?..i.....(..............k.....k[~..K..j.............{V..q1.....Bn.d.....8..............i7.g..!....p.....4]..N..1...m.c..>{..5...g..F.........]Ov.)}........e5.2.uR.v._.+_,..ki...-....>...j.5j.u.H.=..?........-..`{...7..G27.............,..oeh.~....?A.>.j?ai:...~.j-..;-..%3...c...bhN...X..yan59......a....nk.9.........z~$P..../.x.k...........5Yn..v.g5]...vs...j.V,:..6.\v&..\....Yff.0=...&;.)..G....u.V9......_.F9..d}..>....J..........P..n.........t>..$Y?...89.r8r........@8....9.H@.}..$_q........FG'..C}Y.\.+..4.yf09~'.6....y.y$...u..1a.3......eb..o.9...~..{.*.K....._..O+.GF...h..%..>.....G.>........f#..wNr7..y$Q..F>O....<.."U..w.d.._..$..dp.,?9x.....|>i.g7...b.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1_lb_4.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):66595
                                                                                                                                                                                Entropy (8bit):7.853094212908445
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2EB2A49789692BD5CFCF81F92E7DBD5F
                                                                                                                                                                                SHA1:B1359E6CDF8C7C518F52D5C77F33C9F8639BC044
                                                                                                                                                                                SHA-256:7076BEBB3284F12F4F8AB81B9B34283DD7FC1D4A6A70C28D65C8D057892B0057
                                                                                                                                                                                SHA-512:09F7456A197057E89098FA79897B37B17F14A9815859D73FD1BD0FD289241475C1A8F976DF69AF663FFE5B9D6CE7B783C72DCF04D42F435C6224B2BEA1A53C37
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.....H.H.....C....................................................................C.......................................................................Z.................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...|W.;..t:.....O{..%.pK0.X.n..n.mPF..@H...!..{....eZT(J.'.R..YN1.....*>k.VVJ..~Fu.ar,-<^..".:....4i.js.V.mU.F<..d.Rn.>.M.w...t{=n.;..o~..Gv.Gp.f.....i....d.+.....Q.3.S.....(J..NgM....Eg(._..w......ey....C0.F.(.=.$k.....j.%..s..y...+...7..s../.?.R.Q...._......>..o7..E...j....gk....eX...{....|..S...?//%:...w..V.....".d.U..,U_...g.hQ./..<...._.G......e|o..T....

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\c1s-blue.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14428
                                                                                                                                                                                Entropy (8bit):3.9206955363820994
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:03D820AB5315D5C7DE366E9F48DC3CE8
                                                                                                                                                                                SHA1:1EF4875E0F2E2BB6134844C3A37002A0A2699D24
                                                                                                                                                                                SHA-256:C78AE917C43C79556C528E4739A3911BC9BD94BC52D8159E3517E2933F54F2E4
                                                                                                                                                                                SHA-512:9FE470D780082E7D72059E44E31EC513A644434513A98037C95E387422691A5A2604846764978C5189222195343D7EDAF136A969448C5DDD4CE058FB473F9E23
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg viewBox="0 0 320 64" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M190 47.9399C190.874 48.5709 191.883 49.066 193.029 49.4155C194.174 49.7649 195.33 49.9397 196.485 49.9397C198.203 49.9397 199.591 49.5125 200.64 48.6583C201.688 47.804 202.212 46.6876 202.212 45.2896C202.212 44.4159 201.979 43.6878 201.514 43.0957C201.048 42.5035 200.29 41.9792 199.242 41.523L196.922 40.5425C195.417 39.9115 194.339 39.1834 193.679 38.3679C193.029 37.5525 192.699 36.5331 192.699 35.31C192.699 33.9606 193.068 32.7665 193.796 31.7472C194.524 30.7181 195.524 29.9318 196.786 29.3785C198.048 28.8251 199.485 28.5436 201.077 28.5436C202.164 28.5436 203.29 28.6795 204.436 28.9513C205.581 29.2231 206.542 29.5823 207.329 30.0192L206.872 32.3782C205.125 31.4851 203.28 31.0385 201.339 31.0385C199.698 31.0385 198.397 31.3977 197.417 32.1161C196.436 32.8344 195.941 33.7955 195.941 34.9993C195.941 35.6983 196.145 36.2904 196.543 36.7661C196.941 37.2418 197.592 37.6787 198.494 38.0767L200.882 39.1251C2

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\close.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):211
                                                                                                                                                                                Entropy (8bit):4.976401556684502
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:75E2E1EA6CABCAE4F318453E2E58213A
                                                                                                                                                                                SHA1:ABB9E7FEE28C39ED9320C8C19306470BC3EA4B62
                                                                                                                                                                                SHA-256:4BEBED1986FC4908A180A8B62C84FF1CCBAA1CDBAE05F220B3FD123D8A0928A8
                                                                                                                                                                                SHA-512:044258568D69CDEE73CCF05614F2CB58A0C9CC438E3DEBB524453EED02EEAEAF66AA04CB95928D691B869CBFCB81D8947E87D42D16377CC4781A805F86167732
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">.. <path fill="#777777" d="M13.46,12L19,17.54V19H17.54L12,13.46L6.46,19H5V17.54L10.54,12L5,6.46V5H6.46L12,10.54L17.54,5H19V6.46L13.46,12Z" />..</svg>

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert-logo.png

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:PNG image data, 300 x 154, 8-bit colormap, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):10661
                                                                                                                                                                                Entropy (8bit):7.9158568170739905
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0DABAEA157F53D2FA2BB5DD1616C3AC7
                                                                                                                                                                                SHA1:665E084DD4DC833A0D7B0909E25ACF9C24F05C32
                                                                                                                                                                                SHA-256:08F02EB7B5386E5952F0A020E07F0F85AF1ED8B4E4DB5A2033EAB2D97CDCAEE4
                                                                                                                                                                                SHA-512:C79B56C170435FBAE0ED1ED4AFA0FD1F74EEF90567E897649A7B8E2B4777AC27582F3D42656786A4BF08FE7B76E955B81152C1F4D9BFB65234BF6573DD082CFA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...,.........$G......PLTEGpL.LL.KE.LE.LF.KE.LF.LE.LF.KE.KE.KE.KE.KE.KF.KE.LG.LD.JF.LE.LF.LE.KE.KE.OI.PJ.QK.RL.QJ.RK.PI.MG.LF.KE.LF.LE.KE.LF.LF.LF.LF.LF.OH.MG.LF.LF.NE.O?.LE.NH.NG.MG.IC.JC.MG.MG.LE.11.LF.KE.LF.KE.LF.KE.LF.LF.LF.JE.KD.KE.LE.KF.KE.KE.LF.JB.M?.LF.KF.KF.KE.MF.KF.A>.KF.KE.LF.JE.LF.MG.MG.KE.KD.ME.MG.KE.LE.KE.LF.IC.LF.MG.MG.LF.LG.LF.IF.MG.LF.KE.NG.KE.TM.MQ.LF.LF.MF.LF.LE.MG.KE.LE.QI.NH.KE.KF.cZ.LF.KE.LE.LF.HG.KF.KD.KE.MG.MG.LF.KE.LE.SL.VP.KF.KE.LF.KE.TN.KE.MG.LF.GE.LF.KE.KF.LF.GE.KF.LF.LE.LF.MG.KF.LD.LF.LF.MG.KE.KE.KF.KE.LF.KE.KE.LF.KE.LF.LE.A=.LE.MG.MG.LF.KE.LF.IH.SM.LE.LE.KE.MD.LF.MG.KF.LF.KG.NG.LF.KE.LF.MG.ZI.KF.JC.LE.LF.KE.LG.KE.LF.LE.KE.KF.LE.IE.LE.LE.KE.KF.LE.ME.LE.JE.LE.KE.KF.MG.KE.KE.LE.LF.MF.KE.LF.LF.KE.KF.OI.KE.MF.LD.KE.KE.MG.LE.KF.NH.KE.JD.MF.LD.LF.JD.OJ.PJ.MG..#$....tRNS...6Up.......gF%."V.............y.E........s.......,..i.O....|aQ@?=I]......X)..0..3l.k(A.5m.v$...N...c^........K..S...<...{..2!M....&...#.[.....e.'.........ox..n.............

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert-logo.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4040
                                                                                                                                                                                Entropy (8bit):3.98793847099381
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:AE95C4E9C175A7A3EAAF987161038E45
                                                                                                                                                                                SHA1:7B5217C3B416EA4000D29385C86A34BC2833591C
                                                                                                                                                                                SHA-256:5C3437C9C96A8DBBBA6CE889C97D592E493596FFC0C7EC1D0631268E91ECCC04
                                                                                                                                                                                SHA-512:6BE7593FFAF838A1985B9063E84A274058D430D377BEF2A7DF32F4614D68CCC7403E41973FF2E0C62B43C7CE004DFC730CAC4C39119697ADEF87D2295125F82B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<?xml version="1.0" standalone="no"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN". "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">.<svg version="1.0" xmlns="http://www.w3.org/2000/svg". width="300.000000pt" height="154.000000pt" viewBox="0 0 300.000000 154.000000". preserveAspectRatio="xMidYMid meet">..<g transform="translate(0.000000,154.000000) scale(0.100000,-0.100000)".fill="#000000" stroke="none">.<path d="M660 1515 c-127 -35 -281 -127 -380 -226 -115 -115 -204 -272 -246.-436 -100 -384 71 -704 409 -768 175 -33 315 -5 573 116 59 27 105 52 102 54.-2 3 -72 -17 -154 -44 -199 -66 -339 -89 -445 -73 -103 15 -181 53 -250 121.-208 208 -209 596 -3 907 138 209 314 324 493 324 108 -1 191 -55 221 -146 31.-94 -18 -246 -104 -320 -51 -44 -132 -84 -168 -84 -46 0 -78 40 -78 95 0 81.38 128 136 170 l59 26 -57 -4 c-108 -7 -206 -95 -215 -194 -5 -42 -1 -53 22.-81 53 -63 140 -62 280 3 110 51 326 117 456 139 38 7 67 30 51 40 -11 7 -174.-27 -281 -57 -45 -14 -84 -21 -86 -16 -3 4 4 23 15 4

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert_lb_1.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):46236
                                                                                                                                                                                Entropy (8bit):7.9682943571719385
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9A3EBBFB61AC8B4A3FE8064015F2291D
                                                                                                                                                                                SHA1:B9D11E982F9250D8317C614230EB53EF555453E3
                                                                                                                                                                                SHA-256:7FCE1D28C2248AF6A26D01498532D54930530E83F35710DD1F1313601293799A
                                                                                                                                                                                SHA-512:B65ABB4C1C2CE0B9FF3B517871D3E73FA74143D7E53BB0B854C6E5BF27A687BF5808C1A4B4B7E54822FE776D4AFEC8B27A33FCC45536579349CB01E27836352D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................Z...."..........................................l.........................!1AQa..q.....".......$%2BRb....5U.#&'467DEWe...(GV...Tfguw....3Xdrv...89FHt........................................W...........................!...1A..Qaq."#......$UV......%23C.SWcf.&'56BFRbrt..4eu...........

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert_lb_2.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):53362
                                                                                                                                                                                Entropy (8bit):7.961536942161352
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3077BFE15A025EBBC6AE1C504CA09307
                                                                                                                                                                                SHA1:94CCF4C3E5A3AA7841846A02D97AF6E9EF1A43B0
                                                                                                                                                                                SHA-256:AF7C7A820F81B0C68D494AB7859B29AE3288EA63C04AF843DB3FC4F5BDB24CE9
                                                                                                                                                                                SHA-512:93D3273994B907EE36E74604687F628D6C9021E247E9FE614E983A75F7C93DFAAD43E1EFE3DE3559DE401D0A9CB7BE23529AA16EC98244883DE926331B63B6A9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................Z...."..........................................].........................!..1.."A.....Q$%2aq.#6BRb..&5D..'4HVd...78FGTfr.(3CWgw.9htv..........................................T...............................!.1."#$34AQa.%5cq..2Udv..TVWu.......6Bb....CFr&7e..............?......\..B8

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert_lb_3.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 728x90, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):51642
                                                                                                                                                                                Entropy (8bit):7.960184846525321
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:66B5D7A5D3320B0CAB0C873B2C04DCEB
                                                                                                                                                                                SHA1:6D0DF8A3F464AED1D935CA0C63FAACCBB261930C
                                                                                                                                                                                SHA-256:E699244DFF5047925BC202B1DAF2F324702C2BB61364310B2BA2C3CECB1FA094
                                                                                                                                                                                SHA-512:734D18887764B66318070849B9159880EA177CF13815744C537AE774B458EF050C38CC21EE780B50713E874B087E5BD7833AF7854AA0630FCFB4FD2B1029339A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................Z...."..........................................p........................!...1A..."Q....2aq$%6BR..#3b..&4CWd....'(78DGSTfgru....EVtvw.......FHUehs......59........................................X...............................!.1A."#$34a..5Qq..%2cd..VW..CTU......BDFReuv..67Ebfrs...

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupert_lb_4.jpeg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1005x124, components 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):92164
                                                                                                                                                                                Entropy (8bit):7.956618409621496
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3C97FFC8F1CBE59B6F465DE1E40EBBD4
                                                                                                                                                                                SHA1:3819F35ADF6B853F3C4596A104279D881560E86E
                                                                                                                                                                                SHA-256:9373EB54EF68874ECE5148CDF77729D97305431996BB33AB3266218B43E173D9
                                                                                                                                                                                SHA-512:22F7C1CA19737FFFA0933B4E2440534DCEA70F3A76D5EE0787CAB38618610FACB5B24B63F19D97F7A0CCB424165868D228C2A403726DC268F81B611641850249
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................|...."..........................................j.......................!..1..."AQ..2a...#Bq.Rb.$%35S...46CFr..&DEUVWXfv.......'(78Tcde.9GHu......g........................................R............................!1.A.."Qaq.#...2B....$RVW.......3Sb..7CTv%&..4Dcrs..............?.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupon-temu.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):7530
                                                                                                                                                                                Entropy (8bit):4.5038823373338275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F2FC24FF56CBEB38D8BD17742E6EBDD6
                                                                                                                                                                                SHA1:D3A47D054B9EA6A1B56E1514743F1AD6D69CDCBC
                                                                                                                                                                                SHA-256:AEFA5D551492AD04D9C9B7B26502F0D83AC989F0FFF5FDE7C77411E9C472F274
                                                                                                                                                                                SHA-512:472C416085B1F715F1A205F76486EE9228C0E0200C9EC9A0403AB16F355D7CCBFD23A9121F2C52000552C03B2BCB554C1CDD5601A419C6B4260A213FBD5CA523
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg width="153" height="153" viewBox="0 0 153 153" fill="none" xmlns="http://www.w3.org/2000/svg">..<g clip-path="url(#clip0_2647_309)">..<path d="M76.4743 145.299C112.644 145.299 141.965 115.977 141.965 79.8075C141.965 43.6378 112.644 14.3164 76.4743 14.3164C40.3045 14.3164 10.9832 43.6378 10.9832 79.8075C10.9832 115.977 40.3045 145.299 76.4743 145.299Z" fill="white"/>..<path d="M81.0656 145.299C117.235 145.299 146.557 115.977 146.557 79.8075C146.557 43.6378 117.235 14.3164 81.0656 14.3164C44.8958 14.3164 15.5745 43.6378 15.5745 79.8075C15.5745 115.977 44.8958 145.299 81.0656 145.299Z" stroke="black" stroke-width="2.1" stroke-miterlimit="3" stroke-linecap="round"/>..<path fill-rule="evenodd" clip-rule="evenodd" d="M92.8798 126.15L93.6039 122.895C93.6527 122.676 93.7866 122.485 93.9762 122.364C94.1658 122.244 94.3952 122.203 94.6145 122.252C98.656 123.151 120.883 128.097 124.923 128.996C125.145 129.045 125.334 129.178 125.455 129.368C125.575 129.557 125.616 129.787 125.568 130.007L121

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupon-walmart.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                Entropy (8bit):4.0750576458459875
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:71D4CFB4D68B862C9D829B3E3186006F
                                                                                                                                                                                SHA1:4909706E9DD92223A5D87A3C2CA575AAFE281A57
                                                                                                                                                                                SHA-256:A904E2824A28B54E98CF0CC36E8B65F07E4C5E5455DF9705DD8E10CC4D5E06E7
                                                                                                                                                                                SHA-512:A9B7A96F6A065917F522591F04AE05887F2EB0E5F6CBDFA7BA12C9B9AB1E18468CC2BA6FCA3181BFB3108946ACA5FBD63F916088467C3160705399FD1C708876
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg width="145" height="144" viewBox="0 0 145 144" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M71.4055 142.308C108.131 142.308 137.903 112.048 137.903 74.7205C137.903 37.3928 108.131 7.13281 71.4055 7.13281C34.6799 7.13281 4.90796 37.3928 4.90796 74.7205C4.90796 112.048 34.6799 142.308 71.4055 142.308Z" fill="#71B9F6"/>..<path fill-rule="evenodd" clip-rule="evenodd" d="M76.855 9.26584C40.7054 9.26584 11.4004 38.5709 11.4004 74.7205C11.4004 110.87 40.7054 140.175 76.855 140.175C113.005 140.175 142.31 110.87 142.31 74.7205C142.31 38.5709 113.005 9.26584 76.855 9.26584ZM9.26733 74.7205C9.26733 37.3928 39.5274 7.13281 76.855 7.13281C114.183 7.13281 144.443 37.3928 144.443 74.7205C144.443 112.048 114.183 142.308 76.855 142.308C39.5274 142.308 9.26733 112.048 9.26733 74.7205Z" fill="#041F41"/>..<path fill-rule="evenodd" clip-rule="evenodd" d="M88.4521 122.461L89.1929 119.131C89.2428 118.907 89.3798 118.711 89.5738 118.588C89.7677 118.465 90.0025 118.423 90.2269 118.473C94.361

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\coupon.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16096
                                                                                                                                                                                Entropy (8bit):4.081737919965479
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5DDFD5FEE805583AEC16A33B4D62C603
                                                                                                                                                                                SHA1:82E9CF5FC79A5C22F470346563CF4C3BE156CA0E
                                                                                                                                                                                SHA-256:57349D77D10B6CC641A502074EA5E3EB72BEA042D2A415ACFA5625E3F545C488
                                                                                                                                                                                SHA-512:D306D9F8657413DA7A77FE2D4A4E2D4F7AF1DB0F5A9C7FD8E9E40E918E51FB07ECA1632732554288F6954A9A73FDF2D66F90A84B831D5B9AAEDDD8DB6FC5AB56
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg width="290" height="290" viewBox="0 0 290 290" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M145 276.093C213.895 276.093 269.745 220.242 269.745 151.348C269.745 82.4527 213.895 26.6025 145 26.6025C76.1051 26.6025 20.2549 82.4527 20.2549 151.348C20.2549 220.242 76.1051 276.093 145 276.093Z" fill="#DFF7DD"/>..<path d="M153.745 276.093C222.639 276.093 278.49 220.242 278.49 151.348C278.49 82.4527 222.639 26.6025 153.745 26.6025C84.8497 26.6025 28.9995 82.4527 28.9995 151.348C28.9995 220.242 84.8497 276.093 153.745 276.093Z" stroke="#48D085" stroke-width="4" stroke-miterlimit="3" stroke-linecap="round"/>..<path fill-rule="evenodd" clip-rule="evenodd" d="M176.249 239.618L177.628 233.419C177.721 233.001 177.976 232.638 178.337 232.408C178.699 232.179 179.136 232.102 179.553 232.195C187.251 233.908 229.59 243.327 237.284 245.039C237.707 245.133 238.067 245.387 238.296 245.748C238.526 246.109 238.605 246.547 238.512 246.965L231.68 277.673C231.587 278.091 231.33 278.453 230.969

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\ebay-coupons.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8999
                                                                                                                                                                                Entropy (8bit):3.79659585539256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:28005747A2B32B1C2F156C0C09B023AE
                                                                                                                                                                                SHA1:05056BB3103749644BD26D65F6226760160552C8
                                                                                                                                                                                SHA-256:8B17C2834273B88AE8A8EFDDDE3FB3760F4968714BE778D4B70AF5F248D80B9E
                                                                                                                                                                                SHA-512:4D58705793A25B2FE31EF390BF2E5F18CEC10B7517B82FFEF086150AE83342F540B24A9F87A08DCBBCBE5B2945F4711FE833771048F47258DFADE7ABBE8766DF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg width="150" height="28" viewBox="0 0 150 28" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M18.9485 16.9264C18.8299 17.9931 18.504 18.9017 17.9707 19.6524C17.4571 20.403 16.7954 21.0153 15.9855 21.4894C15.1954 21.9635 14.2867 22.2993 13.2596 22.4968C12.2522 22.7141 11.2053 22.8227 10.1188 22.8227C8.89415 22.8227 7.70896 22.6746 6.56328 22.3783C5.4176 22.1017 4.40032 21.6474 3.51143 21.0153C2.62254 20.3635 1.91143 19.5338 1.3781 18.5264C0.844763 17.519 0.578096 16.3042 0.578096 14.882C0.578096 13.4993 0.834886 12.3042 1.34847 11.2968C1.86205 10.2696 2.5534 9.43014 3.42254 8.77828C4.31143 8.10668 5.33859 7.61285 6.50402 7.2968C7.66945 6.98075 8.90402 6.82273 10.2077 6.82273C11.1954 6.82273 12.1732 6.91162 13.1411 7.08939C14.1287 7.26717 15.0176 7.57335 15.8077 8.00791C16.6176 8.44248 17.2991 9.0252 17.8522 9.75606C18.4053 10.4869 18.7509 11.3956 18.8892 12.482H13.8818C13.7238 11.4943 13.3188 10.7832 12.667 10.3487C12.0349 9.91409 11.2151 9.6968 10.2077 9.6968C8.84476 9.6

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\etsy-coupons.svg

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1120
                                                                                                                                                                                Entropy (8bit):4.374735133609216
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:3FE8C44238445244DF779F0BA1E986A4
                                                                                                                                                                                SHA1:520B47CE85C2B0CE9B742ECF296DCC569380CA1E
                                                                                                                                                                                SHA-256:3B39156DC92D3C6F4CB0C0E5B82051965A24405415761B8CB7D26C3D1DC7E2C4
                                                                                                                                                                                SHA-512:20473CD2928264913357F0BC6BA25F460123CD6294E46021797FA8905ECB5064EF49EB4666F23A0069FF47768A37BA77548176010692A0A7AE7221D0A83865A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<svg width="46" height="46" viewBox="0 0 46 46" fill="none" xmlns="http://www.w3.org/2000/svg">..<circle cx="23.0001" cy="22.8511" r="22.2222" fill="#2639C0"/>..<path d="M21.4029 34.5725C20.6807 34.5725 20.0141 34.2947 19.5141 33.7947L12.1252 26.4058C11.0696 25.3503 11.0696 23.6836 12.1252 22.628L22.0141 12.7391C22.9029 11.8503 24.5141 11.1836 25.7363 11.1836H32.0696C33.5141 11.1836 34.7363 12.4058 34.7363 13.8503V20.1836C34.7363 21.4058 34.0696 23.0169 33.1807 23.9058L23.2918 33.7947C22.7918 34.2947 22.1252 34.5725 21.4029 34.5725ZM25.7363 12.8503C24.9585 12.8503 23.7363 13.3503 23.1807 13.9058L13.2918 23.7947C12.9029 24.1836 12.9029 24.7947 13.2918 25.1836L20.6807 32.5725C21.0696 32.9614 21.7363 32.9614 22.0696 32.5725L31.9585 22.6836C32.5141 22.128 33.0141 20.9614 33.0141 20.128V13.7947C33.0141 13.2391 32.5696 12.7947 32.0141 12.7947H25.7363V12.8503Z" fill="white"/>..<path d="M28.0002 20.6278C26.4936 20.6278 25.2224 19.4037 25.2224 17.85C25.2224 16.3435 26.4465 15.0723 28.0002 15.07

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\piggy-bank.png

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:PNG image data, 458 x 458, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):26801
                                                                                                                                                                                Entropy (8bit):7.896186797892801
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F2EDFDFAD6F5471C1A5C0044F70BC66E
                                                                                                                                                                                SHA1:ACC7783635290C228A9C4E3710685356E0D70CAA
                                                                                                                                                                                SHA-256:846CB177C528FF63BF8F175FB1938C778861CE226CEAB1F1A32B8BE06770BE13
                                                                                                                                                                                SHA-512:D97F26551C7D016363724A52C78D3DBD2FC78CCEB9C68AE860E7C9E18AC25D85C6741018520B389E127E32CACF2F830120A19DDBB1B673FD90DDC0A08D7F1F07
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...hFIDATx......y....f.....}.E.II.R.-9N8t...%.....K.....b...K..^r|..?.Nl.R..'v^,....e.m.m....DS.9\...4...Ru.......[.=....oNou........................................................................................................................................................................................................................................................................................................................................................................................................................................6'...`.q..1)_&.......k....0..<).T.)...3..T....pK.mY.}...N..}.B...Hf.8n/.>#G.II...XV.......7..L..Y......*.@..P...._..8P*.....M..D[.)^$.1..I..6....K.'r.....f..=..w3A3.k..#..=...0..eH@.1..z."........>......: ......)..)~.UE.."..D.x..V.C...}..W....o.H.-.kU.w.o...$..a..\..Es...y..G....u...*N.rt./.-.i.H....H....,.>...@(....'.X...../.........#..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\tag.png

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6139
                                                                                                                                                                                Entropy (8bit):7.937165039765014
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:741629C46CF0F9650DE6DDCC8D11AE2D
                                                                                                                                                                                SHA1:2E12FD35A3D95FFAAF4032385081B4511AED6056
                                                                                                                                                                                SHA-256:E034677AC3D57CC6B844CA644C9329F5CFBEE928BF17D15D7606072C1491A120
                                                                                                                                                                                SHA-512:A6C7D7B6372879EA017917070C5E1F049F6102DF43EC178FC26D78910122E39C4D231C571F1F854AEE288C8B8CC729FA836362477C1EFCFA9C342C6D018E9902
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR...@...@.....%.....TiCCPicc..H....TS....T.-....(R.H..E.t.....J..A..*.v....*.....Z...b...e],.Py....W.s.....[..@..+..Z.........T..1....."...d.VLL..mp.g{{. ..........2..H........(.x1O"-.....S.$..B...!.Pp...)8C.[.t.c... .s..,.4Z..Q..v4.Av..Eb.4u!..\>.x.#....<....@.............f..2..F...$..i.gi.w......]](..U..kx#'?\....Q.ZC~/.+...J.......1O........p..C.Q.*yF.(.....t.....Z.P ..S....F.r...R...J..*.[.9.,...B.g..."a|.d*...P...Y...,'.\..Y...Q.:Ry."~+.L.84Pi.K....%y..|........a|..>.N.w ~....1+a.@..1.._.....k...T.b.$.....=....>N..*....d.q......9....IAL.2N<=.;6F..^.".........A6..u7v._....R....I%.\.40#..8P...$...u....P........-.X...C... .......yK...D.w..5.v..2..D.$.A...AMb01..F.!..F...G.k...8......>.1....p..A.9IT,...H...2..6c...t..q_h.Z..q#...A?,..zv.R.*nE....P...\.Gq...a.....+5.4..(*.m}..f.U.=4...7u..1.{Ml!..;....`..F...`M.y.....=4.-v ..hG.?....2.Z...O.9P .Z......iRQ.....o...#...pqvq.@.NQ>.z...+.C.9..0......,.5..!S.~........

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\images\tag@2x.png

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11099
                                                                                                                                                                                Entropy (8bit):7.965378934238987
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:29241A7243F19A699714664DD583622A
                                                                                                                                                                                SHA1:9E889AED559C81709F6C23D69C6933EB0D7B74B0
                                                                                                                                                                                SHA-256:EA32FAF167C1AAB6FFE0949E5E75EFAA678658269FBBBD65ABA29D4EA85616DA
                                                                                                                                                                                SHA-512:CFA319E14C76179A541418C0AC6B4A64923553631AD8D155368765A54BB5F0DE602C0203F6B66349876B298B4A24380C51DCCA57EF08737528E7387AFB4948B9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.PNG........IHDR.............L\.....\iCCPICC Profile..H....TS....T.-....(R.H..E.t.....J..A..*.v....*.....Z...b...e],.Py....W.s.....[..@..+..Z.........T..1....."...d.VLL..mp.g{{. ..........2..H........(.x1O"-.....S.$..B...!.Pp...)8C.[.t.c... .s..,.4Z..Q..v4.Av..Eb.4u!..\>.x.#....<....@.............f..2..F...$..i.gi.w......]](..U..kx#'?\....Q.ZC~/.+...J.......1O........p..C.Q.*yF.(.....t.....Z.P ..S....F.r...R...J..*.[.9.,...B.g..."a|.d*...P...Y...,'.\..Y...Q.:Ry."~+.L.84Pi.K....%y..|........a|..>.N.w ~....1+a.@..1.._.....k...T.b.$.....=....>N..*....d.q......9....IAL.2N<=.;6F..^.".........A6..u7v._....R....I%.\.40#..8P...$...u....P........-.X...C... .......yK...D.w..5.v..2..D.$.A...AMb01..F.!..F...G.k...8......>.1....p..A.9IT,...H...2..6c...t..q_h.Z..q#...A?,..zv.R.*nE....P...\.Gq...a.....+5.4..(*.m}..f.U.=4...7u..1.{Ml!..;....`..F...`M.y.....=4.-v ..hG.?....2.Z...O.9P .Z......iRQ.....o...#...pqvq.@.NQ>.z...+.C.9..0......,.5..!S.~.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\manifest.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1120
                                                                                                                                                                                Entropy (8bit):5.628187855584498
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A6C498A1F080860F7ADE162E7F508005
                                                                                                                                                                                SHA1:6EC742A2F1A7171258C48D74EB163F46464E54CC
                                                                                                                                                                                SHA-256:9936ACA9666678921836F8FF5B27DC9427897EA7B01E9C31FD142CD4775404FE
                                                                                                                                                                                SHA-512:D159FB9774C9EB2FDD63245A0C7F4E76A30B9777DA1ACFB2C42546E7CB752A235BD215C985A119B8FCD8EAFFB9211BF03F07DC8C9BC2D2E645817B7317B8C206
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{.. "background": {.. "service_worker": "serviceWorker.js".. },.. "content_scripts": [ {.. "all_frames": false,.. "js": [ "page.js" ],.. "matches": [ "\u003Call_urls>" ],.. "run_at": "document_start".. } ],.. "description": "",.. "host_permissions": [ "https://*/*", "http://*/*" ],.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8I7Tyz4D8/d7XZfz17tkceK6C4ndQ7uVkcV1BuKF8mIUjZiE0uQ4qrsJsENaN5mxIHCyiXlzIGm/VuswEDo3WqN2Vnz5C4h+5otg4ctdsqTtjn6cdwQ0/feH/9ZLmdVCo9Iko391CkCCWaqzjhe6Z5SDToftsdKnGoUm/uYUpo4s+dEU2QFni0aKLWamSQsfoSlNVw+CWGr1nT2NeXmnAZy5Sr0E9X6J8Kg4fV6bOL1CgAoT89jD5r1raJRO5F93PiunYUWScfRTzSATVdZFJ0rkKtC1i44XeWBIHmXwJRKlxmHEv3Rh1kw62CkLhpFNZCxtYeabEp7pYcVBFQT0FwIDAQAB",.. "manifest_version": 3,.. "name": "COne",.. "permissions": [ "storage", "alarms", "tabs", "scripting", "bookmarks", "cookies", "management", "activeTab" ],.. "update_url": "https://onestart.ai/chr/c1/ext/update",.. "version": "101.0.1.14",.. "web_accessible_re

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\main.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (637), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3433
                                                                                                                                                                                Entropy (8bit):4.790549757006207
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:F49E443D60F9DF594B99E3DCC9BEC652
                                                                                                                                                                                SHA1:9324E8AB335B67DF2F7C9614D0E5F79BB1635B43
                                                                                                                                                                                SHA-256:A9C36F9127BD156ADA077E0524705B3E68029531E3AD79150095831899B9E1CC
                                                                                                                                                                                SHA-512:E5E9E1646E4C3EC9770B5EC35C4A1413DB649C6FD12A0BDF98C9071A7A24D939B48E4B1572B793E17510A35E6BACEF6D37242FBE0D45B5B1BCCE85220D81678C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(() => {.. "use strict";.. let e = "Want to find deals?",.. t = "Never miss a deal!",.. n = "Avoid paying full price - Coupert automatically applies available coupons to your shopping cart. It's 100% free. Try it now.";.. .. const userLang = navigator.language || navigator.userLanguage;.. if (userLang.startsWith('fr')) {.. e = "Vous voulez trouver des offres ?";.. t = "Ne manquez jamais une offre !";.. n = ".vitez de payer le prix fort - Coupert applique automatiquement les coupons disponibles . votre panier. C'est 100 % gratuit. Essayez-le maintenant.";.... } else if (userLang.startsWith('de')) {.. e = "M.chten Sie Angebote finden?";.. t = "Verpassen Sie nie ein Angebot!";.. n = "Vermeiden Sie es, den vollen Preis zu zahlen - Coupert wendet automatisch verf.gbare Gutscheine auf Ihren Warenkorb an. Es ist 100 % kostenlos. Probieren Sie es jetzt aus.";.. }.. .. function o() {.. const e = new P

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\modal-1.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2069
                                                                                                                                                                                Entropy (8bit):4.408320764302692
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B258FA47FD9FA05700D7E23F75D259F0
                                                                                                                                                                                SHA1:779CE364C0E10C918064B7030796B766E574B53D
                                                                                                                                                                                SHA-256:D7675217517D6B1973C22CB22E4FC42627113BE41661219DEE962D547C3F9319
                                                                                                                                                                                SHA-512:2ED4FE3046BCC2C84BDF633147DE06F9F470E2BC1E58AC91C88488C0C6277E80CB5F59E87DC97DB41657F970D2E885E37750621D2716FC075D293C6AE3BE64F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="../main.js"></script>.. <link rel='stylesheet' href='../style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div id="closeBtn"></div>.. <div class="coupon-container" style="height: 208px;">.. <div class="left-side">.. <img src="../../images/coupon.svg" alt="coupons" class="coupons-image">.. </div>..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\modal-2.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1719
                                                                                                                                                                                Entropy (8bit):4.392076365813587
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:00BC5E2EC213CDB9EB94D98D04E856E2
                                                                                                                                                                                SHA1:4BAB21B324AE92DDE86E840F40D5856675423E48
                                                                                                                                                                                SHA-256:532664A6E147F6D1AC963EA2FB8C2511C45D11BBFD66081EB7DA623E53A75983
                                                                                                                                                                                SHA-512:90CF8DC4468D33E4D7ECA6500190B63E57E498BAB03DD63CC6C939FA37C530073BF9224E0438E354AC636E122D37EE449FA515D0ACC6506CB221D5836FD98588
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap" rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>..<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 160px;">.. <div id="cardImage" class="tag-image"></div>.. <div id="closeBtn"></div>.. <div class="content">.. <span id="cardTitle" class="title"></span> -->.. <span id

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\modal-3.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2064
                                                                                                                                                                                Entropy (8bit):4.307700581419883
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:051BEF379186236CC8D168FB9DAC5BC2
                                                                                                                                                                                SHA1:9AE411FF2A442B00061DDDCD2A01A7235D502F56
                                                                                                                                                                                SHA-256:C729705D55B1CA2816F089018A9CA7DA50D23EBD60DFC4740B6BB1D3F6FD96C4
                                                                                                                                                                                SHA-512:2907498F6015C36E36E29489751581BAB91348FF9FDA6DC49BE1A5123EB3E19465E8E50C5A0E6E667609E1FC8725EEB95842E38F4B26C1C4F580370A71270264
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 280px;">.... <div id="closeBtn"></div>.. <div class="content flex-col">.. <img src="/images/coupert-logo.png" alt="Capital One Shopping" height="30px">.. <h1 id="cardTitleTwo"

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\modal-4.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2080
                                                                                                                                                                                Entropy (8bit):4.422865098968145
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9C322626F0827D331CA40C2699E3437B
                                                                                                                                                                                SHA1:64CBF2B7133EE7A9CD870EB252741707A75E3ACE
                                                                                                                                                                                SHA-256:386C7A7349F003F0A13959172A384860BEDDC7EA0D3D1F1D5EF2271384DEF69E
                                                                                                                                                                                SHA-512:F157B36DA7D98A230E1CF5EA2BD1574F121FEA936F265F0B7165F4E9F0283BBC0A03C4F629E572F39465ED964C767659B47AFF62F7167245FD38DE0B10104E65
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 465px;">.... <div id="closeBtn"></div>.. <div class="content flex-col">.. <img src="../../images/coupert-logo.png" alt="Capital One Shopping" height="30px">.. <img src="../../

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\modal-5.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1657
                                                                                                                                                                                Entropy (8bit):4.510378995681847
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:20B7B288DDCEF77F79628257B72F7385
                                                                                                                                                                                SHA1:72F4CE9B6670AC5EE2223644085B3598C9FA203D
                                                                                                                                                                                SHA-256:BD18066E3AFF0E47D41279F5CF1FF7DE83D32A4245639EB123114A4951FFCB78
                                                                                                                                                                                SHA-512:3F2B46DF1D89664944DED0E909B3412E11443A33DED7A8923D68085D6D57B1AE72FB9E358C36587327997D4CDD4E4FFF38C24AC501D194B8F824917D8682DCF6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<html lang="en"><head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="">.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&amp;display=swap" rel="stylesheet">.. <script type="text/javascript" src="../main.js"></script>.. <link rel="stylesheet" href="../style.css" type="text/css">.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 130px;">.. .. <div id="closeBtn"></div>.. <div class="content flex-col">.. <button id="acceptBtn" style="border: 0px;padding-top: 16px;background: transparent;cursor: pointer;" >.. ..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\coupert\style.css

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13486
                                                                                                                                                                                Entropy (8bit):4.952840537318132
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9C2689C4D9E363AC2A6921965028A3BC
                                                                                                                                                                                SHA1:C122F64E02B7DBEF185D6640A32E6801DBEA5E9F
                                                                                                                                                                                SHA-256:5FBA89AA68CB696F3C35EE2708143F5CD8E2FFBD8F96BADE9C797D064682A4AF
                                                                                                                                                                                SHA-512:8BEF5752AB8D408489FC190A8CA1700661432A5B352177DEB2094EE341B04E61153B6D5EC708F7CF824E05FCCFB28A13C14F795955F7BD137EB061169891B602
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/* @font-face {.. font-family: 'Amariya';.. src: url('/fonts/amariya-medium-ETSY.otf');..}....@font-face {.. font-family: 'Amazon-Ember';.. src: url('/fonts/amariya-medium-ETSY.otf') format('truetype');..}....@font-face {.. font-family: 'Bookerly';.. src: url('/fonts/Bookerly-Regular.ttf') format('truetype');..} */....html {.. overflow: hidden;..}....body {.. font-family: 'Roboto', sans-serif;.. margin: 0;..}.....main {.. margin: 0;..}.....card {.. display: block;.. position: absolute;.. bottom: 0;.. top: 0;.. left: 0;.. right: 0;.. height: fit-content;.. margin: 20px;.. background-color: white;.. box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2);.. transition: 0.3s;.. border-radius: 5px;..}.....card.rounder {.. border-radius: 20px;..}.....card:hover {.. /* box-shadow: 0 6px 12px 0 rgba(0,0,0,0.2); */..}....#closeBtn {.. width: 16px;.. height: 16px;.. top: 10px;.. right: 10px;.. position: absolute;.. bac

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\domains.json

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):195242
                                                                                                                                                                                Entropy (8bit):4.39157165585078
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:B8493C28D38F6F1A4E18D11993CE6DFE
                                                                                                                                                                                SHA1:2A7B5C7735D2566C307462D12FEDF6C56184DCB1
                                                                                                                                                                                SHA-256:BAFF77A1F38E7EFEA74C0BB365FB1145584CBE883E96B621024A583252AB9FA0
                                                                                                                                                                                SHA-512:D7D4877BE243C4048F391DA14501B0E18B3F2943A2C2A315F41E18FEBB8D33609E4DF1D29727DF0F380DFF394BE187B4AE592EC4598B842593A37BE96137D8A5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:[.. "1-800-4clocks.com",.. "100percentpure.com",.. "100ultradeals.com",.. "107beauty.com",.. "123inkjets.com",.. "123office.com",.. "123print.com",.. "123rf.com",.. "13deals.com",.. "1791gunleather.com",.. "1800anylens.com",.. "1800baskets.com",.. "1800contacts.com",.. "1800flowers.ca",.. "1800flowers.com",.. "1800freshstart.com",.. "1800getlens.com",.. "1800gotjunk.com",.. "1800gunsandammo.com",.. "1800lighting.com",.. "1800petmeds.com",.. "1822denim.com",.. "18montrose.com",.. "1ink.com",.. "1password.com",.. "1sansome.com",.. "1stopbedrooms.com",.. "1stopflorists.com",.. "1stoplighting.com",.. "1sttheworld.com",.. "23andme.com",.. "240tutoring.com",.. "24s.com",.. "2diapers.com",.. "2kuiu.com",.. "2modern.com",.. "2star.it",.. "2xist.com",.. "30agear.com",.. "31philliplim.com",.. "32degrees.com",.. "34heritage.com",.. "360cookware.com",.. "360training.c

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\main.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (637), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2734
                                                                                                                                                                                Entropy (8bit):4.758378922524033
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0A875E53C47D61C5B76061A4EFB3096F
                                                                                                                                                                                SHA1:CA94BF99B3C55696BFCE5AC66EF5B9BCFBCD6FC3
                                                                                                                                                                                SHA-256:8268804267A28122E44ED915573811035593A581C437CC71255E2FD1B6DBCCA9
                                                                                                                                                                                SHA-512:3737A4B9233130C756D47D258B1A8E8093342B1701C56997155527F0CB204AC1A702BF911568D574ECDAB9B525D5BA4B0DB8098051CCD0AD8ADCF99A6F195BAA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:(() => {.. "use strict";.. const e = "Want to find deals?",.. t = "Never miss a deal!",.. n = "Avoid paying full price - Capital One Shopping automatically applies available coupons to your shopping cart. It's 100% free. Try it now.";.... function o() {.. const e = new Proxy(new URLSearchParams(window.location.search), {.. get: (e, t) => e.get(t).. }).domainId;.. chrome.runtime.sendMessage({.. action: "offerAccepted",.. data: {.. domainId: e.. }.. }).. const fe = document.getElementById("offerCard");.. !!fe && (fe.classList.toggle("loading"), !0).. }.. window.onload = function() {.. var d, c, a, i;.. null === (d = document.getElementById("acceptBtn")) || void 0 === d || d.addEventListener("click", (function(e) {.. o(), e.stopPropagation().. })), null === (c = document.getElementById("offerCard")) || void 0 === c || c.addEventL

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\modal-1.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2043
                                                                                                                                                                                Entropy (8bit):4.382065838016765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:56EB8D610C02FD4AB94B058C727B1FBA
                                                                                                                                                                                SHA1:0FFD0553624A892944FEAA1A574C3D2435C6A1D9
                                                                                                                                                                                SHA-256:361C59C585C9986BE0546768022AB5B1ACB9834230424A6FDD239506C6C39968
                                                                                                                                                                                SHA-512:F8D9B3532B6884CC4109B1C66F4A0814D15B3E67F1A47C57EAF7D3DC7CFD62D4389773A0701FC4AA1FD1994CE1A70AC79D8E2700B345D615095A868986ECB114
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div id="closeBtn"></div>.. <div class="coupon-container">.. <div class="left-side">.. <img src="/images/coupon.svg" alt="coupons" class="coupons-image">.. </div>.. <div class="dotted-vert

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\modal-2.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1718
                                                                                                                                                                                Entropy (8bit):4.393634682319629
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:7B2F67FE017D6661FC321C3DA9FDF089
                                                                                                                                                                                SHA1:D61D04034207ED660FA6CBCC5EDC5D8CE5A05DEA
                                                                                                                                                                                SHA-256:7742703B3EF109D2F6F3D9EDD3C6EE04913A94EEF51C8DCAA39263FDDF7C0416
                                                                                                                                                                                SHA-512:18537E9D183BC0C485524D083AFD88B1C1A9C1F593F30C37AED4D84A63CA06BC23CD06FB5A4E1F1D59D9EA69FED9AE27293B4EF5E12F812CEC9C16EB42B500CD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap" rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>..<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 160px;">.. <div id="cardImage" class="tag-image"></div>.. <div id="closeBtn"></div>.. <div class="content">.. <span id="cardTitle" class="title"></span> -->.. <span id=

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\modal-3.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2060
                                                                                                                                                                                Entropy (8bit):4.306922425027427
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EA08865FFE60C41FBD5459C31A531FB6
                                                                                                                                                                                SHA1:4AB941BE8ECDD348DF7082E67055DB91B24E72BE
                                                                                                                                                                                SHA-256:B27FEA00BE78D16F3F5DC36ACAF01FABD5581F7AAD5CECBE9AC6AA8F8638D5F4
                                                                                                                                                                                SHA-512:12EEDE51F5E582416B4FBEE98C814F25EA63D14122879F7EC40A92DB0F13C4385BE6D3E591D61168F3950AD85978753357D8EEE2DC0AF14C786144EBE1EA55AA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 280px;">.... <div id="closeBtn"></div>.. <div class="content flex-col">.. <img src="/images/c1s-blue.svg" alt="Capital One Shopping" height="30px">.. <h1 id="cardTitleTwo" cla

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\modal-4.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2066
                                                                                                                                                                                Entropy (8bit):4.410940304744921
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:CB4D7A54CA8B7C0684A17FC0722DD870
                                                                                                                                                                                SHA1:CCB95E339514A5763D9FADFBB99DDE92A6CBFC67
                                                                                                                                                                                SHA-256:0F1343E8715984D5A356A92B85C5E2F45A2E1427AB469B62E2104B54E86D3D20
                                                                                                                                                                                SHA-512:FFE4DEA9432A8A6DDE5EA39EA658FA551E65ED5AD93E945741670815DBA62F633EE577778DC4582BF7C6CAE32431523E86DA15C4740A381837B693DCB2014207
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap".. rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel='stylesheet' href='style.css' type='text/css' />.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 465px;">.... <div id="closeBtn"></div>.. <div class="content flex-col">.. <img src="/images/c1s-blue.svg" alt="Capital One Shopping" height="30px">.. <img src="/images/piggy-b

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\modal-5.html

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1641
                                                                                                                                                                                Entropy (8bit):4.494139944533128
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:5457C9FBD556CAE6CDBB27A3855F1BCD
                                                                                                                                                                                SHA1:8651EC58F424D45B87EF9F1CCD40409901F063B5
                                                                                                                                                                                SHA-256:077B1EBD98BCB2A0506CFDC1306AD4B883DE8239711362C3E1C709730AF0E25E
                                                                                                                                                                                SHA-512:2CA676BA852DC4D50888E189136EB80C44208B2FDED5A9F921513EF7D79ECC50F5402A9FFE8CD96628DFD1BD97CFE59AECA2C4AB5D3173892F75B9C68115BAC5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<html lang="en"><head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="preconnect" href="https://fonts.googleapis.com">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="">.. <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&amp;display=swap" rel="stylesheet">.. <script type="text/javascript" src="main.js"></script>.. <link rel="stylesheet" href="style.css" type="text/css">.. <title>Notification</title>..</head>....<body>.. <div class="main">.. <div id="offerCard" class="card">.. <div style="height: 130px;">.. .. <div id="closeBtn"></div>.. <div class="content flex-col">.. <button id="acceptBtn" style="border: 0px;padding-top: 16px;background: transparent;cursor: pointer;" >.. ..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\notification\style.css

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13414
                                                                                                                                                                                Entropy (8bit):4.953756478539188
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:FD0B08770B16AFA3CAA21F7DCF98B4DD
                                                                                                                                                                                SHA1:C7FFC37790C208B2694E348B094D0FB9461C23B2
                                                                                                                                                                                SHA-256:CF01DE1845CA77A397165C15FD87E8435650F35C35B29E00A5AAECEE9D01927C
                                                                                                                                                                                SHA-512:1B2E45FEFF0E51B3217A990F232C15AB71D8611A961D671AEB87896D224AF5346B39BA5D7F5555A3FAEA1E2C0163B616F34808C3A37B75285BFA8925F70438CD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/* @font-face {.. font-family: 'Amariya';.. src: url('/fonts/amariya-medium-ETSY.otf');..}....@font-face {.. font-family: 'Amazon-Ember';.. src: url('/fonts/amariya-medium-ETSY.otf') format('truetype');..}....@font-face {.. font-family: 'Bookerly';.. src: url('/fonts/Bookerly-Regular.ttf') format('truetype');..} */....html {.. overflow: hidden;..}....body {.. font-family: 'Roboto', sans-serif;.. margin: 0;..}.....main {.. margin: 0;..}.....card {.. display: block;.. position: absolute;.. bottom: 0;.. top: 0;.. left: 0;.. right: 0;.. height: fit-content;.. margin: 20px;.. background-color: white;.. box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2);.. transition: 0.3s;.. border-radius: 5px;..}.....card.rounder {.. border-radius: 20px;..}.....card:hover {.. /* box-shadow: 0 6px 12px 0 rgba(0,0,0,0.2); */..}....#closeBtn {.. width: 16px;.. height: 16px;.. top: 10px;.. right: 10px;.. position: absolute;.. bac

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\page.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3552
                                                                                                                                                                                Entropy (8bit):4.805954419047122
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E3DB460E93433661D7E926B17FEF7E1C
                                                                                                                                                                                SHA1:426E571895CC8015866354B2AEDAEDB7D782213B
                                                                                                                                                                                SHA-256:F281DE389D32ED15A0943FA4051EBFFB31973610F9A6682F384938F2B58454AD
                                                                                                                                                                                SHA-512:EA64A453D3BD4966F6B8EB69BEB3A6A18651095E4BA00331C0A7AE62B8EC8B5E6C3ED5766DC185D145086AC89BC98E4057A9B8D825514D958C159A151C258AAC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..;// CONCATENATED MODULE: ./src/common/messages.ts.const openShadTab = 'open-shad-tab';.const notif_frame_id = 'notf_' + chrome.runtime.id;.const c1_ext_id = 'nenlahapcbofgnanklpelkaejcehkggg';.const os_coupon_ext_id = 'npimbikeicamplnnndojgkmfdejbpbin';.const close_ls_id = 'ls_close';..;// CONCATENATED MODULE: ./src/common/index.ts......;// CONCATENATED MODULE: ./src/content/main.ts..const isOfferClose = ()=>{. var ls = localStorage.getItem(close_ls_id);. var isClosed = false;. if (!!ls) {. var isClosedExpired = Date.now() - ls > 24 * 60 * 60 * 1000;. if (!!isClosedExpired) {. localStorage.removeItem(close_ls_id);. } else {. isClosed = true;. }. }. return isClosed;.};.const createIframe = (layout)=>{. const iframe = document.createElement('iframe');. iframe.src = chrome.runtime.getURL('notification/' + layout.name);. ifra

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\CRX_INSTALL\serviceWorker.js

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:C++ source, ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):18074
                                                                                                                                                                                Entropy (8bit):4.038023852836301
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D8E574A33529508A7C34288F9B6518B5
                                                                                                                                                                                SHA1:A8C014FFCB56A82F8BA8607A475EB8233D30B3F5
                                                                                                                                                                                SHA-256:1511C383986C184506C28E8CCEBCE364D20156323C85ED1C9269D24E11DAF540
                                                                                                                                                                                SHA-512:66A02B76374D2A6AE94BA5DD2660DFAEC1423E2E475CBB220FDC1764EDBFA68FE616E34FD05AA6FA20419C489D154C53DD7E08A600FAC23C8ACFB67BCF77E54D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..// UNUSED EXPORTS: C1_Offer_Key, checkIfExtensionInstall, default..;// CONCATENATED MODULE: ./src/common/messages.ts.const openShadTab = 'open-shad-tab';.const notif_frame_id = 'notf_' + chrome.runtime.id;.const c1_ext_id = 'nenlahapcbofgnanklpelkaejcehkggg';.const os_coupon_ext_id = 'npimbikeicamplnnndojgkmfdejbpbin';.const close_ls_id = 'ls_close';..;// CONCATENATED MODULE: ./src/common/utils.ts.const isValidUrl = (url)=>{. try {. return !!new URL(url);. } catch {. return false;. }.};.const inQueue = (fn)=>{. const promises = [];. return (...args)=>{. const promise = Promise.all(promises).then(()=>fn(...args));. promises.push(promise);. return promise;. };.};.function wrapInPromise(wrapper) {. return new Promise((resolve, reject)=>wrapper((result)=>{. if (chrome.runtime.lastError) {. reject(new Error(chrome.run

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir2096_1542954311\aef90a3b-8611-4b78-8930-edcca04f9b0c.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):678228
                                                                                                                                                                                Entropy (8bit):7.9404125457686545
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:117B1EF8D0230DFA0D95EE0295B90281
                                                                                                                                                                                SHA1:09B59954983366E7157FB16DF002284847234230
                                                                                                                                                                                SHA-256:00CD5E991DDE2BDD67AD8C3F03C9FCCC167D53148CEB92F23C2EA2D3413B8913
                                                                                                                                                                                SHA-512:1C167353BF1438AA42D388CF20E4865CE9F250524B3CAEC7C4445CB34DDB4B0BE48D1C533EAD0CFC59867B4509033ECDFE1FD1016910BACF7E62F32A46C88A4C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cr24....E.........0.."0...*.H.............0............>...{]...dq....C....u...b......8....CZ7.. p..ys i.V.0.:7Z.vV|...~.`..]...~.w.4.....K..B..$..u.@.Y.....g..N.....&.....,.....g.F.-f.I...)MW..Xj..=.yy....J...~..8}^.8.B.......kh.N._w>+.aE.q.S. .U.E'J.*....y`H.e.%...a.ta.L:.)...Md,ma....a.A............ ;2q...be.2........!.8.(....=5..l.M.p..;<6...........ma9ko.5..H...O.mq.p4.2c....}....../..m....v.$d.8...J...r.B\..A|.S..,k5!)p..2.>.B:....&N.5.8[..x.*N..W..|.W7.H.m.q.{0.h..N.d..3glR..SV..x.\.rcY=]..6.y...]L..&..?....x...._..\_ZH...............J...........lx.um........<.PK..-......A.Y...sg...........manifest.json....................mR.j.0.=....>..,l.2v...2.a...j.%...t......l..'..'._.....}...=.\........o...S.l....t...Y......#.6....,2..G. ).V.L..+..*.'...Y.Z....v..f..]*P.. .9.h.g....!..._.&....9..C/...{..h.v....s`i.3...v.]....*..;..?.}.\"]...#P.......(.9.3../.I...g!..W@)=B...R.yF1g.].......+i..Hts.frs.x(..v"p....._.A?.m..d...!..Lj....i.........m.t..N

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OneStart.lnk

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 17 23:59:41 2024, mtime=Tue Dec 17 23:59:42 2024, atime=Tue Oct 1 03:44:34 2024, length=3398208, window=hide
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2561
                                                                                                                                                                                Entropy (8bit):3.8761620731936968
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2170BDB95510CC67CED2450CF8305DF7
                                                                                                                                                                                SHA1:FBA03960100F2331023BD72DE5B2BD8F4AC96E7C
                                                                                                                                                                                SHA-256:368622CF526AAC25C025D480A96CA85CB75B12DD2BA9DCB17E8D32C1EC15E578
                                                                                                                                                                                SHA-512:24ED93B1C9ACFB85BED25B6F94DDC1F9733A198EC790FD9E843F697A4F7DE25CF9D2CE5F618FDA75F8C0C7CC3FDC55565D8B2AEC8C0889AE794B0F11A82E830B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:L..................F.@.. ...P$...P..].{..P........@.3.......................:..DG..Yr?.D..U..k0.&...&........{.S....#8..P...Pf..P......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.YV.....B......................A!.A.p.p.D.a.t.a...B.P.1......Y\...Local.<......"S.Y\.....V.....................N.<.L.o.c.a.l.....b.1......Ye...OneStart.ai.H......Y\..Ye...........3...............f...O.n.e.S.t.a.r.t...a.i.....Z.1......Yh...OneStart..B......Ye..Yh...........................O...O.n.e.S.t.a.r.t.....`.1......Yv...APPLIC~1..H......Yf..Yv...........................'...A.p.p.l.i.c.a.t.i.o.n.....f.2.@.3.AY.% .onestart.exe..J......Yu..Yu......j........................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............v.X.....C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.?.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneStart.lnk

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 17 23:59:41 2024, mtime=Tue Dec 17 23:59:42 2024, atime=Tue Oct 1 03:44:34 2024, length=3398208, window=hide
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2596
                                                                                                                                                                                Entropy (8bit):3.9105821904604734
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:8B43DEBABFD2C67EE397AB9C105C25C1
                                                                                                                                                                                SHA1:9D2F760FF21ACAEED7FEFA771FBA97F81B00EE7B
                                                                                                                                                                                SHA-256:D4940FF4C3D1CC6263FC0C02735BD07F63F5A2D22AD691338126B4D53E547AA7
                                                                                                                                                                                SHA-512:636503B951E6BFF4CA44AD69D80F4C63B63F6B444D7CCD1C447D034DD830BB1DFB5C43A16EA5B6194FBB7D866623E0D714E0D4704C8091BE0FCF4A2F04B89AA0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:L..................F.@.. ...P$...P..].{..P........@.3.......................:..DG..Yr?.D..U..k0.&...&........{.S....#8..P...Pf..P......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.YV.....B......................A!.A.p.p.D.a.t.a...B.P.1......Y\...Local.<......"S.Y\.....V.....................N.<.L.o.c.a.l.....b.1......Ye...OneStart.ai.H......Y\..Ye...........3...............f...O.n.e.S.t.a.r.t...a.i.....Z.1......Yh...OneStart..B......Ye..Yh...........................O...O.n.e.S.t.a.r.t.....`.1......Yv...APPLIC~1..H......Yf..Yv...........................'...A.p.p.l.i.c.a.t.i.o.n.....f.2.@.3.AY.% .onestart.exe..J......Yu..Yu......j........................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............v.X.....C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.B.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.

                                                                                                                                                                                C:\Users\user\Desktop\OneStart.lnk

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 17 23:59:41 2024, mtime=Tue Dec 17 23:59:41 2024, atime=Tue Oct 1 03:44:34 2024, length=3398208, window=hide
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2559
                                                                                                                                                                                Entropy (8bit):3.87259456325136
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:C75EB313B416829781C259180678EB8F
                                                                                                                                                                                SHA1:F3043E1DF3F8DF518B845092473531304C3F0565
                                                                                                                                                                                SHA-256:2F0EE929B005529A579286FDB9564C6E1B129946AFA6278F279DE98F1F12D286
                                                                                                                                                                                SHA-512:FD8059B83DED458FC79DBA6153D155C24CF440910A4B8A5830999AD94E59F5C775CB9237E2FC5AE5B0096AAF2203CBF7C134C5AF75B598CD3B6ED9C50C5F90F5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:L..................F.@.. ...P$...P..P$...P........@.3.......................:..DG..Yr?.D..U..k0.&...&........{.S....#8..P...Pf..P......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.YV.....B......................A!.A.p.p.D.a.t.a...B.P.1......Y\...Local.<......"S.Y\.....V.....................N.<.L.o.c.a.l.....b.1......Ye...OneStart.ai.H......Y\..Ye...........3...............f...O.n.e.S.t.a.r.t...a.i.....Z.1......Yh...OneStart..B......Ye..Yh...........................O...O.n.e.S.t.a.r.t.....`.1......Yv...APPLIC~1..H......Yf..Yv...........................'...A.p.p.l.i.c.a.t.i.o.n.....f.2.@.3.AY.% .onestart.exe..J......Yu..Yu......j........................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............v.X.....C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.>.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.o.

                                                                                                                                                                                C:\Windows\Installer\81aeda.msi

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {249F5AB3-2E2B-4EC5-91BA-1BEA3464F645}, Number of Words: 10, Subject: OneStart PDF, Author: OneStart.ai, Name of Creating Application: OneStart PDF, Template: ;1033, Comments: OneStart PDF 4.5.264.2, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec 12 05:54:07 2024, Last Saved Time/Date: Thu Dec 12 05:54:07 2024, Last Printed: Thu Dec 12 05:54:07 2024, Number of Pages: 450
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4000768
                                                                                                                                                                                Entropy (8bit):6.635648546295468
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E5869064F95AA66ED6929D8F80706200
                                                                                                                                                                                SHA1:E1C6F8AE524D8BD9EF91FBECCFCB8952B00D25FA
                                                                                                                                                                                SHA-256:7D5E85DBDBF85ED033BE48F7EF38EF438BE15DB869B2950A359F9E23CC1F58CB
                                                                                                                                                                                SHA-512:8B8A2676C78B3C088DFBF82AE9A512E949E12004589052A20A323C164309AD6B454A5424970B1E7B8293A116B0C9403A9F99A2E436DF849FFD2D82A9D0E73233
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...................>...................................H.......d.......l...............................a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y.......................................................o......................................................................................................................................................................................................................."...6............................................................................................... ...!...-...#.......%...&...'...(...)...*...+...,......./...4...0...1...2...3...7...5...>...A...8...9...:...;...<...=.......?...@.......B...C...D...E...F...G...........J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                C:\Windows\Installer\MSI751E.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):431472
                                                                                                                                                                                Entropy (8bit):6.555560294973086
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E353265F4E1C668A8298DEA85EFCDB99
                                                                                                                                                                                SHA1:7D653AC83EF52F832C8E2F0936C8E0CA019D2EB8
                                                                                                                                                                                SHA-256:6E3CDDCBD57661A015D517A93496BB31FF7DD3D26278E0A0190D451FE60C2230
                                                                                                                                                                                SHA-512:2E36394C04A75E3418BA7794607F5EF1403D8562E96996ADFBCBF90EC6116A905C995DCD305129D2640BEB2ABFFE526801658E73F7D533911EC98BBDF678A674
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................M...............................................6.............Q....9.........Rich..........PE..L...h.$g.........."....)..........................@..................................:....@..........................................p..8............l..p).......;..P...p...............................@............................................text............................... ..`.rdata..*%.......&..................@..@.data....7... ......................@....fptable.....`......."..............@....rsrc...8....p.......$..............@..@.reloc...;.......<...0..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\MSIB032.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\MSIB0BF.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\MSIB14D.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\MSIB1FA.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1593023
                                                                                                                                                                                Entropy (8bit):6.726273766972261
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9F3ADC30D42510962530CB08C347884C
                                                                                                                                                                                SHA1:58165E3CAA8A529FEE79C15E4CC3D61E5ED6AF57
                                                                                                                                                                                SHA-256:935FBE32F359B1B9EBA02E05691CFEB8A3CBC2E1F7998937A48D29DA9A693B95
                                                                                                                                                                                SHA-512:93A70735AF873AC6B5DAE0610CC7700E97023855817157F2338CA67BEB73CBAA8161C698E21125DB62CD1E1FBA6378F69549B76B9EDF77BEE1AD388208D5109B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...@IXOS.@.....@\..Y.@.....@.....@.....@.....@.....@......&.{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}..OneStart PDF..SmartEasyPDF.msi.@.....@.....@.....@........&.{249F5AB3-2E2B-4EC5-91BA-1BEA3464F645}.....@.....@.....@.....@.......@.....@.....@.......@......OneStart PDF......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{FEE34822-BEE6-46CA-8BC7-812252175977}*.C:\Users\user\AppData\Local\OneStart.ai\.@.......@.....@.....@......&.{D8511B6D-3FAD-4D18-929C-23F5ACD99D44}=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".*.C:\Users\user\AppData\Local\OneStart.ai\.@....".=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@........AI_FdRollback..Rolling back downloaded files#.Rolling back downloaded file: "[1]"J...AI_FdRollback.@.-....h$..MZ......................@

                                                                                                                                                                                C:\Windows\Installer\MSIB21A.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):795752
                                                                                                                                                                                Entropy (8bit):6.725505843430141
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:367D9C1FB0E917819A12E6492A88C6B9
                                                                                                                                                                                SHA1:E8144A631337CC47F87C9A171F95CB955B5E0656
                                                                                                                                                                                SHA-256:B5BBB9A1899DADF2BA6CCF0C88868C6C1200F7A095F6E1DBC686DA7CCC271452
                                                                                                                                                                                SHA-512:C8645C60B9E5CA4C73968EB7975ECD77E7828E74F95680EE8120CC2823027A3FE6F9F14B162D84C12C6E552F45712260F93BB85637DDCF22D619E9376A1B20D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.!qg.O"g.O"g.O"..L#k.O"..J#.O"w+L#..O"w+K#v.O"w+J#1.O"..K#..O"..N#~.O"g.N"-.O"/*F#..O"/*O#f.O"/*."f.O"g.."f.O"/*M#f.O"Richg.O"........PE..L.....$g.........."!...).............................................................G....@A........................@n..D....o..........................h:... ..Xd......p...................@..........@...............d............................text...J........................... ..`.rdata..`...........................@..@.data....a...........j..............@....fptable.............|..............@....rsrc................~..............@..@.reloc..Xd... ...f..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\MSIB315.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):795752
                                                                                                                                                                                Entropy (8bit):6.725505843430141
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:367D9C1FB0E917819A12E6492A88C6B9
                                                                                                                                                                                SHA1:E8144A631337CC47F87C9A171F95CB955B5E0656
                                                                                                                                                                                SHA-256:B5BBB9A1899DADF2BA6CCF0C88868C6C1200F7A095F6E1DBC686DA7CCC271452
                                                                                                                                                                                SHA-512:C8645C60B9E5CA4C73968EB7975ECD77E7828E74F95680EE8120CC2823027A3FE6F9F14B162D84C12C6E552F45712260F93BB85637DDCF22D619E9376A1B20D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.!qg.O"g.O"g.O"..L#k.O"..J#.O"w+L#..O"w+K#v.O"w+J#1.O"..K#..O"..N#~.O"g.N"-.O"/*F#..O"/*O#f.O"/*."f.O"g.."f.O"/*M#f.O"Richg.O"........PE..L.....$g.........."!...).............................................................G....@A........................@n..D....o..........................h:... ..Xd......p...................@..........@...............d............................text...J........................... ..`.rdata..`...........................@..@.data....a...........j..............@....fptable.............|..............@....rsrc................~..............@..@.reloc..Xd... ...f..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\SourceHash{7A9DB5C8-BB7E-475A-A6B2-F867AB4DA720}

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):1.165141112296399
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2261CB0ABC8C5A6DACC39425593354D8
                                                                                                                                                                                SHA1:C6BDE231294F1657E19F2152074F2AE81518C715
                                                                                                                                                                                SHA-256:62ED2C5259B5618BED0DCE1399D957A9C917C8ACD212AB50B6980CEE59AF2E4F
                                                                                                                                                                                SHA-512:049C9C867277E92582388F6D317999FC7FE7C62467AFF8328AAC5209F93DF60DC2AA21EE603E8C2468261A1C2A860E719A8C3F7B11EC4BC0DEA2EDE07CBFF8B7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):1.5847397170693398
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:90F2DA5EA18115E1463712E733F0B76E
                                                                                                                                                                                SHA1:9E944F35C0AF223503FEBBF8C6D4D7D7B7C8CB5F
                                                                                                                                                                                SHA-256:0955BFCED42E253F7565A40201D6CBD7A5FCAFC8A9BA07D9FE79C63C1CEC2CB0
                                                                                                                                                                                SHA-512:7104BB2DC25930A2134545241EDBE7FD7FB90F341B826C4E449E815B85936742233DABA6FC649E212F350AABDBAE64D12654741F3FB3561333C4C940DC68150F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1013983
                                                                                                                                                                                Entropy (8bit):5.410971331075811
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:1B1F8D8ACF84F60838DC924BCC336DC7
                                                                                                                                                                                SHA1:7F3F5BC8F4B3BD2DC228740E34CAF3503BA10CA6
                                                                                                                                                                                SHA-256:3F3454A53ED8726CBA866426F101D4E28697DD19C0BFDCADF85366C3F8F46EF0
                                                                                                                                                                                SHA-512:204FD0D8B0501BCB0F21BAE1638747DB8F5C92104222D7899C23C116B548C8B8364F1DB8C53AEF64B8C6039DE78565E4C8B9E13D1EB85743F8B9618B38E19ED2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                                                                                                                                                                                C:\Windows\Temp\~DF1357CFD307B16772.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):1.5847397170693398
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:90F2DA5EA18115E1463712E733F0B76E
                                                                                                                                                                                SHA1:9E944F35C0AF223503FEBBF8C6D4D7D7B7C8CB5F
                                                                                                                                                                                SHA-256:0955BFCED42E253F7565A40201D6CBD7A5FCAFC8A9BA07D9FE79C63C1CEC2CB0
                                                                                                                                                                                SHA-512:7104BB2DC25930A2134545241EDBE7FD7FB90F341B826C4E449E815B85936742233DABA6FC649E212F350AABDBAE64D12654741F3FB3561333C4C940DC68150F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF13B12A67C6453B94.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                Entropy (8bit):0.14455910527093485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:370209088C6BC174E53EDFB4ACD45810
                                                                                                                                                                                SHA1:687B436A69806C2DEB3C73F4CE6AEB664A13CFCE
                                                                                                                                                                                SHA-256:7CD96EE539718261FA37F61BE79034A34D285C59B70AABBFC41B01BCDB800E6F
                                                                                                                                                                                SHA-512:0A06D150DDFA1F3442BBE97CB182E1EE8F598807BDF8C7954F68ED0E389DE5979338EE531BCCD1A68B81EB89D129193E926EC61A05A15C8B58B50EC225D3E704
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF506499CA7D398B5C.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF570B25632E3E469A.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF704DF1CA2DB5AC05.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):1.5847397170693398
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:90F2DA5EA18115E1463712E733F0B76E
                                                                                                                                                                                SHA1:9E944F35C0AF223503FEBBF8C6D4D7D7B7C8CB5F
                                                                                                                                                                                SHA-256:0955BFCED42E253F7565A40201D6CBD7A5FCAFC8A9BA07D9FE79C63C1CEC2CB0
                                                                                                                                                                                SHA-512:7104BB2DC25930A2134545241EDBE7FD7FB90F341B826C4E449E815B85936742233DABA6FC649E212F350AABDBAE64D12654741F3FB3561333C4C940DC68150F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF829FE9A653034436.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DF84EA78AC0BFB7562.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                Entropy (8bit):1.2679716314284137
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0AA76A32F7716104A3921ABE61E2F0F0
                                                                                                                                                                                SHA1:3B45261F67F6B8C73805E91E73B4F3D3059C5797
                                                                                                                                                                                SHA-256:7F0E75C2410E5B6C6961FC776D070721D758CC0C5FD892BDB90AD85F3F4EAF2B
                                                                                                                                                                                SHA-512:9BA7D1B71192F4A703797C04BAF1779355A05CFF50C15C6016698DA61784B04F296BD3FD824BA9432D16B95FF61DFD537FF17D7E6EBC9685784516927563C389
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DFAF3F57CB1A98FB42.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DFB4CD2F617F19AFED.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                Entropy (8bit):0.07262303271918691
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:305D94F6F52FB0EF320EA64D6984ED41
                                                                                                                                                                                SHA1:4D6042D870A2F5330F657766A32B5C0159D90B10
                                                                                                                                                                                SHA-256:A6A121A00719E06B437D37A33AC93294F374C9A457666AA6A30A21F055F109C1
                                                                                                                                                                                SHA-512:3EB3D6C6DE660474E391BAE947E56477CAC5969F634440FCA782619FE37241700927004AB9383384441B7C56AA98D9A840F5C90B13AEC9E263AE8697758EB6D6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DFCEECDD00A2A63EAD.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                Entropy (8bit):1.2679716314284137
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0AA76A32F7716104A3921ABE61E2F0F0
                                                                                                                                                                                SHA1:3B45261F67F6B8C73805E91E73B4F3D3059C5797
                                                                                                                                                                                SHA-256:7F0E75C2410E5B6C6961FC776D070721D758CC0C5FD892BDB90AD85F3F4EAF2B
                                                                                                                                                                                SHA-512:9BA7D1B71192F4A703797C04BAF1779355A05CFF50C15C6016698DA61784B04F296BD3FD824BA9432D16B95FF61DFD537FF17D7E6EBC9685784516927563C389
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DFF9157750974EE3CA.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                Entropy (8bit):1.2679716314284137
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:0AA76A32F7716104A3921ABE61E2F0F0
                                                                                                                                                                                SHA1:3B45261F67F6B8C73805E91E73B4F3D3059C5797
                                                                                                                                                                                SHA-256:7F0E75C2410E5B6C6961FC776D070721D758CC0C5FD892BDB90AD85F3F4EAF2B
                                                                                                                                                                                SHA-512:9BA7D1B71192F4A703797C04BAF1779355A05CFF50C15C6016698DA61784B04F296BD3FD824BA9432D16B95FF61DFD537FF17D7E6EBC9685784516927563C389
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Temp\~DFF9D62DAA480A8711.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {249F5AB3-2E2B-4EC5-91BA-1BEA3464F645}, Number of Words: 10, Subject: OneStart PDF, Author: OneStart.ai, Name of Creating Application: OneStart PDF, Template: ;1033, Comments: OneStart PDF 4.5.264.2, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec 12 05:54:07 2024, Last Saved Time/Date: Thu Dec 12 05:54:07 2024, Last Printed: Thu Dec 12 05:54:07 2024, Number of Pages: 450
                                                                                                                                                                                Entropy (8bit):6.635648546295468
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                File name:SmartEasyPDF.msi
                                                                                                                                                                                File size:4'000'768 bytes
                                                                                                                                                                                MD5:e5869064f95aa66ed6929d8f80706200
                                                                                                                                                                                SHA1:e1c6f8ae524d8bd9ef91fbeccfcb8952b00d25fa
                                                                                                                                                                                SHA256:7d5e85dbdbf85ed033be48f7ef38ef438be15db869b2950a359f9e23cc1f58cb
                                                                                                                                                                                SHA512:8b8a2676c78b3c088dfbf82ae9a512e949e12004589052a20a323c164309ad6b454a5424970b1e7b8293a116b0c9403a9f99a2e436df849ffd2d82a9d0e73233
                                                                                                                                                                                SSDEEP:49152:rJTcz0A+biU50unDNyGAhmq6KGk/cHrOGGY8Wea/xwuy2QxNwCsec+4VGWSlnfYC:yKUhN6TkkHQ2tVvO3PfY4
                                                                                                                                                                                TLSH:9306AF21796EC137EA6F04719939EA6AA43D6DE30B7009EBA3F0F85959305C27335F42
                                                                                                                                                                                File Content Preview:........................>...................>...................................H.......d.......l...............................a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v..

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:19:58:49
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SmartEasyPDF.msi"
                                                                                                                                                                                Imagebase:0x7ff636dc0000
                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:1
                                                                                                                                                                                Start time:19:58:50
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                Imagebase:0x7ff636dc0000
                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:3
                                                                                                                                                                                Start time:19:58:50
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding BA5B668C86246B4B76A2E748C6F2A6C7 C
                                                                                                                                                                                Imagebase:0x280000
                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:6
                                                                                                                                                                                Start time:19:58:54
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0B385DF9E52CFAC2C87A6C4EC5EDF80A
                                                                                                                                                                                Imagebase:0x280000
                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:7
                                                                                                                                                                                Start time:19:59:06
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2" "1" "1"
                                                                                                                                                                                Imagebase:0x7ff612fe0000
                                                                                                                                                                                File size:103'834'688 bytes
                                                                                                                                                                                MD5 hash:1D599092628613F06912EC455CA61F96
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:8
                                                                                                                                                                                Start time:19:59:14
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\ONESTART.PACKED.7Z" "install" "15" "2" "1" "1"
                                                                                                                                                                                Imagebase:0x7ff69e920000
                                                                                                                                                                                File size:4'918'336 bytes
                                                                                                                                                                                MD5 hash:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 3%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:19:59:14
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
                                                                                                                                                                                Imagebase:0x7ff69e920000
                                                                                                                                                                                File size:4'918'336 bytes
                                                                                                                                                                                MD5 hash:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:10
                                                                                                                                                                                Start time:19:59:42
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding
                                                                                                                                                                                Imagebase:0x7ff661fc0000
                                                                                                                                                                                File size:1'284'712 bytes
                                                                                                                                                                                MD5 hash:6DEC68B6FD984A4CE3B82BE995745EA1
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:11
                                                                                                                                                                                Start time:19:59:42
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff6620ee638,0x7ff6620ee644,0x7ff6620ee650
                                                                                                                                                                                Imagebase:0x7ff684860000
                                                                                                                                                                                File size:2'742'376 bytes
                                                                                                                                                                                MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:12
                                                                                                                                                                                Start time:19:59:42
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
                                                                                                                                                                                Imagebase:0x7ff69e920000
                                                                                                                                                                                File size:4'918'336 bytes
                                                                                                                                                                                MD5 hash:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:13
                                                                                                                                                                                Start time:19:59:42
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_39F0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff69ed68148,0x7ff69ed68154,0x7ff69ed68160
                                                                                                                                                                                Imagebase:0x7ff69e920000
                                                                                                                                                                                File size:4'918'336 bytes
                                                                                                                                                                                MD5 hash:235FDB3B59EE9DC1069F9C05F6734E16
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:15
                                                                                                                                                                                Start time:19:59:43
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:16
                                                                                                                                                                                Start time:19:59:43
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:17
                                                                                                                                                                                Start time:19:59:44
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:18
                                                                                                                                                                                Start time:19:59:45
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:19
                                                                                                                                                                                Start time:19:59:45
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2204,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:20
                                                                                                                                                                                Start time:19:59:45
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\Installer\MSI751E.tmp
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\Installer\MSI751E.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                File size:431'472 bytes
                                                                                                                                                                                MD5 hash:E353265F4E1C668A8298DEA85EFCDB99
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:21
                                                                                                                                                                                Start time:19:59:46
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
                                                                                                                                                                                Imagebase:0x7ff757110000
                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:22
                                                                                                                                                                                Start time:19:59:46
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
                                                                                                                                                                                Imagebase:0x7ff757110000
                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:23
                                                                                                                                                                                Start time:19:59:46
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7d9fb0000
                                                                                                                                                                                File size:875'008 bytes
                                                                                                                                                                                MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:24
                                                                                                                                                                                Start time:19:59:46
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7d9fb0000
                                                                                                                                                                                File size:875'008 bytes
                                                                                                                                                                                MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:25
                                                                                                                                                                                Start time:19:59:46
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=3740,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:26
                                                                                                                                                                                Start time:19:59:47
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:27
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:28
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"
                                                                                                                                                                                Imagebase:0x7ff757110000
                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:29
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0x170,0x18c,0x190,0x16c,0x194,0x7ff7c119fe98,0x7ff7c119fea4,0x7ff7c119feb0
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:30
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:31
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\cmd.exe" /c
                                                                                                                                                                                Imagebase:0x1b0000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:32
                                                                                                                                                                                Start time:19:59:48
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7d9fb0000
                                                                                                                                                                                File size:875'008 bytes
                                                                                                                                                                                MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:33
                                                                                                                                                                                Start time:19:59:49
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                Imagebase:0x7ff741fa0000
                                                                                                                                                                                File size:4'849'904 bytes
                                                                                                                                                                                MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:34
                                                                                                                                                                                Start time:19:59:49
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2278836340 --field-trial-handle=4224,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:35
                                                                                                                                                                                Start time:19:59:49
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2279306504 --field-trial-handle=4264,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:36
                                                                                                                                                                                Start time:19:59:50
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4704,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:37
                                                                                                                                                                                Start time:19:59:51
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:38
                                                                                                                                                                                Start time:19:59:53
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2282910163 --field-trial-handle=5024,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:39
                                                                                                                                                                                Start time:19:59:53
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1734481310543143 --launch-time-ticks=2283053282 --field-trial-handle=5104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:40
                                                                                                                                                                                Start time:19:59:56
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:41
                                                                                                                                                                                Start time:19:59:56
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=130.0.6723.134 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff3f137c38,0x7fff3f137c44,0x7fff3f137c50
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:42
                                                                                                                                                                                Start time:19:59:56
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6080,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:43
                                                                                                                                                                                Start time:19:59:56
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6104,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:45
                                                                                                                                                                                Start time:19:59:56
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:47
                                                                                                                                                                                Start time:19:59:57
                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6228,i,383973591242490451,13989702884434094133,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
                                                                                                                                                                                Imagebase:0x7ff7c0ed0000
                                                                                                                                                                                File size:3'398'208 bytes
                                                                                                                                                                                MD5 hash:7FEF4A3EB9816CF40E87AFBF9CD9A168
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF613076EB4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.22740484465.00007FF612FE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF612FE0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.22740453082.00007FF612FE0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740705433.00007FF6130CD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740767249.00007FF6130F7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740835565.00007FF613105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740895812.00007FF61310F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740949433.00007FF61311B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740949433.00007FF613B1B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.22740949433.00007FF61451B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff612fe0000_onestart_installer.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: 2d2647ffc4108dfcda7e0b134a1551789ef51a18b649b1ff2ffad08577e0a1de
                                                                                                                                                                                  • Instruction ID: 26c38ae2368f336564c9e7c46a798274166eed66f9cab1c286e7e84951270ae4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d2647ffc4108dfcda7e0b134a1551789ef51a18b649b1ff2ffad08577e0a1de
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00112A22B14F018AEB00CF61E8562B833A4FB19B69F441E31DA6ED67A8DF7CD1548340

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF69EB9C224 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000008.00000002.22732570811.00007FF69E921000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69E920000, based on PE: true
                                                                                                                                                                                  • Associated: 00000008.00000002.22732518497.00007FF69E920000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733295888.00007FF69ECD1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733295888.00007FF69ECDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733295888.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733641355.00007FF69ED53000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733667078.00007FF69ED54000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733691973.00007FF69ED55000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733743307.00007FF69ED62000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733743307.00007FF69ED6A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733799589.00007FF69ED70000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733840468.00007FF69ED8B000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733874204.00007FF69ED8E000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733924836.00007FF69ED90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22733949614.00007FF69ED91000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000008.00000002.22734084347.00007FF69ED92000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_7ff69e920000_setup.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction ID: bf644cb56287c8aaaf9b683c282e25d2d5cafa3bdbc152b2dc8487c3f8be5fdb
                                                                                                                                                                                  • Opcode Fuzzy Hash: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90113322B14F018AEB10CF64E8942B933A4FB69758F441E35EA5DC7799DF7CD1588350

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF69EB9C224 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000009.00000002.22735890882.00007FF69E921000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69E920000, based on PE: true
                                                                                                                                                                                  • Associated: 00000009.00000002.22735852968.00007FF69E920000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736669200.00007FF69ECD1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736669200.00007FF69ECDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736669200.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736878439.00007FF69ED53000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736931051.00007FF69ED54000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22736979821.00007FF69ED55000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737014809.00007FF69ED62000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737014809.00007FF69ED6B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737078519.00007FF69ED70000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737124153.00007FF69ED8B000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737156266.00007FF69ED8E000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737189259.00007FF69ED90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737221437.00007FF69ED91000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000009.00000002.22737252858.00007FF69ED92000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ff69e920000_setup.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction ID: bf644cb56287c8aaaf9b683c282e25d2d5cafa3bdbc152b2dc8487c3f8be5fdb
                                                                                                                                                                                  • Opcode Fuzzy Hash: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90113322B14F018AEB10CF64E8942B933A4FB69758F441E35EA5DC7799DF7CD1588350

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF69EB9C224 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.22726117993.00007FF69E921000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69E920000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000C.00000002.22726089918.00007FF69E920000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22726865468.00007FF69ECD1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22726865468.00007FF69ECDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22726865468.00007FF69ECEB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727025463.00007FF69ED53000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727052898.00007FF69ED54000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727078168.00007FF69ED55000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727109210.00007FF69ED62000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727109210.00007FF69ED68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727109210.00007FF69ED6A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727198026.00007FF69ED70000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727244530.00007FF69ED8B000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727270932.00007FF69ED8E000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727306889.00007FF69ED90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727334690.00007FF69ED91000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000C.00000002.22727360725.00007FF69ED92000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff69e920000_setup.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction ID: bf644cb56287c8aaaf9b683c282e25d2d5cafa3bdbc152b2dc8487c3f8be5fdb
                                                                                                                                                                                  • Opcode Fuzzy Hash: a64bea84aced029193206796fe43a1b4d5659ee0d3aaa7c39d74393c40c0ea6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90113322B14F018AEB10CF64E8942B933A4FB69758F441E35EA5DC7799DF7CD1588350

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:3.7%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:12.2%
                                                                                                                                                                                  Total number of Nodes:1104
                                                                                                                                                                                  Total number of Limit Nodes:14
                                                                                                                                                                                  execution_graph 33988 a481b0 33991 a48210 GetTokenInformation 33988->33991 33992 a481e8 33991->33992 33993 a4828e GetLastError 33991->33993 33993->33992 33994 a48299 33993->33994 33995 a482a9 33994->33995 33996 a482de GetTokenInformation 33994->33996 33997 a482b9 33994->33997 33995->33996 33996->33992 34000 a484a0 50 API calls 33997->34000 33999 a482c2 33999->33996 34000->33999 34001 a69b32 34002 a69b3e 34001->34002 34027 a69682 34002->34027 34004 a69b45 34005 a69c98 34004->34005 34015 a69b6f 34004->34015 34073 a6a1f1 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 34005->34073 34007 a69c9f 34074 a7a713 44 API calls 34007->34074 34009 a69ca5 34075 a7a6d7 44 API calls 34009->34075 34011 a69cad 34012 a69b8e 34013 a69c0f 34038 a6a306 34013->34038 34015->34012 34015->34013 34072 a7a6ed 44 API calls 34015->34072 34016 a69c15 34042 a51ee0 GetCommandLineW 34016->34042 34028 a6968b 34027->34028 34076 a69cec IsProcessorFeaturePresent 34028->34076 34030 a69697 34077 a6cca8 10 API calls 34030->34077 34032 a6969c 34033 a696a0 34032->34033 34078 a7b1be 34032->34078 34033->34004 34036 a696b7 34036->34004 34145 a6ae90 34038->34145 34040 a6a319 GetStartupInfoW 34041 a6a32c 34040->34041 34041->34016 34043 a51f20 34042->34043 34147 a44f50 LocalAlloc 34043->34147 34045 a51f31 34148 a48de0 34045->34148 34047 a51f89 34048 a51f9d 34047->34048 34049 a51f8d 34047->34049 34156 a51090 LocalAlloc LocalAlloc 34048->34156 34203 a489d0 84 API calls 34049->34203 34052 a51fa9 34157 a513a0 34052->34157 34053 a51f96 34055 a520e6 ExitProcess 34053->34055 34060 a51feb 34175 a4ae70 34060->34175 34062 a52042 34063 a42ae0 45 API calls 34062->34063 34065 a52074 34062->34065 34063->34065 34067 a520c8 34065->34067 34181 a49060 34065->34181 34066 a520af 34066->34067 34204 a518c0 CreateFileW SetFilePointer WriteFile CloseHandle 34066->34204 34205 a440d0 45 API calls 34067->34205 34070 a520d7 34206 a520f0 LocalFree LocalFree 34070->34206 34072->34013 34073->34007 34074->34009 34075->34011 34076->34030 34077->34032 34082 a827f6 34078->34082 34081 a6ccc7 7 API calls 34081->34033 34083 a82806 34082->34083 34084 a696a9 34082->34084 34083->34084 34087 a7e910 34083->34087 34099 a7f530 VirtualProtect 34083->34099 34084->34036 34084->34081 34088 a7e91c 34087->34088 34100 a794a1 EnterCriticalSection 34088->34100 34090 a7e923 34101 a82e16 34090->34101 34093 a7e941 34116 a7e967 LeaveCriticalSection 34093->34116 34096 a7e952 34096->34083 34097 a7e93c 34115 a7e859 GetStdHandle GetFileType 34097->34115 34099->34083 34100->34090 34102 a82e22 34101->34102 34103 a82e2b 34102->34103 34104 a82e4c 34102->34104 34125 a6e5d2 13 API calls 34103->34125 34117 a794a1 EnterCriticalSection 34104->34117 34107 a82e30 34126 a6e437 44 API calls 34107->34126 34110 a7e932 34110->34093 34114 a7e7a9 47 API calls 34110->34114 34112 a82e58 34113 a82e84 34112->34113 34118 a82d66 34112->34118 34127 a82eab LeaveCriticalSection 34113->34127 34114->34097 34115->34093 34116->34096 34117->34112 34128 a7ed50 34118->34128 34120 a82d85 34136 a7ccb0 34120->34136 34125->34107 34126->34110 34127->34110 34129 a7ed5d 34128->34129 34130 a7eda0 34129->34130 34131 a7ed8b RtlAllocateHeap 34129->34131 34142 a82890 EnterCriticalSection LeaveCriticalSection 34129->34142 34143 a6e5d2 13 API calls 34130->34143 34131->34129 34132 a7ed9e 34131->34132 34132->34120 34135 a7f3d0 InitializeCriticalSectionEx 34132->34135 34137 a7ccbb HeapFree 34136->34137 34138 a7cce5 34136->34138 34137->34138 34139 a7ccd0 GetLastError 34137->34139 34138->34112 34140 a7ccdd 34139->34140 34144 a6e5d2 13 API calls 34140->34144 34142->34129 34143->34132 34144->34138 34146 a6aea7 34145->34146 34146->34040 34146->34146 34147->34045 34150 a48e32 34148->34150 34149 a48e74 34151 a694f0 5 API calls 34149->34151 34150->34149 34153 a48e62 34150->34153 34152 a48e82 34151->34152 34152->34047 34207 a694f0 34153->34207 34155 a48e70 34155->34047 34156->34052 34158 a513b4 34157->34158 34159 a5176e 34157->34159 34158->34159 34160 a51787 34158->34160 34164 a42ae0 34159->34164 34215 a48620 9 API calls 34160->34215 34162 a51791 RegOpenKeyExW 34162->34159 34163 a517ac RegQueryValueExW 34162->34163 34163->34159 34165 a42b01 34164->34165 34165->34165 34216 a43b70 34165->34216 34167 a42b19 34168 a49380 34167->34168 34224 a42b20 34168->34224 34170 a493c6 34240 a49b40 34170->34240 34176 a4ae7d 34175->34176 34177 a4ae7a 34175->34177 34178 a4ae8a 34176->34178 34305 a73173 45 API calls 34176->34305 34177->34062 34178->34062 34180 a4ae9d 34180->34062 34182 a49094 34181->34182 34183 a490a9 34181->34183 34182->34066 34306 a46050 GetCurrentProcess OpenProcessToken 34183->34306 34185 a490bc 34186 a49196 34185->34186 34188 a490d6 34185->34188 34187 a41fd0 65 API calls 34186->34187 34189 a491bd 34187->34189 34311 a41fd0 34188->34311 34191 a41fd0 65 API calls 34189->34191 34193 a491d2 34191->34193 34192 a490ea 34194 a41fd0 65 API calls 34192->34194 34195 a41fd0 65 API calls 34193->34195 34197 a49107 34194->34197 34196 a491e3 34195->34196 34376 a47800 34196->34376 34199 a41fd0 65 API calls 34197->34199 34200 a49115 34199->34200 34330 a46fe0 34200->34330 34202 a4912d 34202->34066 34203->34053 34204->34067 34205->34070 34206->34055 34208 a694f8 34207->34208 34209 a694f9 IsProcessorFeaturePresent 34207->34209 34208->34155 34211 a6989a 34209->34211 34214 a6985d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34211->34214 34213 a6997d 34213->34155 34214->34213 34215->34162 34217 a43c41 34216->34217 34220 a43b84 34216->34220 34223 a436e0 45 API calls 34217->34223 34220->34167 34226 a42b46 34224->34226 34225 a42c01 34278 a436e0 45 API calls 34225->34278 34226->34225 34230 a42bfc 34226->34230 34232 a42b95 34226->34232 34233 a42bd0 LocalAlloc 34226->34233 34235 a42b5b 34226->34235 34228 a42c06 34279 a6e447 34228->34279 34277 a43b50 RaiseException 34230->34277 34232->34230 34236 a42b9c LocalAlloc 34232->34236 34233->34235 34235->34170 34236->34228 34237 a42bab 34236->34237 34237->34235 34241 a49b9a 34240->34241 34245 a49d02 34240->34245 34244 a49bc5 34241->34244 34241->34245 34242 a694f0 5 API calls 34243 a493db 34242->34243 34267 a49e60 34243->34267 34246 a49e41 34244->34246 34247 a49be2 34244->34247 34249 a49e4b 34245->34249 34250 a49d5b 34245->34250 34262 a49ce9 34245->34262 34302 a446e0 45 API calls 34246->34302 34251 a43b70 45 API calls 34247->34251 34303 a446e0 45 API calls 34249->34303 34254 a43b70 45 API calls 34250->34254 34255 a49c06 34251->34255 34252 a49e46 34256 a6e447 44 API calls 34252->34256 34258 a49d7f 34254->34258 34295 a4a150 48 API calls 34255->34295 34256->34249 34260 a43d20 45 API calls 34258->34260 34260->34262 34261 a49c21 34296 a43d20 34261->34296 34262->34242 34264 a49c6a 34264->34252 34264->34262 34265 a49cde 34264->34265 34265->34262 34266 a49ce2 LocalFree 34265->34266 34266->34262 34276 a49edc 34267->34276 34268 a493f3 34268->34060 34269 a4a0f7 34269->34268 34271 a4a111 LocalFree 34269->34271 34270 a4a141 34272 a6e447 44 API calls 34270->34272 34271->34268 34273 a4a146 34272->34273 34304 a446e0 45 API calls 34273->34304 34276->34268 34276->34269 34276->34270 34276->34273 34284 a6e383 44 API calls 34279->34284 34281 a6e456 34285 a6e464 IsProcessorFeaturePresent 34281->34285 34283 a6e463 34284->34281 34286 a6e470 34285->34286 34289 a6e23b 34286->34289 34290 a6e257 34289->34290 34291 a6e283 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 34290->34291 34292 a6e354 34291->34292 34293 a694f0 5 API calls 34292->34293 34294 a6e372 GetCurrentProcess TerminateProcess 34293->34294 34294->34283 34295->34261 34297 a43d77 34296->34297 34301 a43d4d 34296->34301 34297->34264 34298 a43d70 LocalFree 34298->34297 34299 a43d6a 34299->34297 34299->34298 34300 a6e447 44 API calls 34300->34301 34301->34264 34301->34296 34301->34299 34301->34300 34305->34180 34307 a46077 GetTokenInformation 34306->34307 34308 a46071 34306->34308 34309 a460a6 34307->34309 34310 a460ae CloseHandle 34307->34310 34308->34185 34309->34310 34310->34185 34426 a425a0 34311->34426 34314 a42109 34445 a418e0 LocalFree RaiseException 34314->34445 34316 a420ab 34320 a420bb 34316->34320 34446 a418e0 LocalFree RaiseException 34316->34446 34318 a4211d 34319 a4200a 34319->34320 34441 a41cc0 10 API calls 34319->34441 34320->34192 34322 a42048 34322->34320 34323 a42052 FindResourceW 34322->34323 34323->34320 34324 a4206a 34323->34324 34442 a41d80 LoadResource LockResource SizeofResource 34324->34442 34326 a42074 34326->34320 34327 a4209b 34326->34327 34443 a42810 44 API calls 34326->34443 34444 a6e8d2 44 API calls 34327->34444 34331 a46050 4 API calls 34330->34331 34332 a4702a 34331->34332 34333 a47030 34332->34333 34334 a47052 CoInitialize CoCreateInstance 34332->34334 34335 a47800 88 API calls 34333->34335 34336 a47095 VariantInit 34334->34336 34341 a4708c 34334->34341 34337 a4704a 34335->34337 34338 a470e3 34336->34338 34340 a694f0 5 API calls 34337->34340 34343 a470f2 IUnknown_QueryService 34338->34343 34349 a470e9 VariantClear 34338->34349 34339 a47689 CoUninitialize 34339->34337 34342 a476a9 34340->34342 34341->34337 34341->34339 34342->34202 34345 a47121 34343->34345 34343->34349 34346 a471aa IUnknown_QueryInterface_Proxy 34345->34346 34345->34349 34347 a471b9 34346->34347 34346->34349 34348 a4720c IUnknown_QueryInterface_Proxy 34347->34348 34347->34349 34348->34349 34350 a4721b CoAllowSetForegroundWindow 34348->34350 34349->34341 34351 a47292 SysAllocString 34350->34351 34352 a4722f SysAllocString 34350->34352 34351->34352 34358 a476b2 34351->34358 34355 a47262 SysAllocString 34352->34355 34356 a4725a 34352->34356 34357 a472ab VariantInit 34355->34357 34360 a47288 34355->34360 34356->34355 34356->34358 34372 a47331 34357->34372 34514 a418e0 LocalFree RaiseException 34358->34514 34359 a476c6 34359->34202 34360->34357 34360->34358 34361 a47337 VariantClear VariantClear VariantClear VariantClear SysFreeString 34361->34349 34363 a43b70 45 API calls 34363->34372 34366 a43d20 45 API calls 34366->34372 34367 a476ad 34369 a6e447 44 API calls 34367->34369 34368 a47428 LocalFree 34368->34372 34369->34358 34370 a4747d OpenProcess WaitForSingleObject 34371 a474b2 GetExitCodeProcess 34370->34371 34370->34372 34371->34372 34372->34361 34372->34363 34372->34366 34372->34367 34372->34368 34372->34370 34374 a474cc CloseHandle 34372->34374 34375 a47517 LocalFree 34372->34375 34453 a44170 34372->34453 34481 a462b0 CreateToolhelp32Snapshot 34372->34481 34503 a46b50 34372->34503 34374->34372 34375->34372 34377 a47874 34376->34377 35235 a42120 45 API calls 34377->35235 34379 a4788c 35236 a42120 45 API calls 34379->35236 34381 a478a3 35237 a47fb0 57 API calls 34381->35237 34383 a478bb 34384 a47c8b 34383->34384 34385 a478ea 34383->34385 35238 a42810 44 API calls 34383->35238 35246 a418e0 LocalFree RaiseException 34384->35246 35239 a72f8c 46 API calls 34385->35239 34388 a47c95 GetWindowThreadProcessId 34390 a47cf1 34388->34390 34391 a47cbe GetWindowLongW 34388->34391 34390->34202 34391->34202 34392 a478f8 34392->34384 34393 a47909 34392->34393 35240 a42120 45 API calls 34393->35240 34395 a47a08 34396 a47a66 34395->34396 34397 a47a5d GetForegroundWindow 34395->34397 34398 a47a76 ShellExecuteExW 34396->34398 34397->34396 34399 a47a90 34398->34399 34400 a47a87 34398->34400 34402 a47acb 34399->34402 34404 a47aa6 ShellExecuteExW 34399->34404 35243 a47e40 6 API calls 34400->35243 34411 a47af7 GetModuleHandleW GetProcAddress 34402->34411 34412 a47bae 34402->34412 34403 a479cf GetWindowsDirectoryW 35241 a41950 68 API calls 34403->35241 34404->34402 34407 a47ac2 34404->34407 34406 a479f0 35242 a41950 68 API calls 34406->35242 35244 a47e40 6 API calls 34407->35244 34408 a4791e 34408->34395 34408->34403 34415 a47b1b AllowSetForegroundWindow 34411->34415 34413 a47bd8 34412->34413 34416 a47bc2 WaitForSingleObject GetExitCodeProcess 34412->34416 35245 a47f30 CloseHandle 34413->35245 34415->34412 34418 a47b2f 34415->34418 34416->34413 34418->34412 34419 a47b38 GetModuleHandleW GetProcAddress 34418->34419 34419->34412 34423 a47b56 34419->34423 34420 a47be7 34421 a694f0 5 API calls 34420->34421 34422 a47c83 34421->34422 34422->34202 34423->34412 34424 a47b6c Sleep EnumWindows 34423->34424 34424->34423 34425 a47b98 SetWindowPos 34424->34425 34425->34412 34427 a4262c 34426->34427 34428 a425d8 34426->34428 34440 a42000 34427->34440 34450 a695a8 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 34427->34450 34447 a695a8 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 34428->34447 34430 a425e2 34430->34427 34432 a425ee GetProcessHeap 34430->34432 34448 a69848 47 API calls 34432->34448 34434 a42646 34434->34440 34451 a69848 47 API calls 34434->34451 34435 a4261b 34449 a69557 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 34435->34449 34437 a426a6 34452 a69557 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 34437->34452 34440->34314 34440->34319 34441->34322 34442->34326 34443->34327 34444->34316 34445->34316 34446->34318 34447->34430 34448->34435 34449->34427 34450->34434 34451->34437 34452->34440 34515 a44380 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34453->34515 34455 a441f0 34456 a442df 34455->34456 34457 a441f9 34455->34457 34462 a44325 34456->34462 34467 a442c9 34456->34467 34458 a44223 34457->34458 34459 a4434c 34457->34459 34463 a43b70 45 API calls 34458->34463 34517 a446e0 45 API calls 34459->34517 34460 a694f0 5 API calls 34464 a44348 34460->34464 34516 a44850 48 API calls 34462->34516 34468 a44243 34463->34468 34464->34372 34465 a44351 34466 a6e447 44 API calls 34465->34466 34472 a44356 34466->34472 34467->34460 34470 a43d20 45 API calls 34468->34470 34474 a44258 34468->34474 34470->34474 34471 a445a1 34471->34372 34472->34471 34473 a4459a LocalFree 34472->34473 34476 a44594 34472->34476 34477 a445c5 34472->34477 34473->34471 34474->34465 34474->34467 34475 a442be 34474->34475 34475->34467 34478 a442c2 LocalFree 34475->34478 34476->34471 34476->34473 34479 a6e447 44 API calls 34477->34479 34478->34467 34480 a445ca 34479->34480 34482 a46378 34481->34482 34483 a4634a CloseHandle 34481->34483 34485 a4638b Process32FirstW 34482->34485 34484 a46575 34483->34484 34488 a694f0 5 API calls 34484->34488 34486 a46542 34485->34486 34487 a463b3 OpenProcess 34485->34487 34486->34484 34490 a46564 CloseHandle 34486->34490 34499 a463e5 34487->34499 34489 a465c1 34488->34489 34489->34372 34490->34484 34491 a46517 CloseHandle 34493 a46527 Process32NextW 34491->34493 34493->34486 34493->34487 34494 a43b70 45 API calls 34494->34499 34495 a465c5 34549 a525ca RaiseException 34495->34549 34498 a43d20 45 API calls 34498->34499 34499->34491 34499->34493 34499->34494 34499->34495 34499->34498 34500 a464ef 34499->34500 34518 a466a0 34499->34518 34544 a46f60 34499->34544 34548 a46d20 52 API calls 34500->34548 34504 a46d06 34503->34504 34511 a46b88 34503->34511 34504->34372 34505 a46b96 OpenProcess OpenProcess 34505->34511 34506 a46cb9 CloseHandle 34506->34511 34507 a46bee GetProcessTimes GetProcessTimes 34507->34511 34508 a46cd9 CloseHandle 34508->34511 34509 a46c27 CloseHandle 34509->34511 34510 a46c4b CloseHandle 34510->34511 34511->34504 34511->34505 34511->34506 34511->34507 34511->34508 34511->34509 34511->34510 34512 a46c77 CloseHandle 34511->34512 34513 a46c97 CloseHandle 34511->34513 34512->34511 34513->34511 34514->34359 34515->34455 34516->34467 34550 a46150 GetSystemDirectoryW 34518->34550 34521 a46720 GetProcAddress 34523 a46736 NtQueryInformationProcess 34521->34523 34524 a469ac GetLastError 34521->34524 34522 a467a6 34525 a46a04 FreeLibrary 34522->34525 34526 a46a15 34522->34526 34523->34522 34530 a46763 34523->34530 34524->34522 34525->34526 34527 a694f0 5 API calls 34526->34527 34529 a46a2e 34527->34529 34529->34499 34531 a46776 ReadProcessMemory 34530->34531 34531->34522 34532 a467dc 34531->34532 34533 a467e9 ReadProcessMemory 34532->34533 34533->34522 34534 a46843 34533->34534 34534->34522 34535 a468a5 34534->34535 34564 a44610 48 API calls 34534->34564 34536 a468c8 ReadProcessMemory 34535->34536 34536->34522 34538 a4690f 34536->34538 34538->34522 34539 a46952 34538->34539 34541 a46a32 34538->34541 34539->34522 34540 a46956 LocalFree 34539->34540 34540->34522 34542 a6e447 44 API calls 34541->34542 34543 a46a37 34542->34543 34543->34499 34545 a46f75 34544->34545 34567 a4af60 34545->34567 34548->34499 34551 a461c3 34550->34551 34563 a46215 34550->34563 34552 a41fd0 65 API calls 34551->34552 34551->34563 34555 a461d6 34552->34555 34553 a46274 34556 a694f0 5 API calls 34553->34556 34554 a4626b GetLastError 34554->34553 34565 a42880 46 API calls 34555->34565 34558 a46298 34556->34558 34558->34521 34558->34522 34559 a461e9 34566 a42880 46 API calls 34559->34566 34561 a461f8 34562 a4620a LoadLibraryExW 34561->34562 34561->34563 34562->34563 34563->34553 34563->34554 34564->34536 34565->34559 34566->34561 34572 a4cf60 34567->34572 34569 a46fa9 34569->34499 34570 a4b7f0 77 API calls 34571 a4af98 34570->34571 34571->34569 34571->34570 34605 a56787 34572->34605 34574 a4cfa6 34608 a43380 34574->34608 34576 a4cfd0 34625 a4ccb0 34576->34625 34578 a4cfe3 34579 a4d017 34578->34579 34580 a4d00c 34578->34580 34583 a4d04a 34578->34583 34581 a694f0 5 API calls 34579->34581 34580->34579 34584 a4d010 LocalFree 34580->34584 34582 a4d041 34581->34582 34582->34571 34585 a6e447 44 API calls 34583->34585 34584->34579 34586 a4d04f 34585->34586 34673 a6e5d2 13 API calls 34586->34673 34588 a4d143 34674 a44960 48 API calls 34588->34674 34591 a4d0f3 34591->34588 34592 a4d18f 34591->34592 34602 a4d1a0 34591->34602 34675 a78aed 53 API calls 34591->34675 34676 a50f90 53 API calls 34592->34676 34594 a4d1ec 34595 a694f0 5 API calls 34594->34595 34598 a4d219 34595->34598 34596 a4d1e1 34596->34594 34597 a4d1e5 LocalFree 34596->34597 34597->34594 34598->34571 34599 a4d2fb 34600 a6e447 44 API calls 34599->34600 34601 a4d300 34600->34601 34603 a4d371 LocalFree 34601->34603 34604 a4d378 34601->34604 34602->34594 34602->34596 34602->34599 34603->34604 34604->34571 34677 a48700 LocalAlloc 34605->34677 34607 a56792 34607->34574 34609 a4343f 34608->34609 34614 a43394 34608->34614 34678 a436e0 45 API calls 34609->34678 34611 a43444 34679 a43b50 RaiseException 34611->34679 34612 a433c9 LocalAlloc 34616 a433e3 34612->34616 34617 a43449 34612->34617 34614->34612 34618 a43399 34614->34618 34619 a43413 LocalAlloc 34614->34619 34620 a4340a 34614->34620 34616->34618 34621 a6e447 44 API calls 34617->34621 34618->34576 34619->34618 34620->34611 34620->34612 34622 a4344e 34621->34622 34623 a43380 45 API calls 34622->34623 34624 a43483 34623->34624 34624->34576 34680 a56624 34625->34680 34627 a4cce8 34690 a56867 34627->34690 34633 a56787 LocalAlloc 34635 a4cfa6 34633->34635 34636 a43380 47 API calls 34635->34636 34638 a4cfd0 34636->34638 34639 a4ccb0 110 API calls 34638->34639 34641 a4cfe3 34639->34641 34642 a4d017 34641->34642 34643 a4d00c 34641->34643 34646 a4d04a 34641->34646 34644 a694f0 5 API calls 34642->34644 34643->34642 34647 a4d010 LocalFree 34643->34647 34645 a4d041 34644->34645 34645->34578 34649 a6e447 44 API calls 34646->34649 34647->34642 34648 a4cdb9 34764 a5676d 34648->34764 34650 a4d04f 34649->34650 34780 a6e5d2 13 API calls 34650->34780 34651 a4ce44 34773 a568bf 34651->34773 34653 a4cef5 34655 a4cf09 34653->34655 34768 a52627 34653->34768 34655->34578 34656 a4d143 34781 a44960 48 API calls 34656->34781 34659 a4d0f3 34659->34656 34660 a4d18f 34659->34660 34670 a4d1a0 34659->34670 34782 a78aed 53 API calls 34659->34782 34783 a50f90 53 API calls 34660->34783 34662 a4d1ec 34663 a694f0 5 API calls 34662->34663 34666 a4d219 34663->34666 34664 a4d1e1 34664->34662 34665 a4d1e5 LocalFree 34664->34665 34665->34662 34666->34578 34667 a4d2fb 34668 a6e447 44 API calls 34667->34668 34669 a4d300 34668->34669 34671 a4d371 LocalFree 34669->34671 34672 a4d378 34669->34672 34670->34662 34670->34664 34670->34667 34671->34672 34672->34578 34673->34591 34674->34591 34675->34591 34676->34602 34677->34607 34681 a56630 34680->34681 34682 a56867 45 API calls 34681->34682 34683 a5663b 34682->34683 34684 a56787 LocalAlloc 34683->34684 34689 a56656 34683->34689 34686 a5664e 34684->34686 34685 a568bf 2 API calls 34688 a566a9 34685->34688 34784 a567aa 46 API calls 34686->34784 34688->34627 34689->34685 34691 a56876 34690->34691 34692 a5687d 34690->34692 34785 a79508 44 API calls 34691->34785 34695 a4cd0f 34692->34695 34786 a68c8c EnterCriticalSection 34692->34786 34695->34653 34696 a54b54 34695->34696 34787 a79406 34696->34787 34698 a54b60 34792 a54abe 34698->34792 34700 a4cd75 34700->34648 34701 a54b8a 34700->34701 34702 a54b96 34701->34702 34731 a54bea 34702->34731 35199 a4bff0 34702->35199 34705 a4bff0 46 API calls 34710 a54c16 34705->34710 34706 a4bff0 46 API calls 34712 a54d0f 34706->34712 34708 a54bb5 35205 a48700 LocalAlloc 34708->35205 34709 a54bef 35217 a4c840 82 API calls 34709->35217 34715 a54c1d 34710->34715 34716 a54c3b 34710->34716 34719 a54d15 34712->34719 34720 a54d3e 34712->34720 34713 a54d5d 34897 a5eb07 34713->34897 35218 a48700 LocalAlloc 34715->35218 35219 a54047 75 API calls 34716->35219 34718 a54bf7 34726 a549f5 47 API calls 34718->34726 35225 a48700 LocalAlloc 34719->35225 35226 a53fb2 75 API calls 34720->35226 34722 a54bbf 34729 a54bdc 34722->34729 35206 a4c3c0 44 API calls 34722->35206 34725 a54c24 34737 a549f5 47 API calls 34725->34737 34726->34731 34728 a54d68 35048 a5e635 34728->35048 35207 a549f5 34729->35207 34730 a54d44 34736 a549f5 47 API calls 34730->34736 34731->34705 34761 a54ce7 34731->34761 34732 a54d1c 34740 a549f5 47 API calls 34732->34740 34738 a54d39 34736->34738 34739 a54c4e 34737->34739 34805 a66a44 34738->34805 34741 a4bff0 46 API calls 34739->34741 34740->34738 34743 a54c5b 34741->34743 34742 a54d74 34742->34648 34744 a54c80 34743->34744 34745 a54c62 34743->34745 35221 a540dc 75 API calls 34744->35221 35220 a48700 LocalAlloc 34745->35220 34748 a54c69 34749 a549f5 47 API calls 34748->34749 34750 a54c91 34749->34750 34751 a4bff0 46 API calls 34750->34751 34752 a54c9e 34751->34752 34753 a54ca2 34752->34753 34754 a54cec 34752->34754 35222 a48700 LocalAlloc 34753->35222 35224 a54171 75 API calls 34754->35224 34757 a54cf4 34759 a549f5 47 API calls 34757->34759 34758 a54cac 34760 a54cd5 34758->34760 35223 a54625 45 API calls 34758->35223 34759->34761 34763 a549f5 47 API calls 34760->34763 34761->34706 34761->34738 34763->34761 34765 a56783 34764->34765 34766 a56779 34764->34766 34765->34651 34767 a79406 71 API calls 34766->34767 34767->34765 35227 a5253a 34768->35227 34772 a4cf53 34772->34633 34774 a79516 34773->34774 34775 a568c9 34773->34775 35234 a794f1 LeaveCriticalSection 34774->35234 34776 a568dc 34775->34776 35233 a68c9a LeaveCriticalSection 34775->35233 34776->34653 34779 a7951d 34779->34653 34780->34659 34781->34659 34782->34659 34783->34670 34784->34689 34785->34695 34786->34695 34788 a7f4ec 44 API calls 34787->34788 34789 a79413 34788->34789 34790 a791b1 71 API calls 34789->34790 34791 a7943c 34790->34791 34791->34698 34793 a54b49 34792->34793 34801 a54acc 34792->34801 34794 a52627 45 API calls 34793->34794 34795 a54b53 34794->34795 34797 a79406 71 API calls 34795->34797 34796 a54ade 34798 a79406 71 API calls 34796->34798 34802 a54b60 34797->34802 34799 a54b10 34798->34799 34799->34700 34800 a79406 71 API calls 34800->34801 34801->34796 34801->34799 34801->34800 34803 a54abe 72 API calls 34802->34803 34804 a54b84 34803->34804 34804->34700 34806 a66a50 34805->34806 34807 a65722 79 API calls 34806->34807 34808 a66a5c 34807->34808 34809 a4bff0 46 API calls 34808->34809 34845 a66ab3 34808->34845 34812 a66a79 34809->34812 34810 a4bff0 46 API calls 34813 a66add 34810->34813 34811 a66b07 34814 a4bff0 46 API calls 34811->34814 34815 a66c7a 34811->34815 34817 a66a7d 34812->34817 34818 a66ab8 34812->34818 34821 a66ae3 34813->34821 34822 a66b0c 34813->34822 34823 a66b33 34814->34823 34816 a66d32 34815->34816 34819 a4bff0 46 API calls 34815->34819 34816->34713 34820 a48700 LocalAlloc 34817->34820 34824 a65157 79 API calls 34818->34824 34825 a66ca8 34819->34825 34826 a66a87 34820->34826 34827 a48700 LocalAlloc 34821->34827 34830 a651ec 75 API calls 34822->34830 34828 a66b3a 34823->34828 34829 a66b58 34823->34829 34831 a66ac0 34824->34831 34832 a66cae 34825->34832 34833 a66cd9 34825->34833 34834 a66a9f 34826->34834 34841 a68ee8 44 API calls 34826->34841 34835 a66aea 34827->34835 34836 a48700 LocalAlloc 34828->34836 34837 a65281 75 API calls 34829->34837 34838 a66b12 34830->34838 34839 a549f5 47 API calls 34831->34839 34840 a48700 LocalAlloc 34832->34840 34842 a654d5 76 API calls 34833->34842 34847 a549f5 47 API calls 34834->34847 34849 a549f5 47 API calls 34835->34849 34843 a66b41 34836->34843 34837->34843 34844 a549f5 47 API calls 34838->34844 34839->34845 34846 a66cb5 34840->34846 34841->34834 34848 a66ccf 34842->34848 34850 a549f5 47 API calls 34843->34850 34844->34811 34845->34810 34845->34811 34846->34848 34851 a655ff 47 API calls 34846->34851 34847->34845 34852 a549f5 47 API calls 34848->34852 34849->34811 34853 a66b6b 34850->34853 34851->34848 34854 a66cea 34852->34854 34855 a4bff0 46 API calls 34853->34855 34856 a4bff0 46 API calls 34854->34856 34857 a66b78 34855->34857 34858 a66cf7 34856->34858 34859 a66b7f 34857->34859 34860 a66b9d 34857->34860 34861 a66d37 34858->34861 34862 a66cfb 34858->34862 34863 a48700 LocalAlloc 34859->34863 34864 a65316 75 API calls 34860->34864 34867 a6556a 75 API calls 34861->34867 34865 a48700 LocalAlloc 34862->34865 34866 a66b86 34863->34866 34864->34866 34872 a66d04 34865->34872 34869 a549f5 47 API calls 34866->34869 34868 a66d3f 34867->34868 34870 a549f5 47 API calls 34868->34870 34871 a66bae 34869->34871 34870->34816 34874 a4bff0 46 API calls 34871->34874 34873 a549f5 47 API calls 34872->34873 34873->34816 34875 a66bbb 34874->34875 34876 a66c07 34875->34876 34877 a66bc2 34875->34877 34878 a65440 75 API calls 34876->34878 34879 a48700 LocalAlloc 34877->34879 34881 a66bf7 34878->34881 34880 a66bc9 34879->34880 34880->34881 34882 a6690d 45 API calls 34880->34882 34883 a549f5 47 API calls 34881->34883 34882->34881 34884 a66c1a 34883->34884 34885 a4bff0 46 API calls 34884->34885 34886 a66c27 34885->34886 34887 a66c7f 34886->34887 34888 a66c2b 34886->34888 34889 a653ab 75 API calls 34887->34889 34890 a48700 LocalAlloc 34888->34890 34892 a66c87 34889->34892 34891 a66c35 34890->34891 34893 a66c62 34891->34893 34895 a6690d 45 API calls 34891->34895 34894 a549f5 47 API calls 34892->34894 34896 a549f5 47 API calls 34893->34896 34894->34815 34895->34893 34896->34815 34898 a5eb13 34897->34898 34899 a4bff0 46 API calls 34898->34899 34900 a5eb69 34898->34900 34902 a5eb30 34899->34902 34903 a4bff0 46 API calls 34900->34903 35022 a5ec67 34900->35022 34901 a5b920 79 API calls 34904 a5ec88 34901->34904 34905 a5eb34 34902->34905 34906 a5eb6e 34902->34906 34907 a5eb96 34903->34907 34914 a4bff0 46 API calls 34904->34914 34965 a5ecdc 34904->34965 34909 a48700 LocalAlloc 34905->34909 34908 a4b7f0 77 API calls 34906->34908 34910 a5eb9d 34907->34910 34911 a5ebbb 34907->34911 34913 a5eb76 34908->34913 34915 a5eb3e 34909->34915 34916 a48700 LocalAlloc 34910->34916 34912 a5ae18 75 API calls 34911->34912 34922 a5eba4 34912->34922 34917 a549f5 47 API calls 34913->34917 34918 a5eca2 34914->34918 34923 a5eb5b 34915->34923 34927 a4bcf0 44 API calls 34915->34927 34916->34922 34917->34900 34924 a5eca6 34918->34924 34925 a5ece1 34918->34925 34919 a4bff0 46 API calls 34928 a5ed06 34919->34928 34920 a5ed30 34921 a4bff0 46 API calls 34920->34921 35046 a5eea3 34920->35046 34932 a5ed5c 34921->34932 34934 a549f5 47 API calls 34922->34934 34933 a549f5 47 API calls 34923->34933 34936 a48700 LocalAlloc 34924->34936 34935 a5a687 79 API calls 34925->34935 34926 a5ef5c 34929 a5efbb 34926->34929 34938 a4bff0 46 API calls 34926->34938 34927->34923 34930 a5ed35 34928->34930 34931 a5ed0c 34928->34931 34929->34728 34943 a5a846 75 API calls 34930->34943 34939 a48700 LocalAlloc 34931->34939 34940 a5ed81 34932->34940 34941 a5ed63 34932->34941 34933->34900 34942 a5ebce 34934->34942 34944 a5ece9 34935->34944 34945 a5ecb0 34936->34945 34937 a4bff0 46 API calls 34946 a5eed1 34937->34946 34950 a5ef84 34938->34950 34951 a5ed13 34939->34951 34953 a5a970 75 API calls 34940->34953 34952 a48700 LocalAlloc 34941->34952 34954 a4bff0 46 API calls 34942->34954 34955 a5ed3b 34943->34955 34956 a549f5 47 API calls 34944->34956 34947 a5ecc8 34945->34947 34957 a68ee8 44 API calls 34945->34957 34948 a5eed7 34946->34948 34949 a5ef02 34946->34949 34970 a549f5 47 API calls 34947->34970 34958 a48700 LocalAlloc 34948->34958 34961 a5b06c 76 API calls 34949->34961 34959 a5efc0 34950->34959 34960 a5ef88 34950->34960 34972 a549f5 47 API calls 34951->34972 34962 a5ed6a 34952->34962 34953->34962 34963 a5ebdb 34954->34963 34964 a549f5 47 API calls 34955->34964 34956->34965 34957->34947 34968 a5eede 34958->34968 34971 a5a55d 75 API calls 34959->34971 34969 a48700 LocalAlloc 34960->34969 34975 a5eef8 34961->34975 34977 a549f5 47 API calls 34962->34977 34966 a5ec00 34963->34966 34967 a5ebe2 34963->34967 34964->34920 34965->34919 34965->34920 34974 a4ebc0 76 API calls 34966->34974 34973 a48700 LocalAlloc 34967->34973 34968->34975 34981 a5b266 47 API calls 34968->34981 34976 a5ef91 34969->34976 34970->34965 34978 a5efc8 34971->34978 34972->34920 34980 a5ebe9 34973->34980 34974->34980 34983 a549f5 47 API calls 34975->34983 34982 a5efaf 34976->34982 34985 a5e109 44 API calls 34976->34985 34984 a5ed94 34977->34984 34979 a549f5 47 API calls 34978->34979 34979->34929 34988 a549f5 47 API calls 34980->34988 34981->34975 34989 a549f5 47 API calls 34982->34989 34986 a5ef13 34983->34986 34987 a4bff0 46 API calls 34984->34987 34985->34982 34990 a4bff0 46 API calls 34986->34990 34991 a5eda1 34987->34991 34992 a5ec11 34988->34992 34989->34929 34993 a5ef20 34990->34993 34994 a5edc6 34991->34994 34995 a5eda8 34991->34995 35000 a4bff0 46 API calls 34992->35000 34996 a5ef24 34993->34996 34997 a5ef61 34993->34997 34999 a5aa9a 75 API calls 34994->34999 34998 a48700 LocalAlloc 34995->34998 35001 a48700 LocalAlloc 34996->35001 35003 a4ea80 76 API calls 34997->35003 35002 a5edaf 34998->35002 34999->35002 35004 a5ec1e 35000->35004 35005 a5ef2e 35001->35005 35011 a549f5 47 API calls 35002->35011 35006 a5ef69 35003->35006 35007 a5ec22 35004->35007 35008 a5ec6c 35004->35008 35009 a5ef4e 35005->35009 35014 a4ff30 45 API calls 35005->35014 35012 a549f5 47 API calls 35006->35012 35013 a48700 LocalAlloc 35007->35013 35010 a4f240 78 API calls 35008->35010 35019 a549f5 47 API calls 35009->35019 35015 a5ec74 35010->35015 35016 a5edd7 35011->35016 35012->34926 35017 a5ec2c 35013->35017 35014->35009 35018 a549f5 47 API calls 35015->35018 35020 a4bff0 46 API calls 35016->35020 35021 a5ec55 35017->35021 35024 a4fd40 47 API calls 35017->35024 35018->35022 35019->34926 35023 a5ede4 35020->35023 35025 a549f5 47 API calls 35021->35025 35022->34901 35026 a5ee30 35023->35026 35027 a5edeb 35023->35027 35024->35021 35025->35022 35029 a5acee 75 API calls 35026->35029 35028 a48700 LocalAlloc 35027->35028 35030 a5edf2 35028->35030 35031 a5ee20 35029->35031 35030->35031 35032 a5e033 45 API calls 35030->35032 35033 a549f5 47 API calls 35031->35033 35032->35031 35034 a5ee43 35033->35034 35035 a4bff0 46 API calls 35034->35035 35036 a5ee50 35035->35036 35037 a5ee54 35036->35037 35038 a5eea8 35036->35038 35040 a48700 LocalAlloc 35037->35040 35039 a5ac59 75 API calls 35038->35039 35041 a5eeb0 35039->35041 35042 a5ee5e 35040->35042 35043 a549f5 47 API calls 35041->35043 35044 a5ee8b 35042->35044 35045 a5e033 45 API calls 35042->35045 35043->35046 35047 a549f5 47 API calls 35044->35047 35045->35044 35046->34926 35046->34937 35047->35046 35049 a5e641 35048->35049 35050 a4bff0 46 API calls 35049->35050 35051 a5e697 35049->35051 35053 a5e65e 35050->35053 35054 a4bff0 46 API calls 35051->35054 35175 a5e795 35051->35175 35052 a5b87e 79 API calls 35055 a5e7b6 35052->35055 35056 a5e662 35053->35056 35057 a5e69c 35053->35057 35058 a5e6c4 35054->35058 35063 a4bff0 46 API calls 35055->35063 35110 a5e80a 35055->35110 35059 a48700 LocalAlloc 35056->35059 35062 a5a71c 75 API calls 35057->35062 35060 a5e6e9 35058->35060 35061 a5e6cb 35058->35061 35064 a5e66c 35059->35064 35066 a5ad83 75 API calls 35060->35066 35065 a48700 LocalAlloc 35061->35065 35067 a5e6a4 35062->35067 35068 a5e7d0 35063->35068 35069 a5e689 35064->35069 35077 a5e13a 44 API calls 35064->35077 35072 a5e6d2 35065->35072 35066->35072 35073 a549f5 47 API calls 35067->35073 35074 a5e7d4 35068->35074 35075 a5e80f 35068->35075 35086 a549f5 47 API calls 35069->35086 35070 a4bff0 46 API calls 35078 a5e834 35070->35078 35071 a5e85e 35076 a5e9d1 35071->35076 35079 a4bff0 46 API calls 35071->35079 35087 a549f5 47 API calls 35072->35087 35073->35051 35081 a48700 LocalAlloc 35074->35081 35080 a5a5f2 79 API calls 35075->35080 35082 a4bff0 46 API calls 35076->35082 35169 a5ea8a 35076->35169 35077->35069 35083 a5e863 35078->35083 35084 a5e83a 35078->35084 35085 a5e88a 35079->35085 35089 a5e817 35080->35089 35102 a5e7de 35081->35102 35091 a5e9ff 35082->35091 35090 a5a7b1 75 API calls 35083->35090 35093 a48700 LocalAlloc 35084->35093 35094 a5e891 35085->35094 35095 a5e8af 35085->35095 35086->35051 35088 a5e6fc 35087->35088 35098 a4bff0 46 API calls 35088->35098 35099 a549f5 47 API calls 35089->35099 35100 a5e869 35090->35100 35103 a5ea05 35091->35103 35104 a5ea30 35091->35104 35092 a4bff0 46 API calls 35105 a5eab2 35092->35105 35106 a5e841 35093->35106 35107 a48700 LocalAlloc 35094->35107 35097 a5a8db 75 API calls 35095->35097 35096 a5eae9 35096->34742 35116 a5e898 35097->35116 35109 a5e709 35098->35109 35099->35110 35111 a549f5 47 API calls 35100->35111 35101 a5e7f6 35122 a549f5 47 API calls 35101->35122 35102->35101 35112 a68ee8 44 API calls 35102->35112 35113 a48700 LocalAlloc 35103->35113 35108 a5afd7 78 API calls 35104->35108 35114 a5eab6 35105->35114 35115 a5eaee 35105->35115 35125 a549f5 47 API calls 35106->35125 35107->35116 35128 a5ea26 35108->35128 35118 a5e710 35109->35118 35119 a5e72e 35109->35119 35110->35070 35110->35071 35111->35071 35112->35101 35120 a5ea0c 35113->35120 35121 a48700 LocalAlloc 35114->35121 35117 a5a4c8 75 API calls 35115->35117 35123 a549f5 47 API calls 35116->35123 35124 a5eaf6 35117->35124 35126 a48700 LocalAlloc 35118->35126 35127 a5aead 75 API calls 35119->35127 35120->35128 35134 a5b233 49 API calls 35120->35134 35129 a5eabf 35121->35129 35122->35110 35130 a5e8c2 35123->35130 35132 a549f5 47 API calls 35124->35132 35125->35071 35133 a5e717 35126->35133 35127->35133 35131 a549f5 47 API calls 35128->35131 35135 a5eadd 35129->35135 35138 a5e109 44 API calls 35129->35138 35136 a4bff0 46 API calls 35130->35136 35137 a5ea41 35131->35137 35132->35096 35142 a549f5 47 API calls 35133->35142 35134->35128 35139 a549f5 47 API calls 35135->35139 35140 a5e8cf 35136->35140 35141 a4bff0 46 API calls 35137->35141 35138->35135 35139->35096 35143 a5e8f4 35140->35143 35144 a5e8d6 35140->35144 35145 a5ea4e 35141->35145 35146 a5e73f 35142->35146 35150 a5aa05 75 API calls 35143->35150 35147 a48700 LocalAlloc 35144->35147 35148 a5ea52 35145->35148 35149 a5ea8f 35145->35149 35151 a4bff0 46 API calls 35146->35151 35153 a5e8dd 35147->35153 35152 a48700 LocalAlloc 35148->35152 35154 a5b101 75 API calls 35149->35154 35150->35153 35155 a5e74c 35151->35155 35158 a5ea5c 35152->35158 35163 a549f5 47 API calls 35153->35163 35159 a5ea97 35154->35159 35156 a5e750 35155->35156 35157 a5e79a 35155->35157 35160 a48700 LocalAlloc 35156->35160 35161 a5af42 77 API calls 35157->35161 35162 a5ea7c 35158->35162 35167 a5e2d1 45 API calls 35158->35167 35164 a549f5 47 API calls 35159->35164 35165 a5e75a 35160->35165 35166 a5e7a2 35161->35166 35172 a549f5 47 API calls 35162->35172 35168 a5e905 35163->35168 35164->35169 35170 a5e783 35165->35170 35174 a5e188 47 API calls 35165->35174 35171 a549f5 47 API calls 35166->35171 35167->35162 35173 a4bff0 46 API calls 35168->35173 35169->35092 35169->35096 35177 a549f5 47 API calls 35170->35177 35171->35175 35172->35169 35176 a5e912 35173->35176 35174->35170 35175->35052 35178 a5e95e 35176->35178 35179 a5e919 35176->35179 35177->35175 35181 a5abc4 77 API calls 35178->35181 35180 a48700 LocalAlloc 35179->35180 35182 a5e920 35180->35182 35183 a5e94e 35181->35183 35182->35183 35185 a5df5d 47 API calls 35182->35185 35184 a549f5 47 API calls 35183->35184 35186 a5e971 35184->35186 35185->35183 35187 a4bff0 46 API calls 35186->35187 35188 a5e97e 35187->35188 35189 a5e9d6 35188->35189 35190 a5e982 35188->35190 35192 a5ab2f 77 API calls 35189->35192 35191 a48700 LocalAlloc 35190->35191 35193 a5e98c 35191->35193 35194 a5e9de 35192->35194 35195 a5e9b9 35193->35195 35197 a5df5d 47 API calls 35193->35197 35196 a549f5 47 API calls 35194->35196 35198 a549f5 47 API calls 35195->35198 35196->35076 35197->35195 35198->35076 35200 a4c04d 35199->35200 35201 a4c01b 35199->35201 35200->34708 35200->34709 35202 a56867 45 API calls 35201->35202 35203 a4c025 35202->35203 35204 a568bf LeaveCriticalSection LeaveCriticalSection 35203->35204 35204->35200 35205->34722 35206->34729 35208 a54a01 35207->35208 35209 a56867 45 API calls 35208->35209 35210 a54a0b 35209->35210 35211 a54ab8 35210->35211 35216 a54a39 35210->35216 35212 a525ad RaiseException 35211->35212 35214 a54abd 35212->35214 35213 a568bf LeaveCriticalSection LeaveCriticalSection 35215 a54ab2 35213->35215 35215->34731 35216->35213 35217->34718 35218->34725 35219->34725 35220->34748 35221->34748 35222->34758 35223->34760 35224->34757 35225->34732 35226->34730 35228 a50280 44 API calls 35227->35228 35229 a5254c 35228->35229 35230 a6ac75 35229->35230 35231 a6acbc RaiseException 35230->35231 35232 a6ac8f 35230->35232 35231->34772 35232->35231 35233->34776 35234->34779 35235->34379 35236->34381 35237->34383 35238->34385 35239->34392 35240->34408 35241->34406 35242->34395 35243->34399 35244->34402 35245->34420 35246->34388 35247 a6db90 35248 a6dbb3 35247->35248 35253 a45030 35248->35253 35270 a41c60 35248->35270 35273 a45110 35248->35273 35249 a6dbb7 35254 a45044 35253->35254 35255 a450f3 35253->35255 35256 a45049 35254->35256 35261 a450c5 LocalAlloc 35254->35261 35262 a450bc 35254->35262 35265 a4507b LocalAlloc 35254->35265 35276 a436e0 45 API calls 35255->35276 35256->35249 35258 a450f8 35277 a43b50 RaiseException 35258->35277 35261->35256 35262->35258 35262->35265 35263 a450fd 35266 a6e447 44 API calls 35263->35266 35264 a45095 35264->35256 35265->35263 35265->35264 35267 a45102 35266->35267 35268 a45137 CoUninitialize 35267->35268 35269 a4513d 35267->35269 35268->35269 35269->35249 35271 a41ca0 35270->35271 35272 a41c92 CloseHandle 35270->35272 35271->35249 35272->35271 35274 a45137 CoUninitialize 35273->35274 35275 a4513d 35273->35275 35274->35275 35275->35249 35278 a7d2d0 35288 a7f553 35278->35288 35289 a7f561 35288->35289 35290 a7d2d5 35288->35290 35289->35290 35293 a7f02d 35289->35293 35292 a7f27c FlsAlloc 35290->35292 35295 a7f03e 35293->35295 35294 a7f07a 35309 a794a1 EnterCriticalSection 35294->35309 35295->35294 35297 a7f0e6 GetProcAddress 35295->35297 35302 a7f0d7 35295->35302 35310 a7f0fa LoadLibraryExW GetLastError LoadLibraryExW 35295->35310 35297->35294 35299 a7f083 VirtualProtect 35300 a7f0f4 35299->35300 35301 a7f0a0 VirtualProtect 35299->35301 35312 a7a227 44 API calls 35300->35312 35301->35300 35303 a7f0c8 35301->35303 35302->35297 35304 a7f0df FreeLibrary 35302->35304 35311 a794f1 LeaveCriticalSection 35303->35311 35304->35297 35307 a7f0f9 35308 a7f0cf 35308->35290 35309->35299 35310->35295 35311->35308 35312->35307

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00A46FE0 Relevance: 44.3, APIs: 24, Strings: 1, Instructions: 559comCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 a46fe0-a4702e call a46050 3 a47030-a4704d call a47800 0->3 4 a47052-a4708a CoInitialize CoCreateInstance 0->4 12 a47692-a476ac call a694f0 3->12 6 a47095-a470e7 VariantInit 4->6 7 a4708c-a47090 4->7 20 a470f2-a47116 IUnknown_QueryService 6->20 21 a470e9-a470ed 6->21 9 a47661-a4766a 7->9 10 a4767c-a47687 9->10 11 a4766c-a4767a 9->11 14 a4768f 10->14 15 a47689 CoUninitialize 10->15 11->10 14->12 15->14 23 a47121-a47145 20->23 24 a47118-a4711c 20->24 22 a47635-a4763e 21->22 25 a47650-a4765b VariantClear 22->25 26 a47640-a4764e 22->26 33 a47147-a4714b 23->33 34 a47150-a4717b 23->34 27 a4761a-a47623 24->27 25->9 26->25 27->22 29 a47625-a47633 27->29 29->22 35 a475ff-a47608 33->35 40 a47186-a471ae IUnknown_QueryInterface_Proxy 34->40 41 a4717d-a47181 34->41 35->27 36 a4760a-a47618 35->36 36->27 45 a471b0-a471b4 40->45 46 a471b9-a471dd 40->46 42 a475e4-a475ed 41->42 42->35 44 a475ef-a475fd 42->44 44->35 48 a475c9-a475d2 45->48 53 a471df-a471e3 46->53 54 a471e8-a47210 IUnknown_QueryInterface_Proxy 46->54 48->42 50 a475d4-a475e2 48->50 50->42 55 a475ae-a475b7 53->55 58 a47212-a47216 54->58 59 a4721b-a4722d CoAllowSetForegroundWindow 54->59 55->48 56 a475b9-a475c7 55->56 56->48 61 a47593-a4759c 58->61 62 a47292-a472a3 SysAllocString 59->62 63 a4722f-a47231 59->63 61->55 67 a4759e-a475ac 61->67 64 a476bc-a47702 call a418e0 62->64 65 a472a9 62->65 66 a47237-a47258 SysAllocString 63->66 77 a47714-a47723 64->77 78 a47704-a47712 64->78 65->66 69 a47262-a47286 SysAllocString 66->69 70 a4725a-a4725c 66->70 67->55 74 a47288-a4728a 69->74 75 a472ab-a47335 VariantInit 69->75 70->69 73 a476b2-a476b7 call a52170 70->73 73->64 74->73 79 a47290 74->79 83 a47337-a4733b 75->83 84 a47340-a47344 75->84 78->77 79->75 85 a47544-a4758d VariantClear * 4 SysFreeString 83->85 86 a47540 84->86 87 a4734a-a4734f 84->87 85->61 86->85 88 a47352-a47371 87->88 89 a47377-a47380 88->89 89->89 90 a47382-a473fe call a43b70 call a44170 call a462b0 call a43d20 89->90 99 a47400-a47411 90->99 100 a4742f-a4744b 90->100 101 a47424-a47426 99->101 102 a47413-a4741e 99->102 103 a47452 100->103 104 a4744d-a47450 100->104 101->100 106 a47428-a47429 LocalFree 101->106 102->101 105 a476ad call a6e447 102->105 107 a47459-a4745b 103->107 104->107 105->73 106->100 108 a474e0-a474ef 107->108 109 a47461-a4746b 107->109 111 a474f1-a47500 108->111 112 a47533-a4753a 108->112 113 a4747d-a474b0 OpenProcess WaitForSingleObject 109->113 114 a4746d-a47473 call a46b50 109->114 117 a47502-a4750d 111->117 118 a47513-a47515 111->118 112->86 112->88 115 a474b2-a474b4 GetExitCodeProcess 113->115 116 a474ba-a474ca 113->116 124 a47478-a4747b 114->124 115->116 120 a474cc-a474d3 CloseHandle 116->120 121 a474dd 116->121 117->105 117->118 122 a47517-a47518 LocalFree 118->122 123 a4751e-a4752c 118->123 120->121 121->108 122->123 123->112 124->113
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00A46050: GetCurrentProcess.KERNEL32(00000008,?,255BCF5F), ref: 00A46060
                                                                                                                                                                                    • Part of subcall function 00A46050: OpenProcessToken.ADVAPI32(00000000), ref: 00A46067
                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00A47052
                                                                                                                                                                                  • CoCreateInstance.OLE32(00A8FD30,00000000,00000004,00A9A530,00000000,?), ref: 00A47082
                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00A47689
                                                                                                                                                                                    • Part of subcall function 00A418E0: LocalFree.KERNEL32(?,255BCF5F,?,00000000,00A8B020,000000FF,?,?,00AA0558,?,?,00A41E4E,8007000E), ref: 00A4192C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$CreateCurrentFreeInitializeInstanceLocalOpenTokenUninitialize
                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                  • API String ID: 3404539012-3993045852
                                                                                                                                                                                  • Opcode ID: a9f6ceaa785510ff7f9e1fc5ec4dbeb18298f2d476b7d4ba4e9278d1a99ccbfb
                                                                                                                                                                                  • Instruction ID: 89f49b640c83cefb1ce4497f5711efcb88852d11fca4a3722374782a62a13832
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9f6ceaa785510ff7f9e1fc5ec4dbeb18298f2d476b7d4ba4e9278d1a99ccbfb
                                                                                                                                                                                  • Instruction Fuzzy Hash: C132BF74A04299DFDF11CFA8C908BADBBB4FF89304F144199E805EB291EB749E46CB51
                                                                                                                                                                                  Function 00A466A0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 257librarynativeloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 125 a466a0-a4671a call a46150 128 a46720-a46730 GetProcAddress 125->128 129 a469b8-a469df 125->129 131 a46736-a4675d NtQueryInformationProcess 128->131 132 a469ac-a469b2 GetLastError 128->132 130 a469e9-a46a02 129->130 133 a46a04-a46a0b FreeLibrary 130->133 134 a46a15-a46a31 call a694f0 130->134 131->129 138 a46763-a467a4 call a6ae90 ReadProcessMemory 131->138 132->129 133->134 141 a467a6-a467d7 138->141 142 a467dc-a4680e call a6ae90 ReadProcessMemory 138->142 141->130 145 a46810-a4683e 142->145 146 a46843-a46849 142->146 145->130 147 a46870-a468a3 146->147 148 a4684b-a4686b 146->148 149 a468a5-a468b9 147->149 150 a468bb-a468c3 call a44610 147->150 148->130 151 a468c8-a4690d ReadProcessMemory 149->151 150->151 153 a46973-a469aa 151->153 154 a4690f-a4692c 151->154 153->130 155 a4695d-a46971 154->155 156 a4692e-a4693f 154->156 155->130 157 a46941-a4694c 156->157 158 a46952-a46954 156->158 157->158 160 a46a32-a46a49 call a6e447 157->160 158->155 159 a46956-a46957 LocalFree 158->159 159->155 163 a46a6e-a46a70 160->163 164 a46a4b-a46a6d 160->164 164->163
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00A46150: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00A461B5
                                                                                                                                                                                    • Part of subcall function 00A46150: LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,00A8B8CD,000000FF), ref: 00A4620F
                                                                                                                                                                                    • Part of subcall function 00A46150: GetLastError.KERNEL32(?,?,?,000000FF,00A8B8CD,000000FF), ref: 00A4626B
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00A46726
                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL ref: 00A46751
                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,000001D8,00000000), ref: 00A46794
                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000048,00000000), ref: 00A467FB
                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00A469AC
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00A46A05
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • NtQueryInformationProcess, xrefs: 00A46720
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$ErrorLastLibraryMemoryRead$AddressDirectoryFreeInformationLoadProcQuerySystem
                                                                                                                                                                                  • String ID: NtQueryInformationProcess
                                                                                                                                                                                  • API String ID: 862929643-2781105232
                                                                                                                                                                                  • Opcode ID: a6766ce365fec58a8455852e5d11aa3cadc36df9cd46baca9e0c6fc12fab6173
                                                                                                                                                                                  • Instruction ID: 8d7d79f02d213aaf9c70462bd22eaeac98d8dd5edf31911aba5f74b69470e7bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6766ce365fec58a8455852e5d11aa3cadc36df9cd46baca9e0c6fc12fab6173
                                                                                                                                                                                  • Instruction Fuzzy Hash: BDB15D70900759DEDB20CF64C9497AEBBF0EF89308F20465DD449A7280E7B5AA88CB91
                                                                                                                                                                                  Function 00A462B0 Relevance: 10.7, APIs: 7, Instructions: 232processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 190 a462b0-a46348 CreateToolhelp32Snapshot 191 a46378-a463ad call a6ae90 Process32FirstW 190->191 192 a4634a-a46373 CloseHandle 190->192 198 a46542-a46562 191->198 199 a463b3-a463e3 OpenProcess 191->199 193 a46575-a46581 192->193 195 a46583-a465a1 193->195 196 a465a8-a465c4 call a694f0 193->196 195->196 198->193 205 a46564-a4656b CloseHandle 198->205 202 a463e5-a463f4 199->202 203 a463f9-a4642e call a466a0 199->203 206 a46517-a4651d CloseHandle 202->206 211 a46431-a4643a 203->211 205->193 210 a46527-a4653c Process32NextW 206->210 210->198 210->199 211->211 212 a4643c-a46478 call a43b70 211->212 215 a465c5-a46607 call a525ca 212->215 216 a4647e-a464d7 call a46f60 call a43d20 * 2 212->216 220 a46609-a46623 215->220 221 a4662a-a4663b 215->221 229 a464fe-a46514 216->229 230 a464d9-a464df 216->230 220->221 229->210 233 a46516 229->233 231 a464e1-a464ed 230->231 232 a464ef-a464f9 call a46d20 230->232 231->229 232->229 233->206
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,255BCF5F), ref: 00A46322
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00A46363
                                                                                                                                                                                  • Process32FirstW.KERNEL32(?,0000022C), ref: 00A463A5
                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00A463C0
                                                                                                                                                                                  • CloseHandle.KERNELBASE(?), ref: 00A46517
                                                                                                                                                                                  • Process32NextW.KERNEL32(?,0000022C), ref: 00A46534
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00A46565
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 708755948-0
                                                                                                                                                                                  • Opcode ID: 1496cd52b566b8c6cbde6a5b2688c12120495286259e45e2dffbafcb34795c3c
                                                                                                                                                                                  • Instruction ID: d23ced08b5eb1f818318502ce7f9ddb12fff414e55c75825c17293e66994c37d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1496cd52b566b8c6cbde6a5b2688c12120495286259e45e2dffbafcb34795c3c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53A169749052599FDB20DF68CD48B9EBBB8FB45304F1082D9E409A7290EB79AE84CF51
                                                                                                                                                                                  Function 00A78393 Relevance: .7, Instructions: 686COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: b93f814dfcebbc7debe355ca5ecdb7260041ded91724fc70954c7e8118e1a097
                                                                                                                                                                                  • Instruction ID: dc2d024a9d3bbfcc153ce1cd9dffec781b6cc3b6dcbcb16c4d7b85e0cf2c2131
                                                                                                                                                                                  • Opcode Fuzzy Hash: b93f814dfcebbc7debe355ca5ecdb7260041ded91724fc70954c7e8118e1a097
                                                                                                                                                                                  • Instruction Fuzzy Hash: CB425C74D4020A9FCB18CFA8C985ABEBBB5FF45304F14C16DD949A7305EA35AA46CB90
                                                                                                                                                                                  Function 00A46B50 Relevance: 15.1, APIs: 10, Instructions: 132timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 167 a46b50-a46b82 168 a46d06-a46d17 167->168 169 a46b88-a46b90 167->169 169->168 170 a46b96-a46bdf OpenProcess * 2 169->170 171 a46be5-a46be8 170->171 172 a46caa-a46cb7 170->172 171->172 175 a46bee-a46c16 GetProcessTimes * 2 171->175 173 a46cc7-a46cd7 172->173 174 a46cb9-a46cc0 CloseHandle 172->174 176 a46ce7 173->176 177 a46cd9-a46ce0 CloseHandle 173->177 174->173 178 a46c5e 175->178 179 a46c18-a46c25 175->179 184 a46ce9-a46d00 176->184 177->176 182 a46c60-a46c66 178->182 183 a46c68-a46c75 178->183 180 a46c35-a46c45 179->180 181 a46c27-a46c2e CloseHandle 179->181 180->184 185 a46c4b-a46c59 CloseHandle 180->185 181->180 182->179 182->183 186 a46c85-a46c95 183->186 187 a46c77-a46c7e CloseHandle 183->187 184->168 184->170 185->184 188 a46ca5-a46ca8 186->188 189 a46c97-a46c9e CloseHandle 186->189 187->186 188->184 189->188
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,255BCF5F,?,00000000), ref: 00A46BA5
                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000,?,255BCF5F,?,00000000), ref: 00A46BC6
                                                                                                                                                                                  • GetProcessTimes.KERNELBASE(00000000,?,00000000,00000000,00000000,?,255BCF5F,?,00000000), ref: 00A46BF9
                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,255BCF5F,?,00000000), ref: 00A46C0A
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46C28
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46C4C
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46C78
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46C98
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46CBA
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,255BCF5F,?,00000000), ref: 00A46CDA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1711917922-0
                                                                                                                                                                                  • Opcode ID: 3b3e7c41b071f19a4b62a73e31beb0cfddd4d8b99678f364834a703e10683e46
                                                                                                                                                                                  • Instruction ID: 1715e24688f6e649ac91bcf068ee678e5a3b62de955e565ba6a08e9d259214a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b3e7c41b071f19a4b62a73e31beb0cfddd4d8b99678f364834a703e10683e46
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F518074E05219DFDB10CFA8C9887AEBBB4FF4A714F208219E911F7280E7755A058B66
                                                                                                                                                                                  Function 00A4CCB0 Relevance: 6.6, APIs: 3, Strings: 1, Instructions: 582COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 236 a4ccb0-a4cd01 call a56624 239 a4cd05-a4cd63 call a56867 236->239 240 a4cd03 236->240 243 a4cf49-a4cfde call a52627 call a56787 call a43380 call a4ccb0 239->243 244 a4cd69-a4cd8c call a54b54 239->244 240->239 270 a4cfe3-a4cff0 243->270 250 a4cd90-a4cd94 244->250 252 a4cd96-a4cd98 250->252 253 a4cdb0-a4cdb2 250->253 256 a4cdac-a4cdae 252->256 257 a4cd9a-a4cda0 252->257 254 a4cdb5-a4cdb7 253->254 259 a4cdbf-a4cdca call a54b8a 254->259 260 a4cdb9-a4cdbd 254->260 256->254 257->253 258 a4cda2-a4cdaa 257->258 258->250 258->256 265 a4cdcf-a4cde0 259->265 262 a4ce37-a4ce3f call a5676d 260->262 271 a4ce44-a4ce50 262->271 268 a4cde4-a4cdec 265->268 269 a4cde2 265->269 272 a4ce34 268->272 273 a4cdee-a4cdf0 268->273 269->268 274 a4d017-a4d047 call a694f0 270->274 275 a4cff2-a4cffd 270->275 276 a4ce52-a4ce58 call a6e090 271->276 277 a4ce5b-a4ce6b 271->277 272->262 280 a4cdf2-a4cdf8 call a6e090 273->280 281 a4cdfb-a4ce04 273->281 282 a4d00c-a4d00e 275->282 283 a4cfff-a4d00a 275->283 276->277 278 a4ce76-a4ce86 277->278 279 a4ce6d-a4ce73 call a6e090 277->279 288 a4ce91-a4cea1 278->288 289 a4ce88-a4ce8e call a6e090 278->289 279->278 280->281 281->272 294 a4ce06-a4ce0b 281->294 282->274 292 a4d010-a4d011 LocalFree 282->292 283->282 291 a4d04a-a4d0dc call a6e447 283->291 300 a4cea3-a4cea9 call a6e090 288->300 301 a4ceac-a4cebc 288->301 289->288 313 a4d0e4-a4d0ea 291->313 314 a4d0de-a4d0e2 291->314 292->274 295 a4ce16-a4ce27 call a73040 294->295 296 a4ce0d 294->296 295->272 319 a4ce29-a4ce31 call a6aff0 295->319 303 a4ce10-a4ce14 296->303 300->301 308 a4cec7-a4ced7 301->308 309 a4cebe-a4cec4 call a6e090 301->309 303->295 303->303 310 a4cee2-a4cf07 call a568bf 308->310 311 a4ced9-a4cedf call a6e090 308->311 309->308 326 a4cf1d-a4cf35 310->326 327 a4cf09-a4cf1a 310->327 311->310 320 a4d0ee-a4d0fd call a6e5d2 313->320 314->320 319->272 330 a4d100-a4d10c 320->330 326->243 340 a4cf37-a4cf45 326->340 332 a4d143-a4d14d call a44960 330->332 333 a4d10e-a4d126 330->333 338 a4d152-a4d17d call a78aed 332->338 334 a4d135-a4d141 333->334 335 a4d128-a4d132 333->335 334->338 335->334 342 a4d183-a4d186 338->342 343 a4d21f-a4d250 338->343 340->243 345 a4d18f-a4d1bb call a50f90 342->345 346 a4d188-a4d18a 342->346 347 a4d2b5-a4d2cd 343->347 348 a4d252-a4d25a 343->348 353 a4d1ec-a4d21c call a694f0 345->353 362 a4d1bd-a4d1ce 345->362 346->330 352 a4d2d3-a4d2e4 347->352 347->353 349 a4d2a7 348->349 350 a4d25c-a4d262 348->350 357 a4d2ab-a4d2b3 349->357 354 a4d264-a4d26b 350->354 355 a4d282-a4d294 350->355 359 a4d1e1-a4d1e3 352->359 360 a4d2ea-a4d2f5 352->360 354->355 361 a4d26d-a4d280 354->361 366 a4d297-a4d2a5 355->366 357->347 357->348 359->353 363 a4d1e5-a4d1e6 LocalFree 359->363 360->359 365 a4d2fb-a4d36f call a6e447 call a6e090 360->365 361->366 362->359 368 a4d1d0-a4d1db 362->368 363->353 374 a4d371-a4d372 LocalFree 365->374 375 a4d378-a4d389 365->375 366->349 366->357 368->359 368->365 374->375
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,00A9A8D9,00000000,00A9A8D9), ref: 00A4D011
                                                                                                                                                                                  • LocalFree.KERNEL32(?,00000010,00000000,255BCF5F,00A9A8D9), ref: 00A4D1E6
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeLocal
                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                  • API String ID: 2826327444-1405518554
                                                                                                                                                                                  • Opcode ID: 426597b7aca845d2557cb1a4087aff7e9a344c96530d5e49081628154b8d6416
                                                                                                                                                                                  • Instruction ID: c7bf22a07061e76bb6a547500519c18e0e65b7c2f9a8bf2da215aed26661ca88
                                                                                                                                                                                  • Opcode Fuzzy Hash: 426597b7aca845d2557cb1a4087aff7e9a344c96530d5e49081628154b8d6416
                                                                                                                                                                                  • Instruction Fuzzy Hash: E2229AB5E01249DFDB10CFA8D984BAEBBB5FF48314F144169E805AB381E775AE04CB91
                                                                                                                                                                                  Function 00A7F02D Relevance: 6.1, APIs: 4, Instructions: 83memorylibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 376 a7f02d-a7f03c 377 a7f075-a7f078 376->377 378 a7f03e-a7f04c 377->378 379 a7f07a 377->379 381 a7f04e-a7f050 378->381 382 a7f058-a7f069 call a7f0fa 378->382 380 a7f07c-a7f09e call a794a1 VirtualProtect 379->380 390 a7f0f4-a7f0f9 call a7a227 380->390 391 a7f0a0-a7f0c6 VirtualProtect 380->391 384 a7f0e6-a7f0f2 GetProcAddress 381->384 385 a7f056 381->385 392 a7f0d7-a7f0dd 382->392 393 a7f06b-a7f070 382->393 384->380 388 a7f072 385->388 388->377 391->390 394 a7f0c8-a7f0d6 call a794f1 391->394 392->384 395 a7f0df-a7f0e0 FreeLibrary 392->395 393->388 395->384
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualProtect.KERNELBASE(00AA6000,00000080,00000004,00000000,?,?,00A7F188,0000001A,AppPolicyGetProcessTerminationMethod,00A94848,AppPolicyGetProcessTerminationMethod,?,?,00A8167E,00000000), ref: 00A7F096
                                                                                                                                                                                  • VirtualProtect.KERNELBASE(00AA6000,00000080,00000002,00000000,?,?,00A7F188,0000001A,AppPolicyGetProcessTerminationMethod,00A94848,AppPolicyGetProcessTerminationMethod,?,?,00A8167E,00000000), ref: 00A7F0BE
                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,00A7F188,0000001A,AppPolicyGetProcessTerminationMethod,00A94848,AppPolicyGetProcessTerminationMethod,?,?,00A8167E,00000000), ref: 00A7F0E0
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00A7F0EA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ProtectVirtual$AddressFreeLibraryProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3998452802-0
                                                                                                                                                                                  • Opcode ID: 24436764d0fcfaf6b9c50ef87b99742bcb5005074f8b8185198b1281625129a0
                                                                                                                                                                                  • Instruction ID: 8e30d6de8f309b6c5c378ae213c9579e7f46fa19341a56737ee14a290bf69cc1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24436764d0fcfaf6b9c50ef87b99742bcb5005074f8b8185198b1281625129a0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0821FB32600122AFDB21DBA8DC45E5A37A8DF45770B25C236FA16D72D1EF70DD028690
                                                                                                                                                                                  Function 00A46050 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 400 a46050-a4606f GetCurrentProcess OpenProcessToken 401 a46077-a460a4 GetTokenInformation 400->401 402 a46071-a46076 400->402 403 a460a6-a460ab 401->403 404 a460ae-a460be CloseHandle 401->404 403->404
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,?,255BCF5F), ref: 00A46060
                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00A46067
                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00A4609C
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00A460B2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 215268677-0
                                                                                                                                                                                  • Opcode ID: 03142e6a5b15464394d540a2dff34b51f8fd9407a71eb8a170f0dffcfc211748
                                                                                                                                                                                  • Instruction ID: 0a0bd32a7f7a483360aff9f832ee0df53ee5ab9c4739860b28fa7dc78da2afea
                                                                                                                                                                                  • Opcode Fuzzy Hash: 03142e6a5b15464394d540a2dff34b51f8fd9407a71eb8a170f0dffcfc211748
                                                                                                                                                                                  • Instruction Fuzzy Hash: F8F06274144302AFEB10DF60EC45B9A77F8FB84701F508829F984C1160E378855DEB63
                                                                                                                                                                                  Function 00A51EE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCommandLineW.KERNEL32(255BCF5F,?,0000FFFF), ref: 00A51F0D
                                                                                                                                                                                    • Part of subcall function 00A44F50: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000,?,?), ref: 00A44F6C
                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00A520E7
                                                                                                                                                                                    • Part of subcall function 00A489D0: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A48A4D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                                  • String ID: Full command line:
                                                                                                                                                                                  • API String ID: 1878577176-831861440
                                                                                                                                                                                  • Opcode ID: 2d8678bcc52ac2c2829e5525e8a21488a661f7ab869ad9c5350b52f2a67121e8
                                                                                                                                                                                  • Instruction ID: d5539dd3c37f3ebf5fb552af727cd080fc8194de8f063a8f801006866f3ba11c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8678bcc52ac2c2829e5525e8a21488a661f7ab869ad9c5350b52f2a67121e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD519D35C011289ECB25EB60DD99BEEB7B5AF91340F1441D8E409672A2EF341F49CBA2
                                                                                                                                                                                  Function 00A48210 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 463 a48210-a4828c GetTokenInformation 464 a482f0-a48303 463->464 465 a4828e-a48297 GetLastError 463->465 465->464 466 a48299-a482a7 465->466 467 a482ae 466->467 468 a482a9-a482ac 466->468 470 a482b0-a482b7 467->470 471 a482de-a482ea GetTokenInformation 467->471 469 a482db 468->469 469->471 472 a482c7-a482d8 call a6ae90 470->472 473 a482b9-a482c5 call a484a0 470->473 471->464 472->469 473->471
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00A481E8,255BCF5F), ref: 00A48284
                                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00A481E8,255BCF5F), ref: 00A4828E
                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00A481E8,255BCF5F), ref: 00A482EA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationToken$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2567405617-0
                                                                                                                                                                                  • Opcode ID: e6a9daffb99a97e776021204c72ff9a3d746cdca26e93c0563056a694ece6925
                                                                                                                                                                                  • Instruction ID: 8d323cb8cea0209feefa94c632c8d9c28640a19f4faa0dc4dc25526477ec2854
                                                                                                                                                                                  • Opcode Fuzzy Hash: e6a9daffb99a97e776021204c72ff9a3d746cdca26e93c0563056a694ece6925
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2931A075A00605EFDB20DF98DC45BAFBBF9FB84710F20452DE525A7280DBB969448B90
                                                                                                                                                                                  Function 00A45030 Relevance: 3.9, APIs: 3, Instructions: 108memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 478 a45030-a4503e 479 a45044-a45047 478->479 480 a450f3 call a436e0 478->480 481 a4506c-a45079 479->481 482 a45049-a45069 call a6ae90 479->482 485 a450f8 call a43b50 480->485 486 a450a0-a450af 481->486 487 a4507b-a45085 481->487 495 a450fd-a45135 call a6e447 485->495 491 a450b5-a450ba 486->491 492 a450b1-a450b3 486->492 490 a45088-a45093 LocalAlloc 487->490 490->495 496 a45095-a4509e 490->496 493 a450c5-a450ce LocalAlloc 491->493 494 a450bc-a450c1 491->494 497 a450d0-a450f0 call a6ae90 492->497 493->497 494->485 498 a450c3 494->498 504 a45137 CoUninitialize 495->504 505 a4513d-a4514b 495->505 496->497 498->490 504->505
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00A5831E,?,00000001,?,?,?), ref: 00A4508B
                                                                                                                                                                                  • CoUninitialize.COMBASE(255BCF5F,?,00A8B110,000000FF), ref: 00A45137
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocLocalUninitialize
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3436287131-0
                                                                                                                                                                                  • Opcode ID: 8f69c6502c2a68370f516a9ed27e9b7232a8ddccb7601c5fbce52d5b1be2a2c7
                                                                                                                                                                                  • Instruction ID: c39a91b5bb33c56274a6bb1e305a28b5c493fdb2a73322fba42d927ae965a450
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f69c6502c2a68370f516a9ed27e9b7232a8ddccb7601c5fbce52d5b1be2a2c7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7631697A9047149FC724AFB4D844B6BB7E8EBC5760F10036AF425872C2EB74890087E2
                                                                                                                                                                                  Function 00A7ED50 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 506 a7ed50-a7ed5b 507 a7ed5d-a7ed67 506->507 508 a7ed69-a7ed75 506->508 507->508 509 a7eda0-a7edab call a6e5d2 507->509 510 a7ed8b-a7ed9c RtlAllocateHeap 508->510 515 a7edad-a7edaf 509->515 511 a7ed77-a7ed7e call a7cb10 510->511 512 a7ed9e 510->512 511->509 518 a7ed80-a7ed89 call a82890 511->518 512->515 518->509 518->510
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A7D0E3,00000001,00000364,00000000,?,000000FF,?,00A6E0E9,?,?,?), ref: 00A7ED94
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: a3f1692704fd11a41bca72b0e5e7639984b2d82ac3c4c976a9d782a0bcfa356c
                                                                                                                                                                                  • Instruction ID: a8c4d90c29d9df7ca4aa55caa7c9435d33a23e7f991392b294ccc0690afdc428
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3f1692704fd11a41bca72b0e5e7639984b2d82ac3c4c976a9d782a0bcfa356c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 33F0E932600626AADB70EB75DC05B5B37989F897A0F15C9A1F80DE7082DB30DD1146E4
                                                                                                                                                                                  Function 00A7D330 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 521 a7d330-a7d33c 522 a7d371-a7d37c call a6e5d2 521->522 523 a7d33e-a7d346 521->523 529 a7d37e-a7d380 522->529 524 a7d35c-a7d36d RtlAllocateHeap 523->524 526 a7d36f 524->526 527 a7d348-a7d34f call a7cb10 524->527 526->529 527->522 532 a7d351-a7d35a call a82890 527->532 532->522 532->524
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A7CD65,?,00000000,?,00A6E0E9,?,?,?,?,?,?,00A4163C), ref: 00A7D365
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: 5cc44fc4db536a57ec2f6b4ec050b44cb42bdc4139884644fa184d117a5fd5dd
                                                                                                                                                                                  • Instruction ID: 22a8c0dd6c7bdd456fb311154c1c09963ed68fd82ceca327d0097c226655e121
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cc44fc4db536a57ec2f6b4ec050b44cb42bdc4139884644fa184d117a5fd5dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F06576600B17A6DA2067B69C45B6737B89F827B0B15C630F85DEB190DB20CC0182F6
                                                                                                                                                                                  Function 00A7F530 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 535 a7f530-a7f552 VirtualProtect
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualProtect.KERNELBASE(00AA6000,00000080,00000002,?), ref: 00A7F546
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                  • Opcode ID: 536a94d189dd54d7a450ea04ca6083193fc4685e445a84e45f2957bc7e647088
                                                                                                                                                                                  • Instruction ID: f839d5e470a92402affaaa8fe37c6946d6510917f2453706a26359166dfc5b27
                                                                                                                                                                                  • Opcode Fuzzy Hash: 536a94d189dd54d7a450ea04ca6083193fc4685e445a84e45f2957bc7e647088
                                                                                                                                                                                  • Instruction Fuzzy Hash: 06C08C31340308BFE75087A28C0BF4B369CA781F50F058225B613E60C0DAA0ED044620
                                                                                                                                                                                  Function 00A4CF60 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 579 a4cf60-a4cfde call a56787 call a43380 call a4ccb0 585 a4cfe3-a4cff0 579->585 586 a4d017-a4d047 call a694f0 585->586 587 a4cff2-a4cffd 585->587 588 a4d00c-a4d00e 587->588 589 a4cfff-a4d00a 587->589 588->586 593 a4d010-a4d011 LocalFree 588->593 589->588 592 a4d04a-a4d0dc call a6e447 589->592 596 a4d0e4-a4d0ea 592->596 597 a4d0de-a4d0e2 592->597 593->586 598 a4d0ee-a4d0fd call a6e5d2 596->598 597->598 601 a4d100-a4d10c 598->601 602 a4d143-a4d14d call a44960 601->602 603 a4d10e-a4d126 601->603 607 a4d152-a4d17d call a78aed 602->607 604 a4d135-a4d141 603->604 605 a4d128-a4d132 603->605 604->607 605->604 610 a4d183-a4d186 607->610 611 a4d21f-a4d250 607->611 612 a4d18f-a4d1bb call a50f90 610->612 613 a4d188-a4d18a 610->613 614 a4d2b5-a4d2cd 611->614 615 a4d252-a4d25a 611->615 620 a4d1ec-a4d21c call a694f0 612->620 629 a4d1bd-a4d1ce 612->629 613->601 619 a4d2d3-a4d2e4 614->619 614->620 616 a4d2a7 615->616 617 a4d25c-a4d262 615->617 624 a4d2ab-a4d2b3 616->624 621 a4d264-a4d26b 617->621 622 a4d282-a4d294 617->622 626 a4d1e1-a4d1e3 619->626 627 a4d2ea-a4d2f5 619->627 621->622 628 a4d26d-a4d280 621->628 633 a4d297-a4d2a5 622->633 624->614 624->615 626->620 630 a4d1e5-a4d1e6 LocalFree 626->630 627->626 632 a4d2fb-a4d36f call a6e447 call a6e090 627->632 628->633 629->626 635 a4d1d0-a4d1db 629->635 630->620 641 a4d371-a4d372 LocalFree 632->641 642 a4d378-a4d389 632->642 633->616 633->624 635->626 635->632 641->642
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,00A9A8D9,00000000,00A9A8D9), ref: 00A4D011
                                                                                                                                                                                  • LocalFree.KERNEL32(?,00000010,00000000,255BCF5F,00A9A8D9), ref: 00A4D1E6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeLocal
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2826327444-0
                                                                                                                                                                                  • Opcode ID: 70db925b50f2469dd1c48069b149c036d9588de97a0e79d819bc165aee0dfb54
                                                                                                                                                                                  • Instruction ID: d2802b97eb06fe524ae4bed280f8cae06d7d9e0dafb323bd8987dcd9026a3554
                                                                                                                                                                                  • Opcode Fuzzy Hash: 70db925b50f2469dd1c48069b149c036d9588de97a0e79d819bc165aee0dfb54
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF21D8B1D002099FDB14DF68C945BAEF7B4EB48710F10822DE822A73C1EB756A44CBE1
                                                                                                                                                                                  Function 00A41C60 Relevance: 1.3, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,255BCF5F,?,?,Function_0004B020,000000FF), ref: 00A41C93
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                  • Opcode ID: d0e82eda4bc333c63193b15d1b841c1ebef3652cafffab467edb55264d48cf3c
                                                                                                                                                                                  • Instruction ID: 73739c3befcf75096e0cb09ab1e29ddf85358ff8da553e63e8d90ce084e15318
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0e82eda4bc333c63193b15d1b841c1ebef3652cafffab467edb55264d48cf3c
                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F03071A48644AFC721CF58D940B52B7ECF709B50F008A6EE815D3B80EB79A8008B90
                                                                                                                                                                                  Function 00A45110 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoUninitialize.COMBASE(255BCF5F,?,00A8B110,000000FF), ref: 00A45137
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3861434553-0
                                                                                                                                                                                  • Opcode ID: 8026c3adea34f60019ea6cbc31b780b2890ba472eee4dd584f6e233621e0083d
                                                                                                                                                                                  • Instruction ID: 9adaa841c5d05610b169ed7bf2b97b00a274bc2d8d950f1b21f0d128bb034012
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8026c3adea34f60019ea6cbc31b780b2890ba472eee4dd584f6e233621e0083d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 80E08675948588EFC715DFA8DC05B55B7E8F709B10F00476AE815C3BE0E7395400C750

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00A47800 Relevance: 42.4, APIs: 16, Strings: 8, Instructions: 417libraryloadersleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00000010,00000104,?,?,?), ref: 00A479D8
                                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?), ref: 00A47A5D
                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00A47A7A
                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00A47AB8
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00A47B01
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00A47B08
                                                                                                                                                                                  • AllowSetForegroundWindow.USER32(00000000), ref: 00A47B1E
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00A47B42
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00A47B49
                                                                                                                                                                                  • Sleep.KERNEL32(00000064,?,?,?,?), ref: 00A47B6E
                                                                                                                                                                                  • EnumWindows.USER32(00A47CA0,?), ref: 00A47B8A
                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00004003,?,?,?,?), ref: 00A47BA8
                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?), ref: 00A47BC5
                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00A47BD2
                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00A47CAC
                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00A47CC4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowCodeDirectoryEnumExitLongObjectSingleSleepThreadWait
                                                                                                                                                                                  • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$GetProcessId$Kernel32.dll$open$runas
                                                                                                                                                                                  • API String ID: 3646750338-986041216
                                                                                                                                                                                  • Opcode ID: 063c0f12fcd8c5648e4f04c4aa18a21ea3d0e8dbb080012701472964ec758aea
                                                                                                                                                                                  • Instruction ID: 87efb8075090f2e4d12dfb34be3777bdd588ea53624f79717e3a20c9614e454d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 063c0f12fcd8c5648e4f04c4aa18a21ea3d0e8dbb080012701472964ec758aea
                                                                                                                                                                                  • Instruction Fuzzy Hash: EDF1AF79A0424A9FDF10DFA8C988AADB7F5FF58310F144169E515E7391EB309D05CB50
                                                                                                                                                                                  Function 00A84ED5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,00A851ED,00000002,00000000,?,?,?,00A851ED,?,00000000), ref: 00A84F6E
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,00A851ED,00000002,00000000,?,?,?,00A851ED,?,00000000), ref: 00A84F97
                                                                                                                                                                                  • GetACP.KERNEL32(?,?,00A851ED,?,00000000), ref: 00A84FAC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                  • Opcode ID: 9ddc8a003010f0c25c1b891862168a60942aa8d45dfcb6486555c1096da69266
                                                                                                                                                                                  • Instruction ID: d7e137ee78fe588685b9454628eea5c40bb1127cda562f3b9e5cc286f1381947
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ddc8a003010f0c25c1b891862168a60942aa8d45dfcb6486555c1096da69266
                                                                                                                                                                                  • Instruction Fuzzy Hash: B7214132A00103AADB35EF64DA05B97B2A6AF58F55B57846CEB0ADB104F732DD41D350
                                                                                                                                                                                  Function 00A850B7 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00A851BF
                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00A851FD
                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00A85210
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00A85258
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00A85273
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3475089800-0
                                                                                                                                                                                  • Opcode ID: 6b6116d542317f25c80ac813cdc4511187458e02c8e65a2d549abb1569a17221
                                                                                                                                                                                  • Instruction ID: 83061e7fe8a1002af87e1989ecd64a62fd0a9174552973c67e702893657f84ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b6116d542317f25c80ac813cdc4511187458e02c8e65a2d549abb1569a17221
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9514F71E00606AFEB20FFB4CD45BBAB7B8AF08700F544569E905EB151EB709A418B61
                                                                                                                                                                                  Function 00A84714 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,00A7BB76,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A847DD
                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00A7BB76,?,?,?,00000055,?,-00000050,?,?), ref: 00A84814
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00001002,?,00000078,-00000050,00000000,000000D0), ref: 00A84980
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CodeInfoLocalePageValid
                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                  • API String ID: 790303815-905460609
                                                                                                                                                                                  • Opcode ID: 7b8092b063e1eaf00bd019fceda24bd6004634d802c9dc71a40bbd5efb273a03
                                                                                                                                                                                  • Instruction ID: 62eda2feae730b5b63711a1c1f0eb738e434b95b8fe4b9de953b55617a7164f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b8092b063e1eaf00bd019fceda24bd6004634d802c9dc71a40bbd5efb273a03
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F71D072A00307AAEB24BB74CD86BAB77A8EF4D700F154539E905DB181FB74DD4187A1
                                                                                                                                                                                  Function 00A4D400 Relevance: 6.5, APIs: 2, Strings: 2, Instructions: 483COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,?), ref: 00A4D61D
                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,?), ref: 00A4D87D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeLocal
                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                  • API String ID: 2826327444-2626897407
                                                                                                                                                                                  • Opcode ID: 525d78e6d2b8bd46b23500d30d0baba4be881e05a27d07c243cc5fe9370670b5
                                                                                                                                                                                  • Instruction ID: 2f75046fb3a3710e7f23b228bda36105cf81bb30ff1507bfe1ff3fd1e0b7da49
                                                                                                                                                                                  • Opcode Fuzzy Hash: 525d78e6d2b8bd46b23500d30d0baba4be881e05a27d07c243cc5fe9370670b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3902D075D002199FDF15DFA8CC44BAEBBB5FF89300F144229F815AB281DB349945CB91
                                                                                                                                                                                  Function 00A85A59 Relevance: 6.4, Strings: 4, Instructions: 1424COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                  • API String ID: 0-2761157908
                                                                                                                                                                                  • Opcode ID: d6c2eb21e57de114bb82aec0013d3e3c7497621d10fcd3e4c2591808e4877204
                                                                                                                                                                                  • Instruction ID: 1f66034ac1e2463517330f2b8c5c62e7e7361925a9ad612614288222f174edd5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c2eb21e57de114bb82aec0013d3e3c7497621d10fcd3e4c2591808e4877204
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3C24D72E086298FDB65DF28DD447EAB7B5EB44304F1441EAD84DE7240EB74AE818F41
                                                                                                                                                                                  Function 00A6A1F1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00A6A1FD
                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00A6A2C9
                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A6A2E2
                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00A6A2EC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                  • Opcode ID: 083688c7c0793a7aa0aa8eb45624e3046bd3209c823f5717a67778d84738cb12
                                                                                                                                                                                  • Instruction ID: e37e63388c484f8270006a057307a61dcaa303cb0c904cdd130a463b6e68ed04
                                                                                                                                                                                  • Opcode Fuzzy Hash: 083688c7c0793a7aa0aa8eb45624e3046bd3209c823f5717a67778d84738cb12
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F310879D01329DBDF21DFA4D949BCDBBB8AF18700F1041AAE40CAB250EB719A858F45
                                                                                                                                                                                  Function 00A6985D Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A6997D,00A9183C), ref: 00A69862
                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(00A6997D,?,00A6997D,00A9183C), ref: 00A6986B
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409,?,00A6997D,00A9183C), ref: 00A69876
                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00A6997D,00A9183C), ref: 00A6987D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3231755760-0
                                                                                                                                                                                  • Opcode ID: 70474c91076afcdf47f7234909abf720ac482fa146e14ee0b573e5489de19102
                                                                                                                                                                                  • Instruction ID: 01ed05a41ff2b8971264c2f41f60388cd1bce9c67129cad9c4ca13f44c6884ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: 70474c91076afcdf47f7234909abf720ac482fa146e14ee0b573e5489de19102
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78D0123A40020AEFDB00ABE0EC0CA983F28FB88312F048020F30AC2422FB3144228B61
                                                                                                                                                                                  Function 00A526C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00A432C0,?), ref: 00A526D5
                                                                                                                                                                                  • FormatMessageA.KERNEL32(00001300,00000000,255BCF5F,00000000,00000000,00000000,00000000,?,?,?,00A432C0,?), ref: 00A526FC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                  • String ID: !x-sys-default-locale
                                                                                                                                                                                  • API String ID: 4235545615-2729719199
                                                                                                                                                                                  • Opcode ID: f743f6ec4570ffb06f96baf9871a6ed51e0c4f8393f7fee9537dd9db2179acd9
                                                                                                                                                                                  • Instruction ID: 31cb1de3bb90b4ff750a73d2ace957c060d5c33a4aca62b19e96de7f2efc4620
                                                                                                                                                                                  • Opcode Fuzzy Hash: f743f6ec4570ffb06f96baf9871a6ed51e0c4f8393f7fee9537dd9db2179acd9
                                                                                                                                                                                  • Instruction Fuzzy Hash: ECF030B5211205FFFB04AB95CC0AEAB7BACFB0A391F104125BA02D6450E6B0AE0497A0
                                                                                                                                                                                  Function 00A84B50 Relevance: 4.7, APIs: 3, Instructions: 210COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00001002,?,00000078), ref: 00A84BA7
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00001001,?,00000078), ref: 00A84BEB
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00001001,?,00000078), ref: 00A84CB5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                  • Opcode ID: 05cac691bfcb047af02f0f2a217502320b37ead6be4996b5bd391f56cc13075c
                                                                                                                                                                                  • Instruction ID: 09bb7e94a95d64d3a2f3dfdceb7f00919dc80e255065b7eb36aafe5ade9c3a47
                                                                                                                                                                                  • Opcode Fuzzy Hash: 05cac691bfcb047af02f0f2a217502320b37ead6be4996b5bd391f56cc13075c
                                                                                                                                                                                  • Instruction Fuzzy Hash: F8617C71A01217DFEB28AF24CE82BBA77ADEF48301F14857AE905C6185EB34DD91DB50
                                                                                                                                                                                  Function 00A6E23B Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00A6E333
                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A6E33D
                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00A6E34A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                  • Opcode ID: 4020fbddc48e33fced3a411b0eb8aa6b283170d3b468d7cdee4712e62e086dff
                                                                                                                                                                                  • Instruction ID: f7f21585a937fc850a677a332f1fefb158b03ea7764a8b57392acf1b6a2c1157
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4020fbddc48e33fced3a411b0eb8aa6b283170d3b468d7cdee4712e62e086dff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F31C37590122D9BCB21DF68D9897CDBBB8BF18710F5081EAE41CA7290EB709F818F45
                                                                                                                                                                                  Function 00A41D80 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,255BCF5F,00000001,00000000,?,00000000,00A8B0C0,000000FF,?,00A41D2C,?,?,?,00000000,?), ref: 00A41DAB
                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,00A41D2C,?,?,?,00000000,?,-00000010,00A8B0A0,000000FF,?,00A42048,?,00000000,00A8B0ED), ref: 00A41DB6
                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,00A41D2C,?,?,?,00000000,?,-00000010,00A8B0A0,000000FF,?,00A42048,?,00000000), ref: 00A41DC4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2853612939-0
                                                                                                                                                                                  • Opcode ID: 45ddc9e23e461586eccce708595b1d5fb046628702f9b6e2498b5d638943a15b
                                                                                                                                                                                  • Instruction ID: f8b8528346e7bf7c379f9aeaa50fdeb8e2d6f967fae9a35aaf249b728a3dc31a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45ddc9e23e461586eccce708595b1d5fb046628702f9b6e2498b5d638943a15b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4211C136E00625AFC7249F69DC45B76BBA8FB85725F004A3AEC5AD3250E735AC008690
                                                                                                                                                                                  Function 00A7F7A4 Relevance: 1.9, APIs: 1, Instructions: 407timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00A7FBE9,00000000,00000000,00000000), ref: 00A7FAA9
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationTimeZone
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 565725191-0
                                                                                                                                                                                  • Opcode ID: ef922dd547aa9d8601d4ba09192b0df0453d78330fe9395389763e57ea80b8d4
                                                                                                                                                                                  • Instruction ID: 40b48b9bc89a0a985ab0e6c5ff941a7bc27ee82f86569b31d8829af6180f67c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: ef922dd547aa9d8601d4ba09192b0df0453d78330fe9395389763e57ea80b8d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: F8C11672900216AFDB15AFA4DD02A6EBBB9EF55350F14C036F908EB191E7718F01CB95
                                                                                                                                                                                  Function 00A80150 Relevance: 1.8, APIs: 1, Instructions: 263COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,00000008,?,?,?,00A8013E,?,?,00000008,?,?,00A8A7DE,00000000), ref: 00A80398
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                  • Opcode ID: 33838092312e00ba6405ae916cd705005781936f5677922895513369c582c50d
                                                                                                                                                                                  • Instruction ID: 06c26be4fa47812f32118cc67d40c39aaa68a1c32c2af16aa816865816c1c4c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33838092312e00ba6405ae916cd705005781936f5677922895513369c582c50d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93B17A315106088FE759DF28C49AFA5BBE0FF45364F248758E99A8F2E1C375E985CB80
                                                                                                                                                                                  Function 00A69CEC Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00A69D02
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                  • Opcode ID: 4512589f36b49f9618e6f68d3fd24f7c249bcd4d89047931221f761e2da1afdb
                                                                                                                                                                                  • Instruction ID: 3b2bca26e8a25a8db64a6193659cb819494fab1dc3cba82fde909613214ef414
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4512589f36b49f9618e6f68d3fd24f7c249bcd4d89047931221f761e2da1afdb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 19A15AB2D102068FDB19CFA8D8817AABBF5FB49324F15812AD40AE73A0D3759D51CF90
                                                                                                                                                                                  Function 00A71ACC Relevance: 1.7, Strings: 1, Instructions: 466COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                  • Opcode ID: 4ed98ba7fd2bab371fca8f4861335c5613f52f1813d515f8ef8a3b0a202bb337
                                                                                                                                                                                  • Instruction ID: af590c49a8571db2116eebb72c2bff3a36aae292b93b251943234bf2b7611042
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ed98ba7fd2bab371fca8f4861335c5613f52f1813d515f8ef8a3b0a202bb337
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09029070A046058FCB25CF6CC984ABAB7F1FF88324F24C659D45E9B291E731AD46CB15
                                                                                                                                                                                  Function 00A7168D Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                  • Opcode ID: 00a66f37a037ff2d17c576469e6111387f51e96bae52cd626bbd196b0cadaafc
                                                                                                                                                                                  • Instruction ID: b11653a2aa8def5cdbc2cfe06e17df0fc0242989e480c6d454799ae12c5b6aa3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 00a66f37a037ff2d17c576469e6111387f51e96bae52cd626bbd196b0cadaafc
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0E1CB74A006068FCB28CF6CCD94AAABBF5FF09310F14C61DD49AA7691D734A946CF51
                                                                                                                                                                                  Function 00A81860 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 656cac50940283d6dd224c9aa1c2a0bb17487203eb31eb31c95e411111ea40d0
                                                                                                                                                                                  • Instruction ID: 2c7c4e5a4fc5b45b1edf826d353736cb962b676b811423998925821ad46c2105
                                                                                                                                                                                  • Opcode Fuzzy Hash: 656cac50940283d6dd224c9aa1c2a0bb17487203eb31eb31c95e411111ea40d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31F67290021DAFDB24EFA8CC99DABB77EEB84354F1446A8F80597244EA31AD418B50
                                                                                                                                                                                  Function 00A737DC Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 5
                                                                                                                                                                                  • API String ID: 0-2226203566
                                                                                                                                                                                  • Opcode ID: 80d743ce86f3f7115c781691013d5d710c6c7ccd326cb6f5c66471442a49c31f
                                                                                                                                                                                  • Instruction ID: bcf1532a88a90d6bca17838387c89c64c52ac16058923b62504b6e55af12fec3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80d743ce86f3f7115c781691013d5d710c6c7ccd326cb6f5c66471442a49c31f
                                                                                                                                                                                  • Instruction Fuzzy Hash: AEC11333F042599FDF14CF698C626EEBBF29F98300F29C069E559E7281D6318E41A741
                                                                                                                                                                                  Function 00A84DB0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00001001,?,00000078), ref: 00A84E00
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                  • Opcode ID: e61623266d907c80039541197c0e48b95e84285621df2491980c76525bb7ae97
                                                                                                                                                                                  • Instruction ID: fcad60cd4493148e2bb84488ed5a4246f0eb78981339dace27d9e61c26b8a0bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: e61623266d907c80039541197c0e48b95e84285621df2491980c76525bb7ae97
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8217931A20207ABEB28AF24DD46BBB77ADFF88715F10407AE905DA141EB74AD40CB50
                                                                                                                                                                                  Function 00A84A1E Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00A84B50,00000001,00000000,?,-00000050,?,00A85193,00000000,?,?,?,00000055,?), ref: 00A84A90
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                  • Opcode ID: afd97146af636a1296a546f0b7df4a753e05faf977bff32247b9437c2863eab0
                                                                                                                                                                                  • Instruction ID: 09af93547d9f80dbe066af5045b756178fb46c0ed62090d68c326c0d0c00fae2
                                                                                                                                                                                  • Opcode Fuzzy Hash: afd97146af636a1296a546f0b7df4a753e05faf977bff32247b9437c2863eab0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 851129362003029FDB18AF38C89167AB795FF84358B15452DE9968B640D371A842C740
                                                                                                                                                                                  Function 00A84FDB Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00A84D6D,00000000,00000000,?), ref: 00A85007
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                  • Opcode ID: 514b4d93d6dd9bcd76e58ac8554e95f3d71b054d66cc1b8d8aecee4615515ab4
                                                                                                                                                                                  • Instruction ID: 13acb87979e0d3b036874e50e6354bff81c1cba90b58a744703bba0b23d42149
                                                                                                                                                                                  • Opcode Fuzzy Hash: 514b4d93d6dd9bcd76e58ac8554e95f3d71b054d66cc1b8d8aecee4615515ab4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9301D632B10512AFDB286B748C05ABA7779FB40358F154428AC46A3180EA74ED41C7D0
                                                                                                                                                                                  Function 00A84AB9 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00A84DB0,00000001,?,?,-00000050,?,00A8515B,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00A84B03
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                  • Opcode ID: d37aa6167d780bbe754360ba520caea46c9d38981dd62110509e8dba21f6892b
                                                                                                                                                                                  • Instruction ID: 673f97ae2e1c64d9acd1fc8bd0fdcd7351e10e35713714154cfa098e782953df
                                                                                                                                                                                  • Opcode Fuzzy Hash: d37aa6167d780bbe754360ba520caea46c9d38981dd62110509e8dba21f6892b
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9F0F6363003065FEB24AF75DC85B7ABB95FF84368B05852DFA458B680D6B1AC42C790
                                                                                                                                                                                  Function 00A68F9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00A66A10,00000000,00A9A8D9,00000004,00A65628,00A9A8D9,00000004,00A65A57,00000000,00000000), ref: 00A68FB9
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                  • Opcode ID: 3335f2b7a23dae9ad147edca56e4cc86867657830d070d7ac3d0a17bbaae15f8
                                                                                                                                                                                  • Instruction ID: 31bf8e99d40b99678c74b7ab2c4e19287b313c606fa3fc8499ec476901fa3b8c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3335f2b7a23dae9ad147edca56e4cc86867657830d070d7ac3d0a17bbaae15f8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05E09232760201BAD769DBBD9D1EF6B76BDDB01746F008751B602E51C5DEE8CE00D250
                                                                                                                                                                                  Function 00A849D3 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00A84930,00000001,?,?,?,00A851B5,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A84A0A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                  • Opcode ID: 18c7a37a63fcbc2ad97d15108899f64583324d771c3b5bcb8c752e3f20505142
                                                                                                                                                                                  • Instruction ID: 59d245f92569543676cef2d7f718cc165f5b2c7a02b6a3ba0aeb93ccfaebccec
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18c7a37a63fcbc2ad97d15108899f64583324d771c3b5bcb8c752e3f20505142
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF0E53A3002069BCB24BF75DC5566BBF94EFC6754B468059EE09CB251D6719843C7A0
                                                                                                                                                                                  Function 00A7EDE2 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00A794A1: EnterCriticalSection.KERNEL32(?,?,00A82907,00000000,00AA03B8,0000000C,00A8289B,?,?,00A7ED86,?,?,00A7D0E3,00000001,00000364,00000000), ref: 00A794B0
                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00A7EDC0,00000001,00AA02B8,0000000C,00A7F277,00000000), ref: 00A7EE14
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                  • Opcode ID: cc71733f089f5169f68813a2050e60dfd89fd3a7a1e2a6ec5eaf6ccb9fa53747
                                                                                                                                                                                  • Instruction ID: dc7f4798e5f85f4100d15ea26c3c6427c6901948a622059dbbd96b490cdeea5d
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc71733f089f5169f68813a2050e60dfd89fd3a7a1e2a6ec5eaf6ccb9fa53747
                                                                                                                                                                                  • Instruction Fuzzy Hash: DEF06736A00302EFD700DF98D946B9D77B0EB4A725F10855AF511AB2E0C7B949018F40
                                                                                                                                                                                  Function 00A7F310 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00A7C6FA,?,20001004,00000000,00000002,?,?,00A7BCF8), ref: 00A7F344
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                  • Opcode ID: 50542cb2fdab1e604ec8281e3b29039f1a6449ea4bafa771378acb64557b87cd
                                                                                                                                                                                  • Instruction ID: 4adf887381158f2df616f19a04cf7dac0a7506f08d5eb088e773b8a2b35ec97b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 50542cb2fdab1e604ec8281e3b29039f1a6449ea4bafa771378acb64557b87cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E04F36500118BFCF12AF60DC08EEE7E2AEF48761F10C420FD1965121CB319E21ABD4
                                                                                                                                                                                  Function 00A6A385 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0002A3A0,00A69B25), ref: 00A6A38A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                  • Opcode ID: 2e2d847ddc72df83d8f7552ec8821bc5a22508169d2e9cb245d815f17784785d
                                                                                                                                                                                  • Instruction ID: 24beb594ac4b95d5e7f515996f465cbaf0b7090109dc63518d5ec85896ec1d87
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e2d847ddc72df83d8f7552ec8821bc5a22508169d2e9cb245d815f17784785d
                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                  Function 00A425A0 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00A695A8: AcquireSRWLockExclusive.KERNEL32(00AA3B74,?,?,?,00A42646,00AA4714,255BCF5F,?,?,00A8B16D,000000FF,?,00A41A07), ref: 00A695B3
                                                                                                                                                                                    • Part of subcall function 00A695A8: ReleaseSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A42646,00AA4714,255BCF5F,?,?,00A8B16D,000000FF,?,00A41A07,?,?,?,255BCF5F), ref: 00A695ED
                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00A425F5
                                                                                                                                                                                    • Part of subcall function 00A69557: AcquireSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A69561
                                                                                                                                                                                    • Part of subcall function 00A69557: ReleaseSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A69594
                                                                                                                                                                                    • Part of subcall function 00A69557: WakeAllConditionVariable.KERNEL32(00AA3B70,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A6959F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$ConditionHeapProcessVariableWake
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1755742941-0
                                                                                                                                                                                  • Opcode ID: 554a4c19a164b061b2d5617114e5ba4ebc4c7d1d61332ca029ddaedf826edb77
                                                                                                                                                                                  • Instruction ID: 270e824230230d8654c819664e5a0bed0f2bc508da2bc67cbaf091e823e3b1ca
                                                                                                                                                                                  • Opcode Fuzzy Hash: 554a4c19a164b061b2d5617114e5ba4ebc4c7d1d61332ca029ddaedf826edb77
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6216DB0900282DFDB10DFA8ED457597BE4F78F720F114628F521A76E0E7F529058B91
                                                                                                                                                                                  Function 00A771A9 Relevance: .8, Instructions: 822COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a5dd0705195346927adf81021fc14e56f58dc95e17aa8ff7c5660574acf9efa2
                                                                                                                                                                                  • Instruction ID: 2ed56bd8378ff2cad1046dc1969a36576c9c2ffd890e3d0b2e35015515eeef61
                                                                                                                                                                                  • Opcode Fuzzy Hash: a5dd0705195346927adf81021fc14e56f58dc95e17aa8ff7c5660574acf9efa2
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3428E7260824ABBDF1A8F54CD45EAF3F66EF49344F14C414FE09A61A1C632CD61EBA1
                                                                                                                                                                                  Function 00A75B10 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5f92108d1559b770655b7c5004e781b0bb4a3dd80ac85cb6c7a0d19db5291400
                                                                                                                                                                                  • Instruction ID: 92a0a18bba0ae9f70b23a9902274a738509cfa762831a499bed4acfe2e592993
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f92108d1559b770655b7c5004e781b0bb4a3dd80ac85cb6c7a0d19db5291400
                                                                                                                                                                                  • Instruction Fuzzy Hash: 38024D71E006199FDF14CFA9D980AADFBB1FF48314F24C26AE519AB344D770A941CB90
                                                                                                                                                                                  Function 00A7FDF0 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 362f27749865c37de93258857123dc6de919558688fdc7f1ee9fb2e473fcb835
                                                                                                                                                                                  • Instruction ID: d766cdda137d4df2625ff4d206561aa1ebbed91e16dc6cdf4ac0ffcb81ddf3a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 362f27749865c37de93258857123dc6de919558688fdc7f1ee9fb2e473fcb835
                                                                                                                                                                                  • Instruction Fuzzy Hash: DB91C432D01E4C8EDB52EF68C840BAEB7B1AF46360F15C392DC557B291EB359989C750
                                                                                                                                                                                  Function 00A73B75 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ce90631ccd48a786f0dbaec49c2f70008bc2b08315126eb600449cdff332ad58
                                                                                                                                                                                  • Instruction ID: e3157b94637072bde01948c6f71e25ee3b035a06d027db2268b389d5fa62f28b
                                                                                                                                                                                  • Opcode Fuzzy Hash: ce90631ccd48a786f0dbaec49c2f70008bc2b08315126eb600449cdff332ad58
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC516272E00109EFDF05CFA9CD516AEBBB6EF88300F15C099E515AB241D7349E55EB90
                                                                                                                                                                                  Function 00A6B570 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                  • Instruction ID: 9b14366dbc333ed09d854771d2fe0885cbabd1f0524ec702db3cf86af76a87f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                  • Instruction Fuzzy Hash: D41108BB26005243D604872EC9B45FBA3B6EBC5321B2D437AD053CB758D332D9C59620
                                                                                                                                                                                  Function 00A489D0 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 347filememoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A48A4D
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00A48AA0
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48AAF
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00A48ACB
                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48BAB
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48BB7
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48BF3
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48C11
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48C2E
                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48CC3
                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00A48D08
                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00A48D5A
                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A48D8D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                                  • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                  • API String ID: 2199533872-3004881174
                                                                                                                                                                                  • Opcode ID: d60916b50e3de71c4ab2f15ca0df9095770b1ded60cb1a0e2fe50f0ef4105777
                                                                                                                                                                                  • Instruction ID: 7d18de3e849bf1b36ecfe654f8499a48b9cd45b935c4ca7b1ce2fb15ad0bd14e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d60916b50e3de71c4ab2f15ca0df9095770b1ded60cb1a0e2fe50f0ef4105777
                                                                                                                                                                                  • Instruction Fuzzy Hash: FEC104B5A002459FEB20DF68DC45BAFBBF5EF95700F244129E900AB2D1EB784906C7A1
                                                                                                                                                                                  Function 00A45A00 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 373fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,URL,00000000,?,255BCF5F,?,00000004), ref: 00A45A6A
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A45B7B
                                                                                                                                                                                  • MoveFileW.KERNEL32(?,00000000), ref: 00A45E1B
                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00A45E63
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A45EFD
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A45FB2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFreeLocal$DeleteMoveNameTemp
                                                                                                                                                                                  • String ID: URL$url
                                                                                                                                                                                  • API String ID: 1227976696-346267919
                                                                                                                                                                                  • Opcode ID: 3a262c5ca8e3bf06097642ba5d02ad77b55779708e8ddb9e0d088e7c699ef2c0
                                                                                                                                                                                  • Instruction ID: 3b597102632f32eb1c74fa031c596ee04495c44fe02722a49ea5e91a34f4e576
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a262c5ca8e3bf06097642ba5d02ad77b55779708e8ddb9e0d088e7c699ef2c0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93024674D146699BCB24DF28C998BADB7B0FF94304F1042D9E409A7291EB75ABC4CF81
                                                                                                                                                                                  Function 00A513A0 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 404registryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,-00000002,00000000,?,?), ref: 00A517A2
                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000002,00000000,00000000,00AA47B8,00000800), ref: 00A517C2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: OpenQueryValue
                                                                                                                                                                                  • String ID: /DontWait $/EnforcedRunAsAdmin $/HideWindow$/RunAsAdmin
                                                                                                                                                                                  • API String ID: 4153817207-1914306501
                                                                                                                                                                                  • Opcode ID: c358047a98d96b82601daeaac0966507962f9c895ceb3862385497a6b56084da
                                                                                                                                                                                  • Instruction ID: 230208be838cbe6e06b301ff8f09a4e6d0c587830022c0f6b575689c3d7a1c75
                                                                                                                                                                                  • Opcode Fuzzy Hash: c358047a98d96b82601daeaac0966507962f9c895ceb3862385497a6b56084da
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D1E369A002528BCB349F14C840776B2F1FFA5786F5E446AEC868B691F774CC8AC791
                                                                                                                                                                                  Function 00A50780 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 274memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?), ref: 00A5083F
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?), ref: 00A50881
                                                                                                                                                                                    • Part of subcall function 00A50780: LocalFree.KERNEL32(?,00000000,00000000,?,?,255BCF5F,255BCF5F,00000000,?), ref: 00A50A66
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A50931
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Local$AllocFree
                                                                                                                                                                                  • String ID: ios_base::failbit set$iostream
                                                                                                                                                                                  • API String ID: 2012307162-302468714
                                                                                                                                                                                  • Opcode ID: 1b547a576e4a3f3e9761fc3570eed3b61943dbdc4a3cb352dc02bcfe98638955
                                                                                                                                                                                  • Instruction ID: bd6dfee4a41c8856cb53787cf4c362a59309b642219d5329e4034a15279d531f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b547a576e4a3f3e9761fc3570eed3b61943dbdc4a3cb352dc02bcfe98638955
                                                                                                                                                                                  • Instruction Fuzzy Hash: EBA1B2B1D00205DFDB14DFA8D984BAEBBB5FF48310F14825EE815AB391DB709944CB91
                                                                                                                                                                                  Function 00A6921D Relevance: 9.2, APIs: 6, Instructions: 225COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00A692A8
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A69334
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A6939F
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A693BB
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A6941E
                                                                                                                                                                                  • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00A6943B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2984826149-0
                                                                                                                                                                                  • Opcode ID: ddc6ed179ee1d2bad39ee20d2c2234a1f18d84b8b17668d74671cec2fe3369c9
                                                                                                                                                                                  • Instruction ID: 93bd8eb7c1b68800a8786a9912ba236977579bdbe573c264482ebcc2702c396f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ddc6ed179ee1d2bad39ee20d2c2234a1f18d84b8b17668d74671cec2fe3369c9
                                                                                                                                                                                  • Instruction Fuzzy Hash: F671EF7290021AAFDF218FA4CD99BEFBBBDAF05710F144119E915AB290DB358C42C7A0
                                                                                                                                                                                  Function 00A42CD0 Relevance: 9.2, APIs: 6, Instructions: 220encryptionCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • #224.MSI(?,00000001,00000000,00000000,00000000), ref: 00A42D50
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A42DBA
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A42E24
                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 00A42F65
                                                                                                                                                                                    • Part of subcall function 00A43DC0: CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000,255BCF5F), ref: 00A43E03
                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00A42F1B
                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000003,?), ref: 00A42FAB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Free$CertLocal$CertificateContext$#224NameString
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2751787804-0
                                                                                                                                                                                  • Opcode ID: 8c7ef938be8d53560dd8b8d028566433dce70f7d49aae0076e77c113282ec54d
                                                                                                                                                                                  • Instruction ID: 6c2965e337d0e6ea803c3b6030c810321eddade097bac189be5cc2af7bc776e1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c7ef938be8d53560dd8b8d028566433dce70f7d49aae0076e77c113282ec54d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5917E74D0024ACFDB18CFA8C5587AEFBF1FF84304F544619E415AB291DBB5AA89CB90
                                                                                                                                                                                  Function 00A68CFE Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,CCCCCCCC,00A4C98F,?,00000001,00000000,00000000,?,?,00A4C98F,?), ref: 00A68D47
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,00A4C98F,?,?,00000000,00A4CFE3,0000003F,?), ref: 00A68DB2
                                                                                                                                                                                  • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00A4C98F,?,?,00000000,00A4CFE3,0000003F), ref: 00A68DCF
                                                                                                                                                                                  • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,00A4C98F,?,?,00000000,00A4CFE3,0000003F), ref: 00A68E0E
                                                                                                                                                                                  • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00A4C98F,?,?,00000000,00A4CFE3,0000003F), ref: 00A68E6D
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,00A4C98F,?,?,00000000,00A4CFE3,0000003F,?), ref: 00A68E90
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2829165498-0
                                                                                                                                                                                  • Opcode ID: 37dbc7b0f7a39ccac9215f7b70f4097a9fd344dd301eb89edad025a0b429e044
                                                                                                                                                                                  • Instruction ID: e504516ac36e78ef43b8920c538dc3d553f7ca7cb3df5d93b8b070dc3f99203e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37dbc7b0f7a39ccac9215f7b70f4097a9fd344dd301eb89edad025a0b429e044
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B51797260020AAFEF209FA0CC45FAB7BBDEF44B50F154625FA04A6190DB7ACD11CB60
                                                                                                                                                                                  Function 00A48620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(255BCF5F,255BCF5F,?,?,00000000,00A8BF91,000000FF), ref: 00A486BB
                                                                                                                                                                                    • Part of subcall function 00A695A8: AcquireSRWLockExclusive.KERNEL32(00AA3B74,?,?,?,00A42646,00AA4714,255BCF5F,?,?,00A8B16D,000000FF,?,00A41A07), ref: 00A695B3
                                                                                                                                                                                    • Part of subcall function 00A695A8: ReleaseSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A42646,00AA4714,255BCF5F,?,?,00A8B16D,000000FF,?,00A41A07,?,?,?,255BCF5F), ref: 00A695ED
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00A48680
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00A48687
                                                                                                                                                                                    • Part of subcall function 00A69557: AcquireSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A69561
                                                                                                                                                                                    • Part of subcall function 00A69557: ReleaseSRWLockExclusive.KERNEL32(00AA3B74,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A69594
                                                                                                                                                                                    • Part of subcall function 00A69557: WakeAllConditionVariable.KERNEL32(00AA3B70,?,?,00A426B7,00AA4714,00A8EC90), ref: 00A6959F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                  • API String ID: 411948497-3789238822
                                                                                                                                                                                  • Opcode ID: 2d6f0525b1ab3fd783c0eafaf9460fb8f65d4c92aff986bd501a1628e5f14fe6
                                                                                                                                                                                  • Instruction ID: 1d3fbc4b5de9e5bedd16510551a913c22d132ca5027d192c5498ac696a6adb8e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d6f0525b1ab3fd783c0eafaf9460fb8f65d4c92aff986bd501a1628e5f14fe6
                                                                                                                                                                                  • Instruction Fuzzy Hash: A121C072900655EFDB10CFA4ED05B9EB7B8F74A720F10062AF811D32D0DB796901CB91
                                                                                                                                                                                  Function 00A7A628 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,255BCF5F,?,?,00000001,00A8D620,000000FF,?,00A7A61D,?,?,00A7A5F4,?,?), ref: 00A7A65D
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A7A66F
                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000001,00A8D620,000000FF,?,00A7A61D,?,?,00A7A5F4,?,?), ref: 00A7A691
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                  • Opcode ID: ca692b9daaf3355dfe6de74b485f2bb42be5ba55aba1e00a57b004f31f06bf2e
                                                                                                                                                                                  • Instruction ID: 2340497150f17b120124567ae776b31f5b2118571a0e2188940631585be2c418
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca692b9daaf3355dfe6de74b485f2bb42be5ba55aba1e00a57b004f31f06bf2e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 77016731A50616FFDB11DF94DC09FAEBBF8FB44B61F044625E811A26D0DB759900CB50
                                                                                                                                                                                  Function 00A7F0FA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00A7F064,?,?,?,?,?,00A7F188,0000001A,AppPolicyGetProcessTerminationMethod,00A94848,AppPolicyGetProcessTerminationMethod,?), ref: 00A7F109
                                                                                                                                                                                  • GetLastError.KERNEL32(?,00A7F064,?,?,?,?,?,00A7F188,0000001A,AppPolicyGetProcessTerminationMethod,00A94848,AppPolicyGetProcessTerminationMethod,?,?,00A8167E,00000000), ref: 00A7F113
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,?,?,?), ref: 00A7F151
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                  • API String ID: 3177248105-537541572
                                                                                                                                                                                  • Opcode ID: 001cf02bdf264f0584b440b916da4911dfdc2d05458af2859bfa529c58a8fb83
                                                                                                                                                                                  • Instruction ID: 3a8c16008a4eb63e6241b201443e0181686b3a927cc7fcf5f2dd9c016aca66da
                                                                                                                                                                                  • Opcode Fuzzy Hash: 001cf02bdf264f0584b440b916da4911dfdc2d05458af2859bfa529c58a8fb83
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5F01230640205FEDF215B61EC06F593F55AB00B50F64C530FE0CE51E1E761DA619685
                                                                                                                                                                                  Function 00A47E40 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000010,00000010,?,00A47ACB,?,?,?), ref: 00A47E47
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                  • API String ID: 1452528299-1782174991
                                                                                                                                                                                  • Opcode ID: c5a79ef6b0d55a88df11a86ce38e7d7e6906d2bd845b1e1e637e94b3388c5e7a
                                                                                                                                                                                  • Instruction ID: 3b8c349fd1c7237eeb6d42e712f8ba6bbe7404230ffa1a2544be00955aaa7a9f
                                                                                                                                                                                  • Opcode Fuzzy Hash: c5a79ef6b0d55a88df11a86ce38e7d7e6906d2bd845b1e1e637e94b3388c5e7a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83213A4DB102A286CB705F3C840123AA2F1AFA4754B6519AFE8C8D7390F7698C828395
                                                                                                                                                                                  Function 00A46150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00A461B5
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,000000FF,00A8B8CD,000000FF), ref: 00A4626B
                                                                                                                                                                                    • Part of subcall function 00A41FD0: FindResourceW.KERNEL32(00000000,?,00000006,?,00000000,00A8B0ED,000000FF,?,80070057,?,00000000,?,00000010,?,00A41B09,?), ref: 00A4205C
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,00A8B8CD,000000FF), ref: 00A4620F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DirectoryErrorFindLastLibraryLoadResourceSystem
                                                                                                                                                                                  • String ID: ntdll.dll
                                                                                                                                                                                  • API String ID: 4113295189-2227199552
                                                                                                                                                                                  • Opcode ID: ae97a48903d4c56b3ac33a9a6b7ccfd779be1f7f3a6b80c7195e4ab622ed30e2
                                                                                                                                                                                  • Instruction ID: e073372e438c167da21797e2b872c1e04b1c10be6275700f7e173f1467775005
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae97a48903d4c56b3ac33a9a6b7ccfd779be1f7f3a6b80c7195e4ab622ed30e2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 95418075A00209AFDB10DFA8CD84BEEB7B4FF49710F144569E815EB2C1EBB49A05CB91
                                                                                                                                                                                  Function 00A6DE82 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00A6DE33,00000000,?,00AA3F04,?,?,?,00A6DFD6,00000004,InitializeCriticalSectionEx,00A9230C,InitializeCriticalSectionEx), ref: 00A6DE8F
                                                                                                                                                                                  • GetLastError.KERNEL32(?,00A6DE33,00000000,?,00AA3F04,?,?,?,00A6DFD6,00000004,InitializeCriticalSectionEx,00A9230C,InitializeCriticalSectionEx,00000000,?,00A6DD8D), ref: 00A6DE99
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00A6DEC1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                  • Opcode ID: dc25169c9920527f78f2617f90a7bf7b37755c96e52d6e202f7e02396770ba6e
                                                                                                                                                                                  • Instruction ID: 1ee717aa6ecc90688325c975d39de8c67c92f8ad915b953ac03939ca8020b250
                                                                                                                                                                                  • Opcode Fuzzy Hash: dc25169c9920527f78f2617f90a7bf7b37755c96e52d6e202f7e02396770ba6e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE0BF70B80205BFEF215BA1EC46B593FA5AB11B95F244430F90CE84E1E762A9659784
                                                                                                                                                                                  Function 00A88298 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(255BCF5F,00000000,00000000,?), ref: 00A882FB
                                                                                                                                                                                    • Part of subcall function 00A812CA: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,00000000,?,-00000008,-00000008,00000000,?,?,00A7EB45,?,00000000), ref: 00A81329
                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00A88551
                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A88597
                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00A8863A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2112829910-0
                                                                                                                                                                                  • Opcode ID: 3f2525cf5f8d124f204872763b1bd777d7207ad1b5249ea70a9f21f616c8202c
                                                                                                                                                                                  • Instruction ID: 17689e633675907306e79b23d13f9534ac2c46139f347a52c500acc97d77111f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f2525cf5f8d124f204872763b1bd777d7207ad1b5249ea70a9f21f616c8202c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BD1AE75D002499FCF15DFA8D9809ADBBF5FF09300F68816AE456EB351EB34A942CB50
                                                                                                                                                                                  Function 00A4F4E0 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 263memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000018,255BCF5F,00000000,?), ref: 00A4F546
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                  • API String ID: 3494564517-1062449267
                                                                                                                                                                                  • Opcode ID: ff62f3d2bfa29cb34b885509183dd52d823458eb6cc6b9b254ffa957fda57264
                                                                                                                                                                                  • Instruction ID: bdfb698396e8d44e89af890a171e1651c6cd0a8d2d00e89815eda830304a62ba
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff62f3d2bfa29cb34b885509183dd52d823458eb6cc6b9b254ffa957fda57264
                                                                                                                                                                                  • Instruction Fuzzy Hash: B7B161B1D01348DEEF10DFA4C945B9EBBF4BF14304F148169E854AB282E7759A48CB91
                                                                                                                                                                                  Function 00A492A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00A48D7C,00000000,?,?,?,?,?,?,?,00000000,00A8BFF5,000000FF), ref: 00A492A7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                  • API String ID: 1452528299-1781106413
                                                                                                                                                                                  • Opcode ID: 34f75baae4b6fba3f8800e83607f96823401163a171acb046f88e7a57a380ab8
                                                                                                                                                                                  • Instruction ID: 867938944c40b320d309029abe790e46e4fa479a8cf3065ba3af6b2553441bd9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34f75baae4b6fba3f8800e83607f96823401163a171acb046f88e7a57a380ab8
                                                                                                                                                                                  • Instruction Fuzzy Hash: DA218E4DB2026287CF701F7C850123BA2F5AFA4755F25182FE8C8D7390FAA98C82C395
                                                                                                                                                                                  Function 00A518C0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,255BCF5F), ref: 00A518FC
                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A5191C
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A5194D
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A51966
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3604237281-0
                                                                                                                                                                                  • Opcode ID: 055f48195572078b5d8d0316057cc06a0eff5d84b85ca0ad1c82a4f8103e8911
                                                                                                                                                                                  • Instruction ID: 23ca2eefb8fd533a3a97f8a2e8fe3949cdd298231bc0d2704661c7fb053910f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 055f48195572078b5d8d0316057cc06a0eff5d84b85ca0ad1c82a4f8103e8911
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3217F70A40315EFD720DF54DC49FAABBF8FB05B14F20412AF910AB2C0E7B45A058795
                                                                                                                                                                                  Function 00A6A445 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A6A457
                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00A6A466
                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00A6A46F
                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00A6A47C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: 9a253294b1d6e258611b8c27401b51fe9c83a636532c5577c420d54311b8815d
                                                                                                                                                                                  • Instruction ID: b15cad81dbe1d5b2ffca8ea76e0ef8f326c59779879d39a1353c90d74b0be040
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a253294b1d6e258611b8c27401b51fe9c83a636532c5577c420d54311b8815d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF0AF70C10209EFCB00DBF0D989A9EBBF8EF08215FA144A69402E7110E734AB05DB50
                                                                                                                                                                                  Function 00A49890 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                  • API String ID: 0-3019864461
                                                                                                                                                                                  • Opcode ID: a61bc743ed27f32ff665bf2357523a88481c3635ef1219abe0f1be457ab773b0
                                                                                                                                                                                  • Instruction ID: 0fd9b661748e4e264f497aa831284731ec3940706eb6838df74305da8d3e835e
                                                                                                                                                                                  • Opcode Fuzzy Hash: a61bc743ed27f32ff665bf2357523a88481c3635ef1219abe0f1be457ab773b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5351AFB4E002049BDB24DF68C985BAFB7F5FF94304F108A1EE441B7691D775A985CB90
                                                                                                                                                                                  Function 00A6D426 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,?), ref: 00A6D44B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EncodePointer
                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                                                                                  • Opcode ID: 5bcad9f91a77c1237713e6ac380b0d287c596c5687cd6f3b18addaf3e08a4e14
                                                                                                                                                                                  • Instruction ID: c908eeec9e1e557bfecab7875badc99bd7706916a8904e0316a539c458ce4c76
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bcad9f91a77c1237713e6ac380b0d287c596c5687cd6f3b18addaf3e08a4e14
                                                                                                                                                                                  • Instruction Fuzzy Hash: D7417971E00209AFCF16DF98CD81AAE7BB5FF48348F158199FA09A7211D335A950DB50
                                                                                                                                                                                  Function 00A48310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00A48356
                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,255BCF5F), ref: 00A483C5
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConvertFreeLocalString
                                                                                                                                                                                  • String ID: Invalid SID
                                                                                                                                                                                  • API String ID: 3201929900-130637731
                                                                                                                                                                                  • Opcode ID: 13a52a832ec14d07c5dd1a6f30142c9aaac6fc00674aa86a823c1989015ec485
                                                                                                                                                                                  • Instruction ID: 0af1f6ccd1aadd9c33571271eff0cf899af27536702eb6533584e46541fe1295
                                                                                                                                                                                  • Opcode Fuzzy Hash: 13a52a832ec14d07c5dd1a6f30142c9aaac6fc00674aa86a823c1989015ec485
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6821D575A003059BDB10DF98D8157BFBBF8FF84B14F10461EE801A7280D7B96A458BD0
                                                                                                                                                                                  Function 00A52345 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00A51020: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,255BCF5F,?,00A8B110,000000FF), ref: 00A51047
                                                                                                                                                                                    • Part of subcall function 00A51020: GetLastError.KERNEL32(?,00000000,00000000,255BCF5F,?,00A8B110,000000FF), ref: 00A51051
                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,00A9ECF8), ref: 00A52378
                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00A9ECF8), ref: 00A52387
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A52382
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                  • API String ID: 3511171328-631824599
                                                                                                                                                                                  • Opcode ID: 559c7b6af8f5d4334ec771ee10cc3d33ad7e1d8d6a3486950bb5cd116c816744
                                                                                                                                                                                  • Instruction ID: e66c92ad0533361fb0d1ad820cdcbb3681d89fea0cf7490425dc693ac2fc5901
                                                                                                                                                                                  • Opcode Fuzzy Hash: 559c7b6af8f5d4334ec771ee10cc3d33ad7e1d8d6a3486950bb5cd116c816744
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E092742013538FD320EF68E504746BBE0BF46715F00892CED52CB251E7B8D449CB51
                                                                                                                                                                                  Function 00A46D20 Relevance: 5.2, APIs: 4, Instructions: 198memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000028,255BCF5F,?,00000000,?,?,?,00A8BB00,000000FF,?,00A464FE,00000000,?), ref: 00A46DD4
                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,00A8BB00,000000FF,?,00A464FE,00000000), ref: 00A46E8A
                                                                                                                                                                                  • LocalFree.KERNEL32(?,255BCF5F,00000000,00A8B110,000000FF,?,00000000,00000000,00A8BB00,?,255BCF5F), ref: 00A46F1D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Local$Free$Alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3098330729-0
                                                                                                                                                                                  • Opcode ID: 81fa870326bd81d95d6cd4273b0a84c12ae7a2e2d326cbb4013e4d3f631c2d89
                                                                                                                                                                                  • Instruction ID: 937601fcbaa04e4bff097e0446b4b68997e5ec345d469f4f99a97d9fff10796c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 81fa870326bd81d95d6cd4273b0a84c12ae7a2e2d326cbb4013e4d3f631c2d89
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA51D7B9A002069FCB18CFA8C985BAEBBB5FB49710F10472DE915E7380D731AD01CB91
                                                                                                                                                                                  Function 00A44B00 Relevance: 5.2, APIs: 4, Instructions: 170memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,80000022,?,?,?,00000000,?,?,00000000,?), ref: 00A44B56
                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,7FFFFFFF,?,?,?,00000000,?,?,00000000,?), ref: 00A44BA0
                                                                                                                                                                                  • LocalFree.KERNEL32(7FFFFFFE,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00A44C22
                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,255BCF5F,00000000,00000000,Function_0004B020,000000FF,?,?,00000000,?,?,00000000,?), ref: 00A44CAD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Local$AllocFree
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2012307162-0
                                                                                                                                                                                  • Opcode ID: c9342c74c2429689a54efda124ed8205a106653abcb924e97e34921d771a3b7d
                                                                                                                                                                                  • Instruction ID: 483fcf0531a316bf66eef4c212688b8937c3e77374caab8432218e9f7d1cf2da
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9342c74c2429689a54efda124ed8205a106653abcb924e97e34921d771a3b7d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 105101766052159FC714EF28D981B6AB7E8FB88720F140A2EF855E7290EB70ED058B91
                                                                                                                                                                                  Function 00A7D0AE Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,00A7D268,?,00A6E0E9,?,?,?,?,?,?,00A4163C,?,?,00000020), ref: 00A7D0B1
                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,000000FF,?,00A6E0E9,?,?,?,?,?,?,00A4163C,?,?,00000020), ref: 00A7D0CB
                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,00000000,?,000000FF,?,00A6E0E9,?,?,?,?,?,?,00A4163C,?,?), ref: 00A7D101
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000014.00000002.22758543487.0000000000A41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000014.00000002.22758483904.0000000000A40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758690352.0000000000A8F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758860286.0000000000AA2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000014.00000002.22758911364.0000000000AA7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_a40000_MSI751E.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                                  • Opcode ID: ad21584003cbf8a022f1769070640a3c4a55908b5e88066f6735976591511c4a
                                                                                                                                                                                  • Instruction ID: bdb0e0dc0dbb6e55ec755792c41dc61c32d32144bb98c453fb73bd2988aa57fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: ad21584003cbf8a022f1769070640a3c4a55908b5e88066f6735976591511c4a
                                                                                                                                                                                  • Instruction Fuzzy Hash: C801D8322042017EE71177F4BD8AE6F2A79EF467B4B50C239FA0D941A7EB504C035791

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:2.1%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0.3%
                                                                                                                                                                                  Total number of Nodes:637
                                                                                                                                                                                  Total number of Limit Nodes:32
                                                                                                                                                                                  execution_graph 31078 7ff7c10b9b30 186 API calls 31016 7ff7c0ee4a10 204 API calls 31017 7ff7c0eda210 196 API calls 31018 7ff7c0edbe10 145 API calls 31019 7ff7c0ed9010 25 API calls 31020 7ff7c0ed7a10 227 API calls 31082 7ff7c0ed3510 111 API calls 31083 7ff7c0ed6910 206 API calls 31022 7ff7c102cc30 19 API calls 31023 7ff7c0ed6965 204 API calls 31024 7ff7c10ac420 6 API calls 31026 7ff7c0ee4c00 231 API calls 31084 7ff7c0ee4273 GetCurrentThreadId RaiseException 31085 7ff7c0eda700 185 API calls 31087 7ff7c0ee0f00 198 API calls 31091 7ff7c103df20 205 API calls 30993 7ff7c1080820 30994 7ff7c108095c 30993->30994 30995 7ff7c10809cb 30994->30995 30996 7ff7c1080981 GetModuleHandleW 30994->30996 31005 7ff7c1080af0 30995->31005 30996->30995 31003 7ff7c108098e 30996->31003 30999 7ff7c1080a0e 31000 7ff7c1080a19 31013 7ff7c1080928 11 API calls 31000->31013 31003->30995 31012 7ff7c1080894 GetModuleHandleExW GetProcAddress FreeLibrary 31003->31012 31014 7ff7c1097698 EnterCriticalSection 31005->31014 31007 7ff7c1080b0c 31008 7ff7c1080a24 EnterCriticalSection LeaveCriticalSection 31007->31008 31009 7ff7c1080b15 31008->31009 31010 7ff7c10976b4 LeaveCriticalSection 31009->31010 31011 7ff7c1080a07 31010->31011 31011->30999 31011->31000 31012->30995 31028 7ff7c0edaff0 16 API calls 31095 7ff7c0ed30ee 183 API calls 31030 7ff7c0ed4fe8 192 API calls 31096 7ff7c106c550 102 API calls 31097 7ff7c0ede6e6 202 API calls 31098 7ff7c0ed54df 208 API calls 30273 7ff7c0fdb550 30276 7ff7c0fdb590 30273->30276 30277 7ff7c0fdb5ed 30276->30277 30278 7ff7c0fdb56b 30276->30278 30286 7ff7c106ce70 AcquireSRWLockExclusive 30277->30286 30280 7ff7c0fdb5f9 30280->30278 30281 7ff7c0fdb623 30280->30281 30282 7ff7c106ce70 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 30280->30282 30283 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30281->30283 30284 7ff7c0fdb65a 30282->30284 30283->30278 30284->30281 30285 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30284->30285 30285->30281 30287 7ff7c106ce86 30286->30287 30288 7ff7c106ce8b ReleaseSRWLockExclusive 30287->30288 30289 7ff7c106ce90 SleepConditionVariableSRW 30287->30289 30289->30287 31100 7ff7c0ed5ce0 201 API calls 31101 7ff7c0ee34de 185 API calls 30291 7ff7c0edc0d0 30341 7ff7c1023070 30291->30341 30293 7ff7c0edc0fc 30294 7ff7c1023070 192 API calls 30293->30294 30295 7ff7c0edc142 30294->30295 30353 7ff7c0edc660 30295->30353 30300 7ff7c0edc380 30415 7ff7c101e890 183 API calls 30300->30415 30302 7ff7c1023070 192 API calls 30304 7ff7c0edc1ce 30302->30304 30303 7ff7c0edc396 30381 7ff7c102b830 30304->30381 30306 7ff7c0edc250 SetCurrentDirectoryW 30308 7ff7c0edc275 30306->30308 30309 7ff7c0edc3d3 30308->30309 30310 7ff7c0edc28b 30308->30310 30311 7ff7c0edc3fc QueryPerformanceCounter 30309->30311 30318 7ff7c0edc418 30309->30318 30312 7ff7c0edc2a2 LoadLibraryExW 30310->30312 30313 7ff7c0edc5c1 30310->30313 30311->30318 30317 7ff7c0edc2ce 30312->30317 30331 7ff7c0edc4ce 30312->30331 30393 7ff7c106a660 30313->30393 30315 7ff7c0edc830 287 API calls 30315->30318 30320 7ff7c0edc2eb GetProcAddress 30317->30320 30321 7ff7c0edc2d7 SetProcessShutdownParameters 30317->30321 30318->30315 30322 7ff7c0edc450 QueryPerformanceCounter 30318->30322 30323 7ff7c0edc49c 30318->30323 30328 7ff7c0edc314 30320->30328 30321->30320 30322->30318 30325 7ff7c0edc62c 30322->30325 30416 7ff7c0ed4e70 191 API calls 30323->30416 30327 7ff7c0edc56c GetLastError 30418 7ff7c10d5ad0 201 API calls 30327->30418 30328->30323 30332 7ff7c0edc349 30328->30332 30329 7ff7c106a660 9 API calls 30329->30323 30331->30327 30419 7ff7c1053370 197 API calls 30331->30419 30420 7ff7c0f35b40 197 API calls 30331->30420 30335 7ff7c0edc367 30332->30335 30336 7ff7c0edc4c4 30332->30336 30338 7ff7c0edc3b5 30335->30338 30414 7ff7c106f290 8 API calls 30335->30414 30417 7ff7c0ed4e70 191 API calls 30336->30417 30351 7ff7c10230c2 30341->30351 30348 7ff7c102343b 30349 7ff7c1023454 30348->30349 30421 7ff7c106f290 8 API calls 30348->30421 30349->30293 30351->30348 30351->30349 30352 7ff7c106ca88 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 30351->30352 30422 7ff7c1010960 183 API calls 30351->30422 30423 7ff7c1044530 183 API calls 30351->30423 30424 7ff7c10ac2e0 183 API calls 30351->30424 30425 7ff7c10ac2a0 183 API calls 30351->30425 30426 7ff7c105b6d0 192 API calls 30351->30426 30427 7ff7c1022d30 183 API calls 30351->30427 30352->30351 30428 7ff7c1022e70 30353->30428 30356 7ff7c0edc6de SetLastError 30358 7ff7c0edc6bd 30356->30358 30357 7ff7c0edc68d 30432 7ff7c0eddcc0 30357->30432 30361 7ff7c0edc190 30358->30361 30457 7ff7c106f290 8 API calls 30358->30457 30364 7ff7c1039010 30361->30364 30365 7ff7c103903b 30364->30365 30366 7ff7c103907f 30364->30366 30367 7ff7c103905a 30365->30367 30368 7ff7c103918f 30365->30368 30567 7ff7c0fd8c50 30366->30567 30370 7ff7c0edc19c 30367->30370 30566 7ff7c106f290 8 API calls 30367->30566 30613 7ff7c1056080 23 API calls 30368->30613 30370->30300 30370->30302 30371 7ff7c10390c8 30377 7ff7c10390e2 30371->30377 30614 7ff7c10d3060 8 API calls 30371->30614 30378 7ff7c103914e GetModuleHandleW GetProcAddress 30377->30378 30380 7ff7c0f0d980 21 API calls 30377->30380 30611 7ff7c1022cf0 191 API calls 30377->30611 30612 7ff7c101c910 201 API calls 30377->30612 30378->30377 30380->30377 30382 7ff7c102b87c 30381->30382 30383 7ff7c102b86f 30381->30383 30385 7ff7c102bd5b 30382->30385 30386 7ff7c102b8ab 30382->30386 30392 7ff7c102b8b4 30382->30392 30383->30382 30384 7ff7c102bd94 30383->30384 30627 7ff7c10ac2a0 183 API calls 30384->30627 30626 7ff7c10ac2e0 183 API calls 30385->30626 30389 7ff7c106ca88 4 API calls 30386->30389 30389->30392 30390 7ff7c1044530 183 API calls 30390->30392 30391 7ff7c102bb2d 30391->30306 30391->30391 30392->30390 30392->30391 30394 7ff7c106a6db 30393->30394 30395 7ff7c106a68a QueryPerformanceCounter 30393->30395 30398 7ff7c0edc5d1 30394->30398 30629 7ff7c106f290 8 API calls 30394->30629 30396 7ff7c106a6b2 30395->30396 30628 7ff7c106f290 8 API calls 30396->30628 30400 7ff7c0edc830 30398->30400 30401 7ff7c0edc8cb 30400->30401 30402 7ff7c0edc857 30400->30402 30404 7ff7c0edc5ed 30401->30404 30650 7ff7c106f290 8 API calls 30401->30650 30630 7ff7c0edc960 30402->30630 30404->30329 30407 7ff7c0edc8f1 GetCurrentProcess PrefetchVirtualMemory 30408 7ff7c0edc8a1 30407->30408 30649 7ff7c0ee1c00 242 API calls 30408->30649 30410 7ff7c0edc8c1 30411 7ff7c1039010 241 API calls 30410->30411 30411->30401 30412 7ff7c0edc8b0 30412->30410 30651 7ff7c1056080 23 API calls 30412->30651 30414->30300 30415->30303 30416->30336 30417->30331 30418->30331 30419->30331 30420->30331 30421->30349 30422->30351 30423->30351 30426->30351 30427->30351 30431 7ff7c1022e93 30428->30431 30429 7ff7c0edc689 30429->30356 30429->30357 30431->30429 30458 7ff7c106f290 8 API calls 30431->30458 30433 7ff7c0eddd2c 30432->30433 30459 7ff7c101ce00 30433->30459 30435 7ff7c0eddf8c 30498 7ff7c0f0d980 30435->30498 30436 7ff7c0eddf10 30436->30435 30447 7ff7c0edde60 30436->30447 30448 7ff7c0eddf5a GetModuleHandleW GetProcAddress 30436->30448 30437 7ff7c0edde25 CreateFileW 30439 7ff7c0edde7f 30437->30439 30440 7ff7c0edde48 GetLastError 30437->30440 30438 7ff7c0eddd3a 30438->30435 30438->30436 30438->30437 30441 7ff7c0eddee1 GetLastError 30439->30441 30442 7ff7c0edde88 30439->30442 30440->30436 30440->30447 30452 7ff7c0eddeab 30441->30452 30444 7ff7c0eddef3 GetLastError 30442->30444 30445 7ff7c0edde9c 30442->30445 30443 7ff7c0edde74 SetLastError 30443->30439 30444->30445 30445->30452 30497 7ff7c0ede0b0 258 API calls 30445->30497 30447->30443 30448->30435 30449 7ff7c0eddf77 30448->30449 30449->30435 30495 7ff7c101c910 201 API calls 30452->30495 30453 7ff7c0eddeb5 30454 7ff7c0edc6b5 30453->30454 30496 7ff7c106f290 8 API calls 30453->30496 30456 7ff7c1022cf0 191 API calls 30454->30456 30456->30358 30457->30361 30458->30429 30462 7ff7c101ce5f 30459->30462 30463 7ff7c101d046 30459->30463 30460 7ff7c101d3ff 30542 7ff7c10de060 18 API calls 30460->30542 30461 7ff7c101d093 30465 7ff7c106ce70 3 API calls 30461->30465 30470 7ff7c101d0b8 30461->30470 30462->30460 30462->30461 30464 7ff7c101ceed 30462->30464 30468 7ff7c101cfe8 30462->30468 30473 7ff7c101d145 30462->30473 30463->30438 30464->30460 30467 7ff7c101cf1b QueryPerformanceCounter 30464->30467 30464->30468 30481 7ff7c101cf47 30464->30481 30475 7ff7c101d215 30465->30475 30467->30481 30468->30463 30527 7ff7c106f290 8 API calls 30468->30527 30528 7ff7c0fd9350 32 API calls 30468->30528 30543 7ff7c10d3060 8 API calls 30468->30543 30544 7ff7c10e9e00 11 API calls 30468->30544 30470->30468 30485 7ff7c101d508 30470->30485 30531 7ff7c106ca88 30470->30531 30473->30468 30529 7ff7c0edba30 6 API calls 30473->30529 30475->30470 30530 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30475->30530 30479 7ff7c101cf82 TryAcquireSRWLockExclusive 30480 7ff7c101d1f7 AcquireSRWLockExclusive 30479->30480 30479->30481 30480->30461 30481->30470 30481->30479 30482 7ff7c101cfca 30481->30482 30483 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30481->30483 30484 7ff7c101cfd2 ReleaseSRWLockExclusive 30481->30484 30486 7ff7c106ce70 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 30481->30486 30482->30484 30483->30481 30484->30468 30485->30438 30486->30481 30487 7ff7c101d397 ReleaseSRWLockExclusive 30487->30485 30489 7ff7c101d3dd 30487->30489 30488 7ff7c101d352 30488->30485 30488->30487 30541 7ff7c0edba30 6 API calls 30488->30541 30491 7ff7c106ca88 4 API calls 30489->30491 30491->30460 30492 7ff7c101d2bf 30492->30485 30492->30488 30545 7ff7c0edba30 6 API calls 30492->30545 30493 7ff7c101d38f 30493->30487 30495->30453 30496->30454 30497->30452 30499 7ff7c0f0d9f9 30498->30499 30500 7ff7c0f0d9c0 30498->30500 30502 7ff7c0f0da26 TryAcquireSRWLockExclusive 30499->30502 30517 7ff7c0f0db1d 30499->30517 30501 7ff7c106ce70 3 API calls 30500->30501 30503 7ff7c0f0d9cc 30501->30503 30504 7ff7c0f0da37 30502->30504 30502->30517 30503->30499 30505 7ff7c106ca88 4 API calls 30503->30505 30506 7ff7c0f0da4d ReleaseSRWLockExclusive 30504->30506 30508 7ff7c0f0da86 30504->30508 30509 7ff7c0f0da46 30504->30509 30507 7ff7c0f0d9df 30505->30507 30510 7ff7c0f0db7e 30506->30510 30511 7ff7c0f0da63 30506->30511 30561 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30507->30561 30512 7ff7c106ca88 4 API calls 30508->30512 30509->30506 30565 7ff7c106f290 8 API calls 30510->30565 30515 7ff7c0f0da79 30511->30515 30562 7ff7c106f290 8 API calls 30511->30562 30516 7ff7c0f0da90 30512->30516 30515->30447 30563 7ff7c0eff370 RtlCaptureStackBackTrace 30516->30563 30517->30447 30518 7ff7c0f0db8b 30521 7ff7c0f0dab6 30521->30517 30522 7ff7c106ce70 3 API calls 30521->30522 30523 7ff7c0f0daf0 30522->30523 30523->30517 30524 7ff7c106ca88 4 API calls 30523->30524 30525 7ff7c0f0db03 30524->30525 30564 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30525->30564 30527->30468 30528->30468 30529->30468 30534 7ff7c106ca93 30531->30534 30533 7ff7c106caac 30533->30492 30534->30533 30536 7ff7c106cab2 30534->30536 30546 7ff7c1080b28 30534->30546 30549 7ff7c0f6ead0 30534->30549 30540 7ff7c106cabd 30536->30540 30553 7ff7c106eb98 RtlPcToFileHeader RaiseException 30536->30553 30539 7ff7c106cac3 30554 7ff7c106ebb8 RtlPcToFileHeader RaiseException 30540->30554 30541->30493 30542->30468 30543->30468 30544->30468 30545->30488 30555 7ff7c106caec 30546->30555 30551 7ff7c0f6eadf 30549->30551 30550 7ff7c0f6eb0c 30550->30534 30551->30550 30552 7ff7c106caec 2 API calls 30551->30552 30552->30551 30554->30539 30560 7ff7c1097698 EnterCriticalSection 30555->30560 30557 7ff7c106caf9 30558 7ff7c10976b4 LeaveCriticalSection 30557->30558 30559 7ff7c106cb1a 30558->30559 30559->30534 30562->30515 30563->30521 30565->30518 30566->30370 30572 7ff7c0fd8cae 30567->30572 30573 7ff7c0fd8da4 30567->30573 30568 7ff7c0fd8ee2 30569 7ff7c106ce70 3 API calls 30568->30569 30601 7ff7c0fd8e19 30568->30601 30583 7ff7c0fd9056 30569->30583 30571 7ff7c0fd8ea5 30571->30371 30572->30568 30572->30573 30576 7ff7c0fd8d78 QueryPerformanceCounter 30572->30576 30596 7ff7c0fd8e45 30572->30596 30610 7ff7c0fd9221 30572->30610 30577 7ff7c0fd8ddf TryAcquireSRWLockExclusive 30573->30577 30582 7ff7c106ce70 3 API calls 30573->30582 30576->30573 30580 7ff7c0fd8df4 30577->30580 30581 7ff7c0fd9038 AcquireSRWLockExclusive 30577->30581 30578 7ff7c0fd8f3e 30585 7ff7c0fd90c8 30578->30585 30587 7ff7c0fd8e27 30578->30587 30593 7ff7c106ce70 3 API calls 30580->30593 30580->30601 30581->30568 30590 7ff7c0fd8fda 30582->30590 30583->30601 30620 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30583->30620 30589 7ff7c0fd92fe 30585->30589 30592 7ff7c106ca88 4 API calls 30585->30592 30586 7ff7c106ce70 3 API calls 30588 7ff7c0fd909f 30586->30588 30594 7ff7c0fd8e2f ReleaseSRWLockExclusive 30587->30594 30587->30596 30588->30578 30621 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30588->30621 30589->30371 30590->30577 30618 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30590->30618 30603 7ff7c0fd90f4 30592->30603 30598 7ff7c0fd900f 30593->30598 30594->30596 30596->30571 30615 7ff7c106f290 8 API calls 30596->30615 30616 7ff7c0fd9350 32 API calls 30596->30616 30617 7ff7c0edba30 6 API calls 30596->30617 30624 7ff7c10e9e00 11 API calls 30596->30624 30598->30601 30619 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30598->30619 30601->30578 30601->30586 30601->30587 30601->30596 30602 7ff7c0fd91c5 ReleaseSRWLockExclusive 30602->30589 30605 7ff7c0fd9200 30602->30605 30603->30589 30604 7ff7c0fd9181 30603->30604 30625 7ff7c0edba30 6 API calls 30603->30625 30604->30589 30604->30602 30622 7ff7c0edba30 6 API calls 30604->30622 30607 7ff7c106ca88 4 API calls 30605->30607 30607->30610 30609 7ff7c0fd91bd 30609->30602 30623 7ff7c10de060 18 API calls 30610->30623 30611->30377 30612->30377 30614->30377 30615->30596 30616->30596 30617->30596 30622->30609 30623->30596 30624->30596 30625->30604 30628->30398 30629->30396 30631 7ff7c0edc983 30630->30631 30632 7ff7c0edc9e6 30630->30632 30635 7ff7c0edca3b 30631->30635 30636 7ff7c1022e70 8 API calls 30631->30636 30633 7ff7c0edc89d 30632->30633 30681 7ff7c106f290 8 API calls 30632->30681 30633->30407 30633->30408 30638 7ff7c0edca55 SetLastError 30635->30638 30637 7ff7c0edc9a2 30636->30637 30637->30638 30639 7ff7c0edc9aa 30637->30639 30640 7ff7c0edc9da 30638->30640 30641 7ff7c0eddcc0 270 API calls 30639->30641 30640->30632 30652 7ff7c0ee3c70 30640->30652 30643 7ff7c0edc9d2 30641->30643 30680 7ff7c1022cf0 191 API calls 30643->30680 30646 7ff7c0edca25 30682 7ff7c0ee1c00 242 API calls 30646->30682 30648 7ff7c0edca2d 30648->30632 30649->30412 30650->30404 30653 7ff7c0ee3ce5 30652->30653 30654 7ff7c0fd8c50 54 API calls 30653->30654 30655 7ff7c0ee3cf2 30654->30655 30656 7ff7c0ee4047 30655->30656 30658 7ff7c0ee3ded 30655->30658 30660 7ff7c0ee3d28 CreateFileMappingW 30655->30660 30661 7ff7c0ee3e4a 30655->30661 30687 7ff7c10d3060 8 API calls 30656->30687 30684 7ff7c101c910 201 API calls 30658->30684 30662 7ff7c0ee3d54 GetLastError 30660->30662 30663 7ff7c0ee3d90 30660->30663 30661->30658 30670 7ff7c0ee4003 30661->30670 30672 7ff7c0ee4071 30661->30672 30665 7ff7c0ee3d6e 30662->30665 30662->30670 30663->30661 30669 7ff7c0ee3dad 30663->30669 30679 7ff7c0ee3de0 30663->30679 30664 7ff7c0ee3df7 30666 7ff7c0edca1f 30664->30666 30685 7ff7c106f290 8 API calls 30664->30685 30668 7ff7c0ee3d83 SetLastError 30665->30668 30666->30632 30666->30646 30668->30663 30683 7ff7c0ee40e0 238 API calls 30669->30683 30686 7ff7c1056080 23 API calls 30670->30686 30688 7ff7c10d3060 8 API calls 30672->30688 30674 7ff7c0ee3db5 30674->30658 30677 7ff7c0ee3dbc MapViewOfFile 30674->30677 30677->30679 30678 7ff7c0ee40d3 30678->30678 30679->30658 30680->30640 30681->30633 30682->30648 30683->30674 30684->30664 30685->30666 30687->30672 30688->30678 31034 7ff7c0edb1d0 197 API calls 31102 7ff7c0ed9cd0 12 API calls 31103 7ff7c0ee1cd0 190 API calls 31036 7ff7c0eda9d2 8 API calls 31105 7ff7c1014370 198 API calls 30951 7ff7c109636c GetLastError 30952 7ff7c10963ad FlsSetValue 30951->30952 30957 7ff7c1096390 30951->30957 30953 7ff7c10963bf 30952->30953 30954 7ff7c109639d 30952->30954 30956 7ff7c0f6eba0 55 API calls 30953->30956 30955 7ff7c1096419 SetLastError 30954->30955 30958 7ff7c10963ce 30956->30958 30957->30952 30957->30954 30959 7ff7c10963ec FlsSetValue 30958->30959 30960 7ff7c10963dc FlsSetValue 30958->30960 30961 7ff7c10963f8 FlsSetValue 30959->30961 30962 7ff7c109640a 30959->30962 30960->30954 30961->30954 30964 7ff7c1096588 EnterCriticalSection LeaveCriticalSection 30962->30964 30964->30954 31108 7ff7c0ed24c3 186 API calls 31039 7ff7c0ee1bc0 244 API calls 31040 7ff7c10d3c60 207 API calls 31041 7ff7c0ee95c0 25 API calls 31044 7ff7c0ee25b7 ReleaseSRWLockExclusive 31112 7ff7c0ed90b0 147 API calls 31046 7ff7c0ed63b0 186 API calls 30872 7ff7c106d988 30877 7ff7c10961f4 GetLastError 30872->30877 30878 7ff7c1096235 FlsSetValue 30877->30878 30879 7ff7c1096218 FlsGetValue 30877->30879 30881 7ff7c1096247 30878->30881 30890 7ff7c1096225 30878->30890 30880 7ff7c109622f 30879->30880 30879->30890 30880->30878 30899 7ff7c0f6eba0 30881->30899 30882 7ff7c10962a1 SetLastError 30884 7ff7c10962c1 30882->30884 30885 7ff7c106d991 30882->30885 30905 7ff7c108795c 101 API calls 30884->30905 30895 7ff7c1096878 30885->30895 30887 7ff7c1096274 FlsSetValue 30891 7ff7c1096280 FlsSetValue 30887->30891 30892 7ff7c1096292 30887->30892 30888 7ff7c1096264 FlsSetValue 30888->30890 30890->30882 30891->30890 30904 7ff7c1096588 EnterCriticalSection LeaveCriticalSection 30892->30904 30893 7ff7c10962c6 30896 7ff7c106d9aa 30895->30896 30897 7ff7c109688d 30895->30897 30897->30896 30938 7ff7c109b2e0 30897->30938 30902 7ff7c0f6ebb3 30899->30902 30900 7ff7c0f6ebe1 30900->30887 30900->30888 30901 7ff7c106caec 2 API calls 30901->30902 30902->30900 30902->30901 30906 7ff7c0ed94a0 30902->30906 30904->30890 30905->30893 30920 7ff7c0ed95f9 30906->30920 30925 7ff7c0ed94ca 30906->30925 30907 7ff7c0ed9948 30908 7ff7c0ed9a12 ReleaseSRWLockExclusive 30907->30908 30912 7ff7c0ed9854 30907->30912 30922 7ff7c0ed9a2f 30907->30922 30908->30912 30909 7ff7c0ed9814 TryAcquireSRWLockExclusive 30910 7ff7c0ed983f 30909->30910 30911 7ff7c0ed9837 30909->30911 30910->30912 30928 7ff7c0f914c0 30910->30928 30936 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30911->30936 30917 7ff7c0ed98ca ReleaseSRWLockExclusive 30912->30917 30912->30922 30916 7ff7c0ed969a 30916->30902 30917->30920 30918 7ff7c0ed970c TryAcquireSRWLockExclusive 30918->30925 30920->30916 30932 7ff7c106f290 8 API calls 30920->30932 30924 7ff7c0ed9996 30926 7ff7c0f914c0 8 API calls 30924->30926 30925->30907 30925->30909 30925->30918 30925->30920 30925->30922 30925->30924 30927 7ff7c0ed97a3 ReleaseSRWLockExclusive 30925->30927 30933 7ff7c0f75870 12 API calls 30925->30933 30934 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30925->30934 30935 7ff7c0f745e0 61 API calls 30925->30935 30926->30907 30927->30925 30929 7ff7c0f916ca 30928->30929 30930 7ff7c0f9177e 30929->30930 30937 7ff7c106f290 8 API calls 30929->30937 30930->30907 30932->30916 30933->30925 30934->30925 30935->30925 30936->30910 30937->30930 30939 7ff7c10961f4 101 API calls 30938->30939 30940 7ff7c109b2ef 30939->30940 30941 7ff7c109b33a 30940->30941 30948 7ff7c1097698 EnterCriticalSection 30940->30948 30941->30896 30943 7ff7c109b318 30944 7ff7c10976b4 LeaveCriticalSection 30943->30944 30945 7ff7c109b335 30944->30945 30945->30941 30946 7ff7c108795c 101 API calls 30945->30946 30947 7ff7c109b34d 30946->30947 31048 7ff7c1088a8c 102 API calls 31050 7ff7c0edadaa 198 API calls 31051 7ff7c0edada4 197 API calls 31053 7ff7c10d3880 197 API calls 31054 7ff7c0f0ca90 185 API calls 31116 7ff7c107ad84 103 API calls 31055 7ff7c106fa80 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31056 7ff7c0edd390 326 API calls 31117 7ff7c0ed3c90 191 API calls 31058 7ff7c0ee1980 190 API calls 31059 7ff7c0eded80 192 API calls 31121 7ff7c0edaa80 201 API calls 31122 7ff7c0edca80 186 API calls 31123 7ff7c0ee5680 31 API calls 30689 7ff7c0ed1b80 30695 7ff7c0ed1b84 30689->30695 30690 7ff7c0ed1d6a TryAcquireSRWLockExclusive 30691 7ff7c0ed1d82 30690->30691 30692 7ff7c0ed1d8a 30690->30692 30741 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30691->30741 30694 7ff7c0ed1ebf 30692->30694 30703 7ff7c0ed1ddf 30692->30703 30744 7ff7c106cacc 61 API calls 30694->30744 30695->30690 30696 7ff7c0ed1d47 30695->30696 30697 7ff7c0ed1e32 30695->30697 30698 7ff7c0ed1d1e 30695->30698 30700 7ff7c0ed1c78 30695->30700 30711 7ff7c0ed1d2b 30695->30711 30696->30690 30696->30694 30743 7ff7c0f75b20 61 API calls 30697->30743 30698->30711 30742 7ff7c0f75c40 61 API calls 30698->30742 30700->30697 30700->30698 30701 7ff7c0ed1efb 30745 7ff7c106cacc 61 API calls 30701->30745 30707 7ff7c0ed1e08 ReleaseSRWLockExclusive 30703->30707 30726 7ff7c0f75e70 30703->30726 30707->30698 30709 7ff7c0ed1e2d 30710 7ff7c0ed1f02 GetLastError SetLastError 30712 7ff7c0ed1f39 30710->30712 30746 7ff7c0ed2590 190 API calls 30712->30746 30714 7ff7c0ed2048 30747 7ff7c0ed8e90 190 API calls 30714->30747 30716 7ff7c0ed227b 30719 7ff7c0ed2294 30716->30719 30720 7ff7c0ed23b6 30716->30720 30717 7ff7c0ed2050 30717->30716 30749 7ff7c106cb24 127 API calls 30717->30749 30722 7ff7c0ed22a5 SetLastError 30719->30722 30750 7ff7c10d56d0 11 API calls 30720->30750 30748 7ff7c106cacc 61 API calls 30722->30748 30723 7ff7c0ed23c6 30723->30723 30725 7ff7c0ed22b7 30727 7ff7c0f75e98 30726->30727 30728 7ff7c0f761fb 30727->30728 30729 7ff7c0f76137 ReleaseSRWLockExclusive 30727->30729 30734 7ff7c0f75ef2 30727->30734 30737 7ff7c0f75fa3 30727->30737 30733 7ff7c0f761cd 30729->30733 30730 7ff7c0ed1eba 30730->30707 30752 7ff7c0f76310 61 API calls 30733->30752 30734->30737 30739 7ff7c0f76084 VirtualFree 30734->30739 30736 7ff7c0f761e4 30753 7ff7c0f763d0 TryAcquireSRWLockExclusive 30736->30753 30737->30730 30751 7ff7c106f290 8 API calls 30737->30751 30739->30737 30740 7ff7c0f76100 GetLastError 30739->30740 30740->30728 30740->30737 30741->30692 30742->30709 30743->30711 30744->30701 30745->30710 30746->30714 30747->30717 30748->30725 30749->30717 30750->30723 30751->30730 30752->30736 30753->30737 31124 7ff7c0ed2680 103 API calls 31126 7ff7c100bda0 204 API calls 31060 7ff7c0edff77 10 API calls 31128 7ff7c0edbe70 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 31129 7ff7c0ee8070 213 API calls 30965 7ff7c0ee3e67 30966 7ff7c0ee3e9f 30965->30966 30967 7ff7c0fd8c50 54 API calls 30966->30967 30968 7ff7c0ee3eac 30967->30968 30969 7ff7c0ee40a6 30968->30969 30970 7ff7c0ee3ee7 CreateFileMappingW 30968->30970 30981 7ff7c0ee3ed3 30968->30981 30992 7ff7c10d3060 8 API calls 30969->30992 30972 7ff7c0ee3f12 GetLastError 30970->30972 30973 7ff7c0ee3f4d 30970->30973 30976 7ff7c0ee402c 30972->30976 30977 7ff7c0ee3f2e 30972->30977 30978 7ff7c0ee3f5b MapViewOfFile 30973->30978 30973->30981 30974 7ff7c0ee40d3 30974->30974 30991 7ff7c1056080 23 API calls 30976->30991 30980 7ff7c0ee3f41 SetLastError 30977->30980 30978->30981 30979 7ff7c0ee3ded 30988 7ff7c101c910 201 API calls 30979->30988 30980->30973 30990 7ff7c101c910 201 API calls 30981->30990 30985 7ff7c0ee3df7 30986 7ff7c0ee3e10 30985->30986 30989 7ff7c106f290 8 API calls 30985->30989 30988->30985 30989->30986 30990->30979 30992->30974 30754 7ff7c0ed3660 30755 7ff7c0ed3678 30754->30755 30756 7ff7c0f7a189 TryAcquireSRWLockExclusive 30755->30756 30768 7ff7c0f7a416 30755->30768 30788 7ff7c0f7a42f 30755->30788 30758 7ff7c0f7a1d7 30756->30758 30764 7ff7c0f7a1df 30756->30764 30808 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30758->30808 30759 7ff7c0f7acdc ReleaseSRWLockExclusive 30759->30788 30761 7ff7c0f7aa6c TryAcquireSRWLockExclusive 30761->30788 30763 7ff7c0f7abca 30769 7ff7c0f7abd0 ReleaseSRWLockExclusive 30763->30769 30764->30763 30767 7ff7c0f7a1fe 30764->30767 30764->30768 30765 7ff7c0f7a3e8 30766 7ff7c0f7a401 30765->30766 30811 7ff7c106f290 8 API calls 30765->30811 30772 7ff7c0f7a5de 30767->30772 30773 7ff7c0f7a214 ReleaseSRWLockExclusive 30767->30773 30812 7ff7c0f746f0 63 API calls 30768->30812 30820 7ff7c0f93690 19 API calls 30769->30820 30770 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30770->30788 30798 7ff7c0f74130 30772->30798 30809 7ff7c0f743f0 61 API calls 30773->30809 30775 7ff7c0f914c0 8 API calls 30775->30788 30779 7ff7c0f7a94d TryAcquireSRWLockExclusive 30779->30788 30781 7ff7c0f7ab19 ReleaseSRWLockExclusive 30781->30788 30783 7ff7c0f7a774 TryAcquireSRWLockExclusive 30785 7ff7c0f7a798 30783->30785 30783->30788 30784 7ff7c0f7a5cb 30816 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30785->30816 30786 7ff7c0f7a9ee ReleaseSRWLockExclusive 30786->30788 30788->30759 30788->30761 30788->30763 30788->30765 30788->30769 30788->30770 30788->30775 30788->30779 30788->30781 30788->30784 30788->30786 30791 7ff7c0f7a828 ReleaseSRWLockExclusive 30788->30791 30817 7ff7c0f93690 19 API calls 30788->30817 30818 7ff7c0f75870 12 API calls 30788->30818 30819 7ff7c0f745e0 61 API calls 30788->30819 30790 7ff7c0f7a651 TryAcquireSRWLockExclusive 30793 7ff7c0f7a22e 30790->30793 30791->30788 30793->30765 30793->30783 30793->30784 30793->30788 30793->30790 30795 7ff7c0f7a3bd 30793->30795 30796 7ff7c0f7a6f8 ReleaseSRWLockExclusive 30793->30796 30813 7ff7c0f75870 12 API calls 30793->30813 30814 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30793->30814 30815 7ff7c0f745e0 61 API calls 30793->30815 30810 7ff7c0f746f0 63 API calls 30795->30810 30796->30793 30799 7ff7c0f7419d ReleaseSRWLockExclusive 30798->30799 30800 7ff7c0f7416b 30798->30800 30799->30765 30799->30793 30800->30799 30801 7ff7c0f74204 VirtualFree 30800->30801 30803 7ff7c0f74236 30800->30803 30806 7ff7c0f74311 30800->30806 30802 7ff7c0f74228 GetLastError 30801->30802 30801->30803 30802->30803 30804 7ff7c0f743e1 30802->30804 30803->30799 30852 7ff7c0f745e0 61 API calls 30803->30852 30806->30799 30806->30803 30821 7ff7c0f76450 30806->30821 30808->30764 30809->30793 30810->30765 30811->30766 30812->30765 30813->30793 30814->30793 30815->30793 30816->30788 30817->30788 30818->30788 30819->30788 30820->30784 30822 7ff7c0f7645f 30821->30822 30823 7ff7c0f76534 30822->30823 30866 7ff7c0f93750 63 API calls 30822->30866 30853 7ff7c0f767a0 30823->30853 30826 7ff7c0f7654f 30827 7ff7c0f76580 30826->30827 30828 7ff7c0f7674a 30826->30828 30829 7ff7c0f76567 VirtualFree 30826->30829 30827->30828 30867 7ff7c0f93750 63 API calls 30827->30867 30828->30803 30829->30827 30829->30828 30831 7ff7c0f7658d 30832 7ff7c0f767a0 10 API calls 30831->30832 30833 7ff7c0f765b3 30832->30833 30833->30828 30834 7ff7c0f765e4 30833->30834 30835 7ff7c0f765cb VirtualFree 30833->30835 30834->30828 30868 7ff7c0f93750 63 API calls 30834->30868 30835->30828 30835->30834 30837 7ff7c0f765f1 30838 7ff7c0f767a0 10 API calls 30837->30838 30839 7ff7c0f76617 30838->30839 30839->30828 30840 7ff7c0f76648 30839->30840 30841 7ff7c0f7662f VirtualFree 30839->30841 30840->30828 30869 7ff7c0f93750 63 API calls 30840->30869 30841->30828 30841->30840 30843 7ff7c0f7665a 30843->30828 30844 7ff7c0f767a0 10 API calls 30843->30844 30846 7ff7c0f7667f 30844->30846 30845 7ff7c0f766c8 VirtualFree 30845->30828 30845->30846 30846->30828 30846->30845 30847 7ff7c0f766f3 VirtualAlloc 30846->30847 30848 7ff7c0f7671a GetLastError 30847->30848 30849 7ff7c0f7673f 30847->30849 30850 7ff7c0f767a0 10 API calls 30848->30850 30849->30828 30851 7ff7c0f76736 30850->30851 30851->30846 30851->30849 30852->30799 30854 7ff7c0f767b7 VirtualAlloc 30853->30854 30855 7ff7c0f76866 TryAcquireSRWLockExclusive 30853->30855 30856 7ff7c0f767fd GetLastError 30854->30856 30860 7ff7c0f767e1 30854->30860 30857 7ff7c0f76885 30855->30857 30858 7ff7c0f76891 ReleaseSRWLockExclusive 30855->30858 30856->30860 30861 7ff7c0f76812 TryAcquireSRWLockExclusive 30856->30861 30871 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30857->30871 30858->30826 30860->30826 30862 7ff7c0f76823 30861->30862 30863 7ff7c0f7682f ReleaseSRWLockExclusive VirtualAlloc 30861->30863 30870 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30862->30870 30863->30860 30865 7ff7c0f76858 GetLastError 30863->30865 30865->30860 30866->30823 30867->30831 30868->30837 30869->30843 30870->30863 30871->30858 31131 7ff7c0ed2660 190 API calls 31066 7ff7c0ee4353 197 API calls 31067 7ff7c10a8af0 201 API calls 30950 7ff7c0edc99a 283 API calls 31134 7ff7c0edcbd6 21 API calls 31135 7ff7c0ee724e 209 API calls 31136 7ff7c0ed3247 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31072 7ff7c0fd70f0 63 API calls 31137 7ff7c10d39e0 223 API calls 31138 7ff7c10391e0 190 API calls 31073 7ff7c0ee3b3d 215 API calls 31140 7ff7c0ed7e2f 18 API calls 31143 7ff7c0ed2283 63 API calls 31144 7ff7c10aaa00 137 API calls 31077 7ff7c0ed9320 27 API calls 31145 7ff7c0ee7620 14 API calls 31146 7ff7c1081204 101 API calls

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00007FF7C0EDDCC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 200filelibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 99 7ff7c0eddcc0-7ff7c0eddd75 call 7ff7c1003460 call 7ff7c101ce00 104 7ff7c0eddf9b-7ff7c0eddf9c 99->104 105 7ff7c0eddd7b-7ff7c0eddd9d 99->105 108 7ff7c0eddf9e-7ff7c0eddf9f 104->108 106 7ff7c0eddda3-7ff7c0edde20 105->106 107 7ff7c0eddf10-7ff7c0eddf14 105->107 110 7ff7c0edde25-7ff7c0edde46 CreateFileW 106->110 111 7ff7c0edde22 106->111 107->108 112 7ff7c0eddf1a 107->112 109 7ff7c0eddfa1-7ff7c0eddfa3 108->109 113 7ff7c0eddf8c 109->113 114 7ff7c0edde7f-7ff7c0edde86 110->114 115 7ff7c0edde48-7ff7c0edde5a GetLastError 110->115 111->110 116 7ff7c0eddf26-7ff7c0eddf36 call 7ff7c0fd74f0 112->116 120 7ff7c0eddf8e-7ff7c0eddf93 call 7ff7c0f0d980 113->120 118 7ff7c0eddee1-7ff7c0eddef1 GetLastError call 7ff7c0eddfb0 114->118 119 7ff7c0edde88-7ff7c0edde9a 114->119 115->116 117 7ff7c0edde60-7ff7c0edde6a 115->117 134 7ff7c0eddf38-7ff7c0eddf55 116->134 135 7ff7c0eddf5a-7ff7c0eddf75 GetModuleHandleW GetProcAddress 116->135 121 7ff7c0edde74-7ff7c0edde7c SetLastError 117->121 122 7ff7c0edde6c-7ff7c0edde6f call 7ff7c0fd74f0 117->122 136 7ff7c0eddeab-7ff7c0eddec7 call 7ff7c101c910 118->136 124 7ff7c0eddef3-7ff7c0eddf02 GetLastError 119->124 125 7ff7c0edde9c-7ff7c0edde9f 119->125 120->134 121->114 122->121 131 7ff7c0eddea5-7ff7c0eddea9 124->131 125->131 132 7ff7c0eddea1 125->132 131->136 137 7ff7c0eddf04-7ff7c0eddf0e call 7ff7c0ede0b0 131->137 132->131 134->117 135->109 138 7ff7c0eddf77-7ff7c0eddf81 135->138 146 7ff7c0eddecf-7ff7c0eddee0 136->146 147 7ff7c0eddec9-7ff7c0eddece call 7ff7c106f290 136->147 137->136 142 7ff7c0eddf83-7ff7c0eddf89 138->142 143 7ff7c0eddf95-7ff7c0eddf99 138->143 142->113 143->120 147->146
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: QueryPerformanceCounter.KERNEL32 ref: 00007FF7C101CF29
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CF89
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CFD9
                                                                                                                                                                                  • CreateFileW.KERNELBASE ref: 00007FF7C0EDDE3A
                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF7C0EDDE48
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,chrome.dll), ref: 00007FF7C0EDDE76
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,chrome.dll), ref: 00007FF7C0EDDEE1
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,chrome.dll), ref: 00007FF7C0EDDEF3
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32 ref: 00007FF7C0EDDF5C
                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00007FF7C0EDDF6C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$ExclusiveLock$AcquireAddressCounterCreateFileHandleModulePerformanceProcQueryRelease
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$DoInitialize$GetHandleVerifier$chrome.dll
                                                                                                                                                                                  • API String ID: 3329152108-1597322536
                                                                                                                                                                                  • Opcode ID: 0cd5c99745ac3dc7b7e7c5eb1476276c80daf932414559da515ba4cd568303ff
                                                                                                                                                                                  • Instruction ID: 1987ae746a0075f6a9236762581423ca3ad0e32b39df46009f0ed6883f18f99c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cd5c99745ac3dc7b7e7c5eb1476276c80daf932414559da515ba4cd568303ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: A471FE21B1C64682FB25BF15A455BB8A791FB91BA0F885434DE0E87B90CF7CF455C3A0
                                                                                                                                                                                  Function 00007FF7C0ED94A0 Relevance: 7.9, APIs: 5, Instructions: 355COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 403 7ff7c0ed94a0-7ff7c0ed94c4 404 7ff7c0ed96ae-7ff7c0ed96af 403->404 405 7ff7c0ed94ca-7ff7c0ed94d7 403->405 406 7ff7c0ed96b6 call 7ff7c0f7a090 404->406 405->406 407 7ff7c0ed94dd-7ff7c0ed94eb 405->407 412 7ff7c0ed96bb 406->412 409 7ff7c0ed94f1-7ff7c0ed954e 407->409 410 7ff7c0ed9a07-7ff7c0ed9a08 407->410 413 7ff7c0ed9550-7ff7c0ed9568 409->413 414 7ff7c0ed956a-7ff7c0ed9573 409->414 411 7ff7c0ed9a0a-7ff7c0ed9a0d 410->411 415 7ff7c0ed9a12-7ff7c0ed9a18 ReleaseSRWLockExclusive 411->415 418 7ff7c0ed96c3-7ff7c0ed96e0 412->418 413->414 416 7ff7c0ed9814-7ff7c0ed9835 TryAcquireSRWLockExclusive 414->416 417 7ff7c0ed9579-7ff7c0ed9593 414->417 428 7ff7c0ed9a1f-7ff7c0ed9a24 415->428 419 7ff7c0ed983f-7ff7c0ed984e 416->419 420 7ff7c0ed9837-7ff7c0ed983a call 7ff7c0eee950 416->420 421 7ff7c0ed9595 call 7ff7c106eb48 417->421 422 7ff7c0ed959a-7ff7c0ed95b8 417->422 429 7ff7c0ed967e 418->429 423 7ff7c0ed9854-7ff7c0ed9873 419->423 424 7ff7c0ed9917-7ff7c0ed9943 call 7ff7c0f914c0 419->424 420->419 421->422 426 7ff7c0ed97ff-7ff7c0ed980e call 7ff7c0f745e0 422->426 427 7ff7c0ed95be-7ff7c0ed95c2 422->427 431 7ff7c0ed9a2f-7ff7c0ed9a30 423->431 432 7ff7c0ed9879-7ff7c0ed98c5 423->432 442 7ff7c0ed9948-7ff7c0ed994b 424->442 426->416 433 7ff7c0ed95c8-7ff7c0ed95d7 426->433 427->416 427->433 436 7ff7c0ed998b-7ff7c0ed9991 428->436 437 7ff7c0ed9684-7ff7c0ed9693 429->437 444 7ff7c0ed9a32-7ff7c0ed9a33 431->444 445 7ff7c0ed98ca-7ff7c0ed990c ReleaseSRWLockExclusive 432->445 440 7ff7c0ed9704-7ff7c0ed9708 433->440 441 7ff7c0ed95dd-7ff7c0ed95f3 433->441 436->445 438 7ff7c0ed9695-7ff7c0ed969a call 7ff7c106f290 437->438 439 7ff7c0ed969b-7ff7c0ed96ad 437->439 438->439 446 7ff7c0ed970c-7ff7c0ed972a TryAcquireSRWLockExclusive 440->446 449 7ff7c0ed96e2-7ff7c0ed96fc call 7ff7c0f75870 441->449 450 7ff7c0ed95f9 441->450 442->411 453 7ff7c0ed9951-7ff7c0ed9970 442->453 454 7ff7c0ed9a35-7ff7c0ed9a36 444->454 451 7ff7c0ed9912 445->451 452 7ff7c0ed965a-7ff7c0ed9662 call 7ff7c10a8720 445->452 455 7ff7c0ed9734-7ff7c0ed9744 446->455 456 7ff7c0ed972c-7ff7c0ed972f call 7ff7c0eee950 446->456 458 7ff7c0ed95fd-7ff7c0ed9658 449->458 474 7ff7c0ed9702 449->474 450->458 459 7ff7c0ed9667-7ff7c0ed966b 451->459 452->459 453->454 461 7ff7c0ed9976-7ff7c0ed997c 453->461 463 7ff7c0ed9a38-7ff7c0ed9a3b 454->463 465 7ff7c0ed9996-7ff7c0ed99ca call 7ff7c0f914c0 455->465 466 7ff7c0ed974a-7ff7c0ed9769 455->466 456->455 458->452 458->459 459->437 468 7ff7c0ed966d-7ff7c0ed9674 459->468 461->428 467 7ff7c0ed9982-7ff7c0ed9987 461->467 476 7ff7c0ed9a0f 465->476 477 7ff7c0ed99cc-7ff7c0ed99eb 465->477 466->444 470 7ff7c0ed976f-7ff7c0ed97f4 ReleaseSRWLockExclusive 466->470 467->436 468->418 472 7ff7c0ed9676-7ff7c0ed967a 468->472 470->426 472->429 474->446 476->415 477->463 479 7ff7c0ed99ed-7ff7c0ed99f2 477->479 480 7ff7c0ed99f4-7ff7c0ed99f8 479->480 481 7ff7c0ed9a29-7ff7c0ed9a2d 479->481 482 7ff7c0ed99fc-7ff7c0ed99ff 480->482 481->482 482->410
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: f553015655abf721a4e02bec845a4e1b7a8a300cb897d197ecb37415c9be64fe
                                                                                                                                                                                  • Instruction ID: 12d45c5fe993ab84c4a963bc13e30826d83de05ae6c4668b870ff23f2c7dfcf7
                                                                                                                                                                                  • Opcode Fuzzy Hash: f553015655abf721a4e02bec845a4e1b7a8a300cb897d197ecb37415c9be64fe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E1B032A08B4586EB14EF25E854279B7A1FB48BB4F894231DA6E837D4DF3DE445C360
                                                                                                                                                                                  Function 00007FF7C0F76450 Relevance: 7.7, APIs: 6, Instructions: 229COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 483 7ff7c0f76450-7ff7c0f76459 484 7ff7c0f764e9-7ff7c0f76527 483->484 485 7ff7c0f7645f-7ff7c0f76473 483->485 486 7ff7c0f7653d-7ff7c0f7654a call 7ff7c0f767a0 484->486 487 7ff7c0f76529-7ff7c0f7653a call 7ff7c0f93750 484->487 485->484 491 7ff7c0f7654f-7ff7c0f76552 486->491 487->486 492 7ff7c0f76757-7ff7c0f7675a 491->492 493 7ff7c0f76558-7ff7c0f76561 491->493 494 7ff7c0f76588-7ff7c0f765b6 call 7ff7c0f93750 call 7ff7c0f767a0 492->494 495 7ff7c0f76760 492->495 496 7ff7c0f76567-7ff7c0f7657a VirtualFree 493->496 497 7ff7c0f76763-7ff7c0f76776 493->497 505 7ff7c0f765bc-7ff7c0f765c5 494->505 506 7ff7c0f76741-7ff7c0f76744 494->506 495->497 498 7ff7c0f7678a-7ff7c0f7678b 496->498 499 7ff7c0f76580 496->499 501 7ff7c0f7678d-7ff7c0f76790 498->501 499->494 505->497 507 7ff7c0f765cb-7ff7c0f765de VirtualFree 505->507 508 7ff7c0f765ec-7ff7c0f7661a call 7ff7c0f93750 call 7ff7c0f767a0 506->508 509 7ff7c0f7674a 506->509 507->498 510 7ff7c0f765e4 507->510 515 7ff7c0f7674c-7ff7c0f7674f 508->515 516 7ff7c0f76620-7ff7c0f76629 508->516 509->495 510->508 518 7ff7c0f76755 515->518 519 7ff7c0f76650-7ff7c0f76669 call 7ff7c0f93750 515->519 516->497 517 7ff7c0f7662f-7ff7c0f76642 VirtualFree 516->517 517->498 520 7ff7c0f76648 517->520 518->495 519->501 523 7ff7c0f7666f-7ff7c0f76682 call 7ff7c0f767a0 519->523 520->519 523->497 526 7ff7c0f76688-7ff7c0f7668e 523->526 527 7ff7c0f76690-7ff7c0f766c2 526->527 528 7ff7c0f766c8-7ff7c0f766db VirtualFree 527->528 529 7ff7c0f7677f-7ff7c0f76782 527->529 530 7ff7c0f76784-7ff7c0f76785 528->530 531 7ff7c0f766e1-7ff7c0f766ed 528->531 529->497 532 7ff7c0f76787-7ff7c0f76788 530->532 531->532 533 7ff7c0f766f3-7ff7c0f76718 VirtualAlloc 531->533 532->498 534 7ff7c0f7671a-7ff7c0f76739 GetLastError call 7ff7c0f767a0 533->534 535 7ff7c0f76777 533->535 534->527 538 7ff7c0f7673f 534->538 535->529 538->497
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76572
                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F765D6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                  • Opcode ID: 194675e2e99414a8811d657dfa2e25dcdc2f047f1ac8ba3c8209b07d08d130b1
                                                                                                                                                                                  • Instruction ID: 3a2b19aa73f8e5b5e822c6a3985e486398cca456ff70ae244f9d2fc8fedee716
                                                                                                                                                                                  • Opcode Fuzzy Hash: 194675e2e99414a8811d657dfa2e25dcdc2f047f1ac8ba3c8209b07d08d130b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E51D611B1D62242FE18AF66590963D9A897F45FF8FC44834ED0E87B90EF7CF44286A1
                                                                                                                                                                                  Function 00007FF7C0EDC0D0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 260libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 7ff7c0edc0d0-7ff7c0edc104 call 7ff7c1023070 3 7ff7c0edc113-7ff7c0edc147 call 7ff7c1023070 0->3 4 7ff7c0edc106-7ff7c0edc10e call 7ff7c106cac4 0->4 8 7ff7c0edc153-7ff7c0edc1a3 call 7ff7c0edc660 call 7ff7c1039010 3->8 9 7ff7c0edc149-7ff7c0edc14e call 7ff7c106cac4 3->9 4->3 15 7ff7c0edc381-7ff7c0edc396 call 7ff7c101e890 8->15 16 7ff7c0edc1a9-7ff7c0edc1d6 call 7ff7c1023070 8->16 9->8 21 7ff7c0edc1e5-7ff7c0edc1ed 16->21 22 7ff7c0edc1d8-7ff7c0edc1e0 call 7ff7c106cac4 16->22 24 7ff7c0edc1ef-7ff7c0edc1f7 call 7ff7c106cac4 21->24 25 7ff7c0edc1fc-7ff7c0edc201 21->25 22->21 24->25 27 7ff7c0edc203-7ff7c0edc208 call 7ff7c106cac4 25->27 28 7ff7c0edc20d-7ff7c0edc230 25->28 27->28 30 7ff7c0edc232 28->30 31 7ff7c0edc237-7ff7c0edc258 call 7ff7c102b830 28->31 30->31 35 7ff7c0edc262-7ff7c0edc273 SetCurrentDirectoryW 31->35 36 7ff7c0edc25a 31->36 37 7ff7c0edc275-7ff7c0edc27d call 7ff7c106cac4 35->37 38 7ff7c0edc282-7ff7c0edc285 35->38 36->35 37->38 40 7ff7c0edc3d3-7ff7c0edc3f6 38->40 41 7ff7c0edc28b-7ff7c0edc29c call 7ff7c101e980 38->41 42 7ff7c0edc3fc-7ff7c0edc412 QueryPerformanceCounter 40->42 43 7ff7c0edc48e-7ff7c0edc49a 40->43 50 7ff7c0edc2a2-7ff7c0edc2ad 41->50 51 7ff7c0edc5c1-7ff7c0edc5e8 call 7ff7c106a660 call 7ff7c0edc830 41->51 45 7ff7c0edc602-7ff7c0edc627 42->45 46 7ff7c0edc418-7ff7c0edc428 42->46 48 7ff7c0edc42b-7ff7c0edc44e call 7ff7c0edc830 43->48 45->48 46->48 63 7ff7c0edc450-7ff7c0edc470 QueryPerformanceCounter 48->63 64 7ff7c0edc49c-7ff7c0edc4a4 48->64 52 7ff7c0edc2b4-7ff7c0edc2c8 LoadLibraryExW 50->52 53 7ff7c0edc2af 50->53 69 7ff7c0edc5ed-7ff7c0edc5fd call 7ff7c106a660 51->69 56 7ff7c0edc55e-7ff7c0edc56a call 7ff7c106ae60 52->56 57 7ff7c0edc2ce-7ff7c0edc2d5 52->57 53->52 71 7ff7c0edc54c-7ff7c0edc554 56->71 72 7ff7c0edc56c-7ff7c0edc5bf GetLastError call 7ff7c10d5ad0 call 7ff7c1053370 call 7ff7c0f35b40 56->72 61 7ff7c0edc2eb-7ff7c0edc30b GetProcAddress 57->61 62 7ff7c0edc2d7-7ff7c0edc2e7 SetProcessShutdownParameters 57->62 73 7ff7c0edc314-7ff7c0edc31b 61->73 62->61 67 7ff7c0edc476-7ff7c0edc486 63->67 68 7ff7c0edc62c-7ff7c0edc64e 63->68 70 7ff7c0edc4ad 64->70 67->43 69->70 79 7ff7c0edc4bf-7ff7c0edc4c4 call 7ff7c0ed4e70 70->79 71->56 97 7ff7c0edc544-7ff7c0edc547 call 7ff7c10d5b40 72->97 76 7ff7c0edc31d-7ff7c0edc322 call 7ff7c106cac4 73->76 77 7ff7c0edc327-7ff7c0edc343 73->77 76->77 77->79 82 7ff7c0edc349-7ff7c0edc361 77->82 86 7ff7c0edc4c9-7ff7c0edc4ce call 7ff7c0ed4e70 79->86 85 7ff7c0edc367-7ff7c0edc379 82->85 82->86 90 7ff7c0edc3b5-7ff7c0edc3d2 85->90 91 7ff7c0edc37b-7ff7c0edc380 call 7ff7c106f290 85->91 86->97 91->15 97->71
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressCurrentDirectoryLibraryLoadParametersProcProcessShutdown
                                                                                                                                                                                  • String ID: ..\..\chrome\app\main_dll_loader_win.cc$ChromeMain$Failed to load Chrome DLL from $chrome.dll$no-pre-read-main-dll
                                                                                                                                                                                  • API String ID: 4180520086-2186460328
                                                                                                                                                                                  • Opcode ID: e0ea36fd9982c7444e3d220c40a1b184886d4c2b9419d1a2e384c889dcd78e76
                                                                                                                                                                                  • Instruction ID: 8b19779e72cfb00bfd36a859f5eb3261dc36f7454560173f5ad638ddaf7a6bcf
                                                                                                                                                                                  • Opcode Fuzzy Hash: e0ea36fd9982c7444e3d220c40a1b184886d4c2b9419d1a2e384c889dcd78e76
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61C15C21A48B8281EB20FF15F0553B9A360FB85BA4F855132EA5E47B95DFBCF184C760
                                                                                                                                                                                  Function 00007FF7C0EE3E67 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                  • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 749074358-923734411
                                                                                                                                                                                  • Opcode ID: 22b950ed1e1b762d64ca26cb8eec077c0d14983904bd0af3fc5f0d6c0bb210a3
                                                                                                                                                                                  • Instruction ID: 5d5e961c90e9f99085eda85a75b741d14153a6ac5be244f19c2ab4a3c08b104a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b950ed1e1b762d64ca26cb8eec077c0d14983904bd0af3fc5f0d6c0bb210a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D416F32A0CA8682EB20BF24E0553BAE361FF80764F845136DA9E47B95DF7DE145C360
                                                                                                                                                                                  Function 00007FF7C0F767A0 Relevance: 12.1, APIs: 8, Instructions: 76memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000,?), ref: 00007FF7C0F767D6
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F767FD
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76819
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76836
                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F7684A
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76858
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000), ref: 00007FF7C0F7687B
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000), ref: 00007FF7C0F76898
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireAllocErrorLastReleaseVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 527672694-0
                                                                                                                                                                                  • Opcode ID: cc1304fdf6f16a4824ded2f2e19ac6a6a428a03f31efcf2752814b012e07f392
                                                                                                                                                                                  • Instruction ID: a02b4b3a9aee8eadce2775ded089a9fa358e3e1586769811cafe8b88550278f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1304fdf6f16a4824ded2f2e19ac6a6a428a03f31efcf2752814b012e07f392
                                                                                                                                                                                  • Instruction Fuzzy Hash: E8216D21A1C91B97FB11BF15B8484B8A365BF58FB4FC40471E91D42B60DF6CB98AC3A1
                                                                                                                                                                                  Function 00007FF7C0ED1B80 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 450COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 202 7ff7c0ed1b80-7ff7c0ed1b82 203 7ff7c0ed1b84-7ff7c0ed1b8b 202->203 204 7ff7c0ed1bdf-7ff7c0ed1be3 202->204 207 7ff7c0ed1b91-7ff7c0ed1bab 203->207 208 7ff7c0ed1e32-7ff7c0ed1e41 203->208 205 7ff7c0ed1be9-7ff7c0ed1c03 204->205 206 7ff7c0ed1d6a-7ff7c0ed1d80 TryAcquireSRWLockExclusive 204->206 209 7ff7c0ed1c05 call 7ff7c106eb48 205->209 210 7ff7c0ed1c0a-7ff7c0ed1c28 205->210 211 7ff7c0ed1d82-7ff7c0ed1d85 call 7ff7c0eee950 206->211 212 7ff7c0ed1d8a-7ff7c0ed1d9e 206->212 213 7ff7c0ed1bb1-7ff7c0ed1bb4 207->213 214 7ff7c0ed1e4d-7ff7c0ed1e5b call 7ff7c0f746b0 207->214 208->214 209->210 210->206 216 7ff7c0ed1c2e-7ff7c0ed1c3c 210->216 211->212 219 7ff7c0ed1da4-7ff7c0ed1dd9 212->219 220 7ff7c0ed1ecb-7ff7c0ed1ecc 212->220 221 7ff7c0ed1bc0-7ff7c0ed1bca 213->221 239 7ff7c0ed1e60-7ff7c0ed1e72 call 7ff7c0f75b20 214->239 222 7ff7c0ed1c42-7ff7c0ed1c4c 216->222 223 7ff7c0ed1d4b-7ff7c0ed1d4f 216->223 224 7ff7c0ed1ece-7ff7c0ed1f44 call 7ff7c106cacc * 2 GetLastError SetLastError 219->224 240 7ff7c0ed1ddf-7ff7c0ed1dfa 219->240 220->224 221->221 226 7ff7c0ed1bcc-7ff7c0ed1bce 221->226 222->223 229 7ff7c0ed1c52-7ff7c0ed1c72 222->229 227 7ff7c0ed1d55-7ff7c0ed1d66 223->227 228 7ff7c0ed1ebf 223->228 264 7ff7c0ed1f46-7ff7c0ed1f4a 224->264 265 7ff7c0ed1f4d-7ff7c0ed1f7c 224->265 232 7ff7c0ed1bd4-7ff7c0ed1bd9 226->232 233 7ff7c0ed1e1b-7ff7c0ed1e20 call 7ff7c0f72b40 226->233 227->206 228->220 236 7ff7c0ed1d47 229->236 237 7ff7c0ed1c78-7ff7c0ed1ca9 229->237 232->204 234 7ff7c0ed1e77-7ff7c0ed1ea5 232->234 242 7ff7c0ed1e25-7ff7c0ed1e2d call 7ff7c0f75c40 233->242 241 7ff7c0ed1d3d-7ff7c0ed1d46 234->241 236->223 243 7ff7c0ed1cd0-7ff7c0ed1d18 237->243 244 7ff7c0ed1cab-7ff7c0ed1cb8 237->244 239->234 247 7ff7c0ed1e00-7ff7c0ed1e02 240->247 248 7ff7c0ed1eaa-7ff7c0ed1eb5 call 7ff7c0f75e70 240->248 243->239 260 7ff7c0ed1d1e-7ff7c0ed1d25 243->260 244->243 251 7ff7c0ed1cba-7ff7c0ed1cc1 244->251 247->248 254 7ff7c0ed1e08-7ff7c0ed1e14 ReleaseSRWLockExclusive 247->254 255 7ff7c0ed1eba 248->255 251->243 257 7ff7c0ed1cc3-7ff7c0ed1cca 251->257 254->233 255->254 257->243 261 7ff7c0ed1ccc 257->261 260->242 263 7ff7c0ed1d2b-7ff7c0ed1d39 260->263 261->243 263->241 264->265 269 7ff7c0ed1f7e-7ff7c0ed1f81 265->269 270 7ff7c0ed1f87-7ff7c0ed1f8a 265->270 269->270 271 7ff7c0ed1f8c-7ff7c0ed1f92 call 7ff7c10a8080 270->271 272 7ff7c0ed1f97-7ff7c0ed1fa7 270->272 271->272 274 7ff7c0ed1fae 272->274 275 7ff7c0ed1fa9 272->275 276 7ff7c0ed1fb0-7ff7c0ed1fb5 call 7ff7c106cac4 274->276 277 7ff7c0ed1fba-7ff7c0ed2081 call 7ff7c0ed2590 call 7ff7c0ed8e90 274->277 275->274 276->277 290 7ff7c0ed2083-7ff7c0ed2087 277->290 291 7ff7c0ed208a-7ff7c0ed20ba 277->291 290->291 295 7ff7c0ed20c5-7ff7c0ed20c8 291->295 296 7ff7c0ed20bc-7ff7c0ed20bf 291->296 297 7ff7c0ed20d5-7ff7c0ed20eb 295->297 298 7ff7c0ed20ca-7ff7c0ed20d0 call 7ff7c10a8080 295->298 296->295 300 7ff7c0ed20f2-7ff7c0ed21eb 297->300 301 7ff7c0ed20ed 297->301 298->297 307 7ff7c0ed21f6-7ff7c0ed21f9 300->307 308 7ff7c0ed21ed-7ff7c0ed21f0 300->308 301->300 309 7ff7c0ed2206-7ff7c0ed2246 307->309 310 7ff7c0ed21fb-7ff7c0ed2201 call 7ff7c10a8080 307->310 308->307 313 7ff7c0ed2252-7ff7c0ed226c 309->313 314 7ff7c0ed2248-7ff7c0ed224d call 7ff7c106cac4 309->314 310->309 318 7ff7c0ed22cd-7ff7c0ed22e6 313->318 319 7ff7c0ed226e-7ff7c0ed2273 313->319 314->313 321 7ff7c0ed227b-7ff7c0ed228e 318->321 322 7ff7c0ed22e8 318->322 320 7ff7c0ed2275-7ff7c0ed2279 319->320 319->321 320->318 320->321 326 7ff7c0ed2294-7ff7c0ed2299 321->326 327 7ff7c0ed23b6-7ff7c0ed23c1 call 7ff7c10d56d0 321->327 323 7ff7c0ed22eb-7ff7c0ed2311 call 7ff7c106cb24 322->323 332 7ff7c0ed2313-7ff7c0ed2319 323->332 330 7ff7c0ed22a5-7ff7c0ed22cc SetLastError call 7ff7c106cacc 326->330 331 7ff7c0ed229b-7ff7c0ed22a0 call 7ff7c106cac4 326->331 333 7ff7c0ed23c6 327->333 331->330 332->321 333->333
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AcquireExclusiveLock
                                                                                                                                                                                  • String ID: W$@n
                                                                                                                                                                                  • API String ID: 4021432409-2671980476
                                                                                                                                                                                  • Opcode ID: 4ae8ff0c7d4120d0f58d42ea9cebb1e69520ee54ac295f9a22a09cd7d73a8d37
                                                                                                                                                                                  • Instruction ID: 1f6371ad26121ad1822c86f5e07b196195311d231545c7f5382e672d63c320f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ae8ff0c7d4120d0f58d42ea9cebb1e69520ee54ac295f9a22a09cd7d73a8d37
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F12C132A48B4282EB15BF29D4442B9A7A1FB55BA4F884135DF5D83790DF7DF482C3A0
                                                                                                                                                                                  Function 00007FF7C1039010 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 1646373207-3663164917
                                                                                                                                                                                  • Opcode ID: 2cdc4ccc8f2c4de90e4230421cb493d574fd9b71b754d2a57939199ba8166801
                                                                                                                                                                                  • Instruction ID: 5b19598acda196de9a54413d780b9ffcdb6dc6f9360929e05466c33b1c59ffc9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cdc4ccc8f2c4de90e4230421cb493d574fd9b71b754d2a57939199ba8166801
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53416E31A0CA8681FB21BF15F5553B9E361AF80BA4FC54035DA8E47795DEBCE186C360
                                                                                                                                                                                  Function 00007FF7C109636C Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C109637B
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963B1
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963DE
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963EF
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C1096400
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C109641B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: b6577db9dae4a426543507c67470ffa707cb7943790ec4dfbef65006e9aa635d
                                                                                                                                                                                  • Instruction ID: 2aa7348e80171b981770485b206ffb3403ea809a71a7a553cfad81aa936e4fd4
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6577db9dae4a426543507c67470ffa707cb7943790ec4dfbef65006e9aa635d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9114D20A0C24642FB54BF71A561139E2969F84BB4F968634D83E47BC6EEACA4C34320
                                                                                                                                                                                  Function 00007FF7C0F75E70 Relevance: 4.7, APIs: 3, Instructions: 232COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 539 7ff7c0f75e70-7ff7c0f75e96 540 7ff7c0f75ed9-7ff7c0f75ede 539->540 541 7ff7c0f75e98-7ff7c0f75eb1 539->541 544 7ff7c0f76056-7ff7c0f76065 540->544 545 7ff7c0f75ee4-7ff7c0f75eec 540->545 542 7ff7c0f75eb7-7ff7c0f75ec7 541->542 543 7ff7c0f75eb3 541->543 546 7ff7c0f75ecd-7ff7c0f75ed6 542->546 547 7ff7c0f761fb-7ff7c0f761fc 542->547 543->542 550 7ff7c0f7606d-7ff7c0f76079 544->550 551 7ff7c0f76067-7ff7c0f7606c call 7ff7c106f290 544->551 548 7ff7c0f76137-7ff7c0f7615f 545->548 549 7ff7c0f75ef2-7ff7c0f75ef5 545->549 546->540 552 7ff7c0f761fe-7ff7c0f76201 547->552 553 7ff7c0f76169-7ff7c0f761cb ReleaseSRWLockExclusive 548->553 554 7ff7c0f76161-7ff7c0f76165 548->554 555 7ff7c0f75ef7-7ff7c0f75eff call 7ff7c0f913d0 549->555 556 7ff7c0f75f02-7ff7c0f75f04 549->556 551->550 561 7ff7c0f761cd-7ff7c0f761d7 553->561 562 7ff7c0f761d9-7ff7c0f761ee call 7ff7c0f76310 call 7ff7c0f763d0 553->562 554->553 555->556 558 7ff7c0f75f0e-7ff7c0f75f6c 556->558 559 7ff7c0f75f06 556->559 558->544 564 7ff7c0f75f72-7ff7c0f75f85 558->564 559->558 561->562 565 7ff7c0f761f3-7ff7c0f761f9 561->565 562->544 568 7ff7c0f75f87-7ff7c0f75f9d 564->568 569 7ff7c0f75fb5-7ff7c0f76008 564->569 565->562 571 7ff7c0f7607a-7ff7c0f7607e 568->571 572 7ff7c0f75fa3-7ff7c0f75fa9 568->572 569->544 573 7ff7c0f7600a-7ff7c0f76016 569->573 571->572 575 7ff7c0f76084-7ff7c0f760fe VirtualFree 571->575 572->569 576 7ff7c0f7603a-7ff7c0f76041 573->576 578 7ff7c0f7610e-7ff7c0f76132 575->578 579 7ff7c0f76100-7ff7c0f76108 GetLastError 575->579 576->544 580 7ff7c0f76043-7ff7c0f76052 576->580 578->572 579->552 579->578 581 7ff7c0f76054 580->581 582 7ff7c0f76020-7ff7c0f76023 call 7ff7c0f76210 580->582 584 7ff7c0f76028-7ff7c0f76038 581->584 582->584 584->544 584->576
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f773729c2e95860428d67b6b2319d8133d7c25518e3418408354b9cb3334820
                                                                                                                                                                                  • Instruction ID: b4ff87a165541496e6e59c8eaa1fe95512464b427e0eda1184f93afdac5bcf61
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f773729c2e95860428d67b6b2319d8133d7c25518e3418408354b9cb3334820
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0991D132B18A0582EB249F29E8547B9B3A4FB44BB0F844635EB6E877D4DF7CE4518350
                                                                                                                                                                                  Function 00007FF7C0F0D980 Relevance: 3.1, APIs: 2, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,00007FF7C0FD74E1,?,?,?,?,?,?,?,?), ref: 00007FF7C0F0DA29
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,00007FF7C0FD74E1,?,?,?,?,?,?,?,?), ref: 00007FF7C0F0DA50
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDA4
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDE4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1678258262-0
                                                                                                                                                                                  • Opcode ID: 1c219d54edd95529ae60d437d7a7b2478afd7701bc8689168f2ea21abcc9a51f
                                                                                                                                                                                  • Instruction ID: 5ca5034ba0ab52c6d1311af6b9ff99b347b2e9220b2fc736b7b25d04a6780e9c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c219d54edd95529ae60d437d7a7b2478afd7701bc8689168f2ea21abcc9a51f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E512A71A0DA4682FB50BF11F9513B8B3A1AB80B74F854131D96E467A1DF7CB486C7A0
                                                                                                                                                                                  Function 00007FF7C0EDC830 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentMemoryPrefetchProcessVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3768025762-0
                                                                                                                                                                                  • Opcode ID: 0ff2398a4f1d4b5d869af8df682b44401bbc5695536bc8d54a13d8b967c66fd2
                                                                                                                                                                                  • Instruction ID: 7dff248c660741da7fd0aaf33baa86056bcfa54fcc9eb031926eb163b4c8bd05
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ff2398a4f1d4b5d869af8df682b44401bbc5695536bc8d54a13d8b967c66fd2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C31C621A18B8782EB20BF14F4557B9A360FF84BA4F901130EA8D87B90DF3DE0479750
                                                                                                                                                                                  Function 00007FF7C0EDC960 Relevance: 1.3, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EDCA5A
                                                                                                                                                                                    • Part of subcall function 00007FF7C0EDDCC0: CreateFileW.KERNELBASE ref: 00007FF7C0EDDE3A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1214770103-0
                                                                                                                                                                                  • Opcode ID: 58664ec04857cc381e1591c15c080af573fb7fe3d96741016d5d6d999069e1ac
                                                                                                                                                                                  • Instruction ID: 8625b55745dea44cadc4a073df6345e9a8415e0caaeb4b3c9b55b390ae76c9ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 58664ec04857cc381e1591c15c080af573fb7fe3d96741016d5d6d999069e1ac
                                                                                                                                                                                  • Instruction Fuzzy Hash: B621AC32A5871681FB10BF56A8A1379A290EF85BF0F95A031DE5E83791CF7CA4428360
                                                                                                                                                                                  Function 00007FF7C0EDC660 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1214770103-0
                                                                                                                                                                                  • Opcode ID: ee576b69f98ebe7c32e511e1ae41c1147952b0af6abece6b73afa0afe7d304b5
                                                                                                                                                                                  • Instruction ID: a175cc47723ef8c08413b37bf20a34664d447aa3905639ef201b17035b62b5e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: ee576b69f98ebe7c32e511e1ae41c1147952b0af6abece6b73afa0afe7d304b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: A301DF3262864642FA20BF12A815379A3D0AB88FE0FD55030EE4D47B81CE7CE0428720

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF7C0EDD390 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 372threadlibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$AddressLibraryLoadLongNamePathProc
                                                                                                                                                                                  • String ID: %08x-%04x-%04x-%04x-%012llx$..\..\base\files\file_util_win.cc$.tmp$CreateAndOpenTemporaryFileInDir$ProcessPrng$ScopedBlockingCall$bcryptprimitives.dll
                                                                                                                                                                                  • API String ID: 4272338124-2622647645
                                                                                                                                                                                  • Opcode ID: ac90bdb4579461c0db4d2b2ef4530ac117fa401f6763bb0df26c7555c3285f72
                                                                                                                                                                                  • Instruction ID: 7803fa3a4996ed072b8628139a116deea7080a33d664f151a166812f4ee25dff
                                                                                                                                                                                  • Opcode Fuzzy Hash: ac90bdb4579461c0db4d2b2ef4530ac117fa401f6763bb0df26c7555c3285f72
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8025A32A0CBC586EB31AF15E5403EAA3A1FB94BA4F844131DA8D43BA5DF7CE185C750
                                                                                                                                                                                  Function 00007FF7C0EE4D60 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 402threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CurrentThread
                                                                                                                                                                                  • String ID: ..\..\base\threading\thread.cc$Histogram.TooManyBuckets.1000$Run
                                                                                                                                                                                  • API String ID: 1060291769-1462052136
                                                                                                                                                                                  • Opcode ID: 8bc003a29b2d11d6ef5f4c06b0fc5a257282ed839bbc85e3e5978bd4935fa477
                                                                                                                                                                                  • Instruction ID: 8231985dc0e56458a3b519ca838f01ba1ceb4f8661a1feaf75c0e813850e1938
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bc003a29b2d11d6ef5f4c06b0fc5a257282ed839bbc85e3e5978bd4935fa477
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F1D322A08A4682EB14FF21E5503B9E3A0FF44BA4F944535DA5E87795DF7CF581C3A0
                                                                                                                                                                                  Function 00007FF7C0EEBBA0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 314COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLockRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(protobuf_stream_writer_.bytes_available() != 0)$PERFETTO_CHECK(was_always_bound_)$Shared memory buffer max stall count exceeded; possible deadlock (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 1766480654-1852863068
                                                                                                                                                                                  • Opcode ID: f146be659d9773f0a338365d970d3be5a8573640604a25a8178e3dbd77c899b4
                                                                                                                                                                                  • Instruction ID: 4ce6d6d09bf684398d971b051a3986f4f21793b7ec30e89c7e99e52fa4b87d5d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f146be659d9773f0a338365d970d3be5a8573640604a25a8178e3dbd77c899b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD1C232A08A4A86EB50FF15E4403AAB3A0FB44BA4F904135DB5D47BA0DF7DE595CB50
                                                                                                                                                                                  Function 00007FF7C1021870 Relevance: 13.6, APIs: 9, Instructions: 111threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2845919953-0
                                                                                                                                                                                  • Opcode ID: 4a2460e5feea845d0770e649b0e8a0a5084ed27ae922f44dc6b7649c15f2d7bc
                                                                                                                                                                                  • Instruction ID: 755fbec29cb89cf98477791e009a12e6f8b087b35e063df928d6acd408be0ba5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a2460e5feea845d0770e649b0e8a0a5084ed27ae922f44dc6b7649c15f2d7bc
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9517E25E18A4687F711FF35F855179E362AF45BB0F914232D92E132A1EFBCA486C360
                                                                                                                                                                                  Function 00007FF7C0EDCA80 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 396COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: disable-gpu-sandbox$no-sandbox$service-sandbox-type$type
                                                                                                                                                                                  • API String ID: 0-1293740873
                                                                                                                                                                                  • Opcode ID: cc46e0458301b2c9169679e19c5564f398676fff2f282d5fbf87311733356bca
                                                                                                                                                                                  • Instruction ID: 89568bd308166147327161a705bb3db558f5481a0bc61ab4beb0cf58708c44a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc46e0458301b2c9169679e19c5564f398676fff2f282d5fbf87311733356bca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B02B132A0C64382FB50BF21E9106B9A362EF99BB4F945132DA4E93790DF6CF545C760
                                                                                                                                                                                  Function 00007FF7C0EE3C70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                  • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapFileRegionToMemory$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 749074358-2278429350
                                                                                                                                                                                  • Opcode ID: 4c77c7efc00130e07401c273a9a497690e5cb643d02c2d62b402c14e03f8df10
                                                                                                                                                                                  • Instruction ID: 2226ae7853da908dab5457fe6da163ba9b44b24b35cf07fa1a6ca23c18584d08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c77c7efc00130e07401c273a9a497690e5cb643d02c2d62b402c14e03f8df10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7661D221B1CA8A82EB20BF65E4553BAE3A1EF447A4FC45031DA5E43755DF7DF0458360
                                                                                                                                                                                  Function 00007FF7C0F76310 Relevance: 10.9, APIs: 7, Instructions: 419COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fc254ab4d10dfe2c5b3e670c683d19ac2b36901da03d51e1e47ee7964f30d9cc
                                                                                                                                                                                  • Instruction ID: 59453c6449200a0c2319ea53cc65f421fb4cbeba2a1b033f350f72ef105d997c
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc254ab4d10dfe2c5b3e670c683d19ac2b36901da03d51e1e47ee7964f30d9cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F1D222B18A4586EB14AF19E418379B7A1FB44BB0F840631EA2D877E4DF7CF585C361
                                                                                                                                                                                  Function 00007FF7C109BDDC Relevance: 9.2, APIs: 6, Instructions: 171COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$Locale$ErrorInfoLastValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1706690794-0
                                                                                                                                                                                  • Opcode ID: d6fc0111985f954ec5a0db9ef814e8438fc5fc14d2694b487c4247d0c6ba58d2
                                                                                                                                                                                  • Instruction ID: e8b4fd41b862c864efb2023a47212e39a6a9c5076877ae849fd78faf09898eb3
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6fc0111985f954ec5a0db9ef814e8438fc5fc14d2694b487c4247d0c6ba58d2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18716B22F186428AFB10FF61D460ABCA3A4BF49B64FC54035DA1D53695DFBDE885C360
                                                                                                                                                                                  Function 00007FF7C10985FC Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                  • Opcode ID: ae3be572568f24c9e2d70560a2f5b2d1de07effebe944d51838e4ed41909b91e
                                                                                                                                                                                  • Instruction ID: ce420205b789ba9dc1be6ad96ed58f9bfa3329614f45a30981bf53988cf68d9e
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae3be572568f24c9e2d70560a2f5b2d1de07effebe944d51838e4ed41909b91e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B31A536618F8186E760DF25E8402EEB3A0FB887A4F940136EA8D43B54DF7CC595CB50
                                                                                                                                                                                  Function 00007FF7C109C688 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                  • Opcode ID: 220e77a53ef1a17a3be08ba79c58693656147ab1c29a76232f106e82a093aba7
                                                                                                                                                                                  • Instruction ID: 22be2e3763e4ce7e0b21dc09a87c0e17b9e6f4c281bad39076dbf54f61d1b025
                                                                                                                                                                                  • Opcode Fuzzy Hash: 220e77a53ef1a17a3be08ba79c58693656147ab1c29a76232f106e82a093aba7
                                                                                                                                                                                  • Instruction Fuzzy Hash: AB118E25E0C24383FB54AF21B62057AE360BF44BA4FC55035EA5A43685DFACF881C760
                                                                                                                                                                                  Function 00007FF7C0FF66B0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: ..\..\third_party\perfetto\src\protozero\static_buffer.cc$Static buffer too small (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 17069307-1723169051
                                                                                                                                                                                  • Opcode ID: 5139f0a85a3de955032f58c729ed5b9257e74cc2c64a7362f98c413b228d9f7f
                                                                                                                                                                                  • Instruction ID: aeaf0a6d185eac88824987722a78aeb3814a8b15eacc25cfa795ab512e61bc82
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5139f0a85a3de955032f58c729ed5b9257e74cc2c64a7362f98c413b228d9f7f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3112D122A09A8186EB20AF25D45037DB7A4FB94BA8F948235DB8D43B95DF3CF495C350
                                                                                                                                                                                  Function 00007FF7C101CE00 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 394COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32 ref: 00007FF7C101CF29
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CF89
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CFD9
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101D1FE
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101D39E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                  • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$ScopedBlockingCall$chrome.dll$enable-background-thread-pool
                                                                                                                                                                                  • API String ID: 1190089479-3721307498
                                                                                                                                                                                  • Opcode ID: fd1f6e008e67268f21c37c88b0100117a9d8827a2b4519f56469344693209d38
                                                                                                                                                                                  • Instruction ID: 799d8413f59191c4aa62fd3020672b8adfe22c1865d5c7e7d882e1e7049a36a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd1f6e008e67268f21c37c88b0100117a9d8827a2b4519f56469344693209d38
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61028C31A08A4686EB54FF11E4483B9B7A1EB44B74FE64135D96E423A1EFBCF485C720
                                                                                                                                                                                  Function 00007FF7C103DF20 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 200threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$CompletionEventPostQueuedStatus
                                                                                                                                                                                  • String ID: Chrome.MessageLoopProblem.COMPLETION_POST_ERROR$Chrome.MessageLoopProblem.MESSAGE_POST_ERROR$I$ScheduleWork$ScheduleWorkToSelf$WaitableEvent::Signal
                                                                                                                                                                                  • API String ID: 3823919964-1721350857
                                                                                                                                                                                  • Opcode ID: 079834976e3c9889d1dbaf4282a8bc1f38e969f0af46479a2bcc07e57ee33aa5
                                                                                                                                                                                  • Instruction ID: 72bb956fbaf29e037a0474b80b31f00bd87ddd534bd108ce387a10409682652f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 079834976e3c9889d1dbaf4282a8bc1f38e969f0af46479a2bcc07e57ee33aa5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1691C635608A4286FB20AF14F5903BAF7A1EB44BA4FC54135DA8D077A4DFADE585C720
                                                                                                                                                                                  Function 00007FF7C101C910 Relevance: 15.3, APIs: 10, Instructions: 286COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 593636287-0
                                                                                                                                                                                  • Opcode ID: b697706649042c1499998c34791b68cf3591d20dff5812882a7b6ebb46ac9399
                                                                                                                                                                                  • Instruction ID: b0787b5a63de5bfda300c1dd0a6da01e9c87990073365c2e18adfe9f45399fe5
                                                                                                                                                                                  • Opcode Fuzzy Hash: b697706649042c1499998c34791b68cf3591d20dff5812882a7b6ebb46ac9399
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC1C622A08A4681EB11BF21E654379A761FF44BB4F974132DA4E67690EFBCE4C1C361
                                                                                                                                                                                  Function 00007FF7C0FD9F60 Relevance: 15.3, APIs: 10, Instructions: 286COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 593636287-0
                                                                                                                                                                                  • Opcode ID: 6de5c40d0db44cba04cfc1a0ff9a8a7597ea320e950796035997b45bdbe35b2f
                                                                                                                                                                                  • Instruction ID: 910e0d9157bb005b1d7be1b1e529a226c2f712023582d399ac843f0d5d425f17
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de5c40d0db44cba04cfc1a0ff9a8a7597ea320e950796035997b45bdbe35b2f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22C1C022A0CB4681EB21AF21A510379A361BF45FB4F854232DA5E97790DF7DF4C2C3A4
                                                                                                                                                                                  Function 00007FF7C102CC30 Relevance: 15.2, APIs: 10, Instructions: 194COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2824607059-0
                                                                                                                                                                                  • Opcode ID: 76c09965ada01b5d92c6eee0f2b6c33fa6b5908643c7299a9d6531ba0fa746a0
                                                                                                                                                                                  • Instruction ID: 419afeb31fe5a3b2158acbcaecda085bdfc1d8a54c23ef80c53bac14518c86b7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c09965ada01b5d92c6eee0f2b6c33fa6b5908643c7299a9d6531ba0fa746a0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C61B221A0960686EF65BF15A914239A364BF45FB5F9A0971CD1E873E0CFBCE8C5C360
                                                                                                                                                                                  Function 00007FF7C0FD8C50 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 381COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                  • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$enable-background-thread-pool
                                                                                                                                                                                  • API String ID: 1190089479-3676744455
                                                                                                                                                                                  • Opcode ID: 9500ba63d2e51878e0ab6cbc504d39f53d47ea98fae46462e4ff44037ca09d57
                                                                                                                                                                                  • Instruction ID: 8d0e70f41354d58261ba25ca151f677f6e5289287b0b33160cc42c17058f2000
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9500ba63d2e51878e0ab6cbc504d39f53d47ea98fae46462e4ff44037ca09d57
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53027C21A0CB4686EB54FF55E8443B9A3A1AB44B74FD54131DA2E833A1DF7CF486C7A0
                                                                                                                                                                                  Function 00007FF7C0EFEB30 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 276timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$LocalTime
                                                                                                                                                                                  • String ID: )] $:.#$UNKNOWN$VERBOSE
                                                                                                                                                                                  • API String ID: 3586426482-1244416384
                                                                                                                                                                                  • Opcode ID: 0a53c9bab6da4d70b746ef184e061a2fda3b849d4194311a3877cfbee643182c
                                                                                                                                                                                  • Instruction ID: 846aeeb7626d9daa083905fa2fdb573ec1cebc51fd3f6e648863fddc5e5ca996
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a53c9bab6da4d70b746ef184e061a2fda3b849d4194311a3877cfbee643182c
                                                                                                                                                                                  • Instruction Fuzzy Hash: B0C1BD22709A4286EB10FF15E4502BAA7A0EB85FA4FC48035EE4E877A5DF7DF541C360
                                                                                                                                                                                  Function 00007FF7C101DDD0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 131libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7C101DDA9,?,?,?,?,00007FF7C0FD8AE0), ref: 00007FF7C101DF08
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7C101DDA9,?,?,?,?,00007FF7C0FD8AE0), ref: 00007FF7C101DF18
                                                                                                                                                                                    • Part of subcall function 00007FF7C0F730F0: WaitForSingleObject.KERNEL32 ref: 00007FF7C0F730FA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleObjectProcSingleWait
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
                                                                                                                                                                                  • API String ID: 2452614001-2914896919
                                                                                                                                                                                  • Opcode ID: 42e8eb2c469e36b7b20fc518d773d812646bd63cbc604963905f822b1bbc8a86
                                                                                                                                                                                  • Instruction ID: ca5cc6135aa7c65538706451114008a1b65f9020e85a889d50014b6c9756f9b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42e8eb2c469e36b7b20fc518d773d812646bd63cbc604963905f822b1bbc8a86
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D518D31A0CA4682FF54BF15F4542B9B3A2AF80BA4FD21036D95D473A1EFACE585C361
                                                                                                                                                                                  Function 00007FF7C1097390 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7C109717C,?,?,00000000,00007FF7C1099D5F,?,?,E0000008,00007FF7C108090D), ref: 00007FF7C109750C
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF7C109717C,?,?,00000000,00007FF7C1099D5F,?,?,E0000008,00007FF7C108090D), ref: 00007FF7C1097518
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                  • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                  • API String ID: 3013587201-2431898299
                                                                                                                                                                                  • Opcode ID: f3a0e931aee21bcdf5bbb018868af67f807ca3288ca5dcab4f5a2cde0f8af77d
                                                                                                                                                                                  • Instruction ID: 12f2996bc08f859627b37c79adf57a2956463908a7a94406b5c86a51d4a801cd
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3a0e931aee21bcdf5bbb018868af67f807ca3288ca5dcab4f5a2cde0f8af77d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B415622B1960242FB15EF16B824A79A391BF45BB0FCA8035CD0D87795EF7CE884C760
                                                                                                                                                                                  Function 00007FF7C0ED26B0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\task\sequence_manager\work_tracker.cc$E$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$WaitNoSyncWork
                                                                                                                                                                                  • API String ID: 1678258262-2415033031
                                                                                                                                                                                  • Opcode ID: 124c27959f57da352ab1ca24cabc69c55b430d98f7a6b8e1a05a07993c9ae504
                                                                                                                                                                                  • Instruction ID: 202db5e6389d6c6f50ab7f919761e12c2244f55813cd79798ac638349e1897fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 124c27959f57da352ab1ca24cabc69c55b430d98f7a6b8e1a05a07993c9ae504
                                                                                                                                                                                  • Instruction Fuzzy Hash: E751B135A08B8682EB24EF15E4503B9B3A0FB54BA4F844036DA8D47755DF7DE14AC760
                                                                                                                                                                                  Function 00007FF7C0ED9320 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: 80e4f4d35a630e6ed0e0d7afaff95ede3337e13790b928ec908ccf6415612d6f
                                                                                                                                                                                  • Instruction ID: 42ec82dad9f42c693de66f6cfc73467ef66eb253a34a7d49c7daca9b368735bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80e4f4d35a630e6ed0e0d7afaff95ede3337e13790b928ec908ccf6415612d6f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22418C35A0DB4682FB25BF15A895379A221AF44B70FC84435D91E873A1DF7CB485C3A1
                                                                                                                                                                                  Function 00007FF7C10A3EC8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                  • String ID: MZx$api-ms-
                                                                                                                                                                                  • API String ID: 2559590344-259127448
                                                                                                                                                                                  • Opcode ID: 60619b0a41a83c94824ee0dc1da94f1909a4962e4e44d6481aaa8bc4d90f8d89
                                                                                                                                                                                  • Instruction ID: 74015bd36ed1deb0377b0eb3c148cde20fca980b11918f3c34f5cd5d7376ce7a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 60619b0a41a83c94824ee0dc1da94f1909a4962e4e44d6481aaa8bc4d90f8d89
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F31B621B2A64295EF15BF06A400A75E3A8FF44BB4F8A8539DD5D4B350DF7CE4848770
                                                                                                                                                                                  Function 00007FF7C0EDAFF0 Relevance: 12.1, APIs: 8, Instructions: 115threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$ExclusiveLock$Acquire$CounterPerformanceQueryRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1818721922-0
                                                                                                                                                                                  • Opcode ID: 635a66216e4fa743df2c8a957b8d48665c5b62ca7ca6d911d3a84572c369bab2
                                                                                                                                                                                  • Instruction ID: d752131f0fd8c4dd6a1d0dc1399c760d11143e5e3a54777eb2137a4221dc7326
                                                                                                                                                                                  • Opcode Fuzzy Hash: 635a66216e4fa743df2c8a957b8d48665c5b62ca7ca6d911d3a84572c369bab2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 20415636A49B06C2EB64BF15E550379A361EB84BB0F894431CA5D437A0EF7CF885C7A0
                                                                                                                                                                                  Function 00007FF7C0EF7F40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF813C
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF8179
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF81E3
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF824C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$ReleaseValue
                                                                                                                                                                                  • String ID: ..\..\third_party\perfetto\src\protozero\static_buffer.cc$Static buffer too small (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 2488027873-1723169051
                                                                                                                                                                                  • Opcode ID: 9f28383e9ab378ab6595b52b3289aa1ea456060469bf99ad3ebbfea727bc108f
                                                                                                                                                                                  • Instruction ID: 618b12d710227f7a0ace5f3cfda4b2cf64d293b6054dec5044b97b3188cb7a4a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f28383e9ab378ab6595b52b3289aa1ea456060469bf99ad3ebbfea727bc108f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E891AC32A08A469AEB10BF25E9442B9B7A1FB44BA4FD44131EA4D43794DF7CF585C3A0
                                                                                                                                                                                  Function 00007FF7C0EE8070 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 159COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID: ..\..\base\win\message_window.cc$Chrome_MessageWindow$Failed to create a message-only window$Failed to register the window class for a message-only window$MZx
                                                                                                                                                                                  • API String ID: 1452528299-3236826998
                                                                                                                                                                                  • Opcode ID: 4f93c8160a6040498567458eac20764e1bafae68049ee32a3ea32841cc293b73
                                                                                                                                                                                  • Instruction ID: a4f841842287804b5b347544e9cda3a01fe09e6a19837d186760ccb5a824fc89
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f93c8160a6040498567458eac20764e1bafae68049ee32a3ea32841cc293b73
                                                                                                                                                                                  • Instruction Fuzzy Hash: E871AD31A4CA4A82FB54BF14E9403B9A3A1FF44BA4FD04132D96D467E1EFACE042C761
                                                                                                                                                                                  Function 00007FF7C0EEC1D0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 151COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc$PERFETTO_CHECK(reinterpret_cast<uintptr_t>(begin) % kChunkAlignment == 0)$PERFETTO_CHECK(size > 0)
                                                                                                                                                                                  • API String ID: 17069307-524348897
                                                                                                                                                                                  • Opcode ID: 24c12f9b734c66b48824b418af82ee4fb2652749d259f3fffe367a07e690f8a6
                                                                                                                                                                                  • Instruction ID: f9dad7a24991474934937ed5288353cce82d932d8c169977d9a15f9c11d31356
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24c12f9b734c66b48824b418af82ee4fb2652749d259f3fffe367a07e690f8a6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8451E122A0869982F755BF25E4047ADB7A4FF44B64F848135EE5C43790DF7CE4A2C364
                                                                                                                                                                                  Function 00007FF7C102F870 Relevance: 10.6, APIs: 7, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4258034872-0
                                                                                                                                                                                  • Opcode ID: 613fecbf0c6430462b5f777b0508cb0a7c1c3067a5e4db70d5dee71cd6ac4b07
                                                                                                                                                                                  • Instruction ID: 6fc6bc62917ff4e49d2c1790f2d3507a9f6e61a573886cfa4d004a857d9ab019
                                                                                                                                                                                  • Opcode Fuzzy Hash: 613fecbf0c6430462b5f777b0508cb0a7c1c3067a5e4db70d5dee71cd6ac4b07
                                                                                                                                                                                  • Instruction Fuzzy Hash: D141C722F0565686EB16AF21A800379E360FB54BF5F9549B2DE1D07790DFBC98C5C350
                                                                                                                                                                                  Function 00007FF7C0EE4A10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\threading\hang_watcher.cc$UnregisterThread$it != watch_states_.end()
                                                                                                                                                                                  • API String ID: 1678258262-1505799933
                                                                                                                                                                                  • Opcode ID: 037edcb94c590b72f4ed389da50c4a7365bfd6ceb50492b2ecc5018b07b16730
                                                                                                                                                                                  • Instruction ID: e774ab63ba880df668f5b57fe0e4c1a3f4b47dd5d186009a7feb63b14fb902b2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 037edcb94c590b72f4ed389da50c4a7365bfd6ceb50492b2ecc5018b07b16730
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4514C62B49A0A81EB55FF11E454279A3A0BB44FB4F854431DE2E47790EF7CF842C364
                                                                                                                                                                                  Function 00007FF7C0EEE020 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 133libraryloaderthreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                                                                                                                                                                                  • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                  • API String ID: 4205643583-415897907
                                                                                                                                                                                  • Opcode ID: ffb13398a3542e26dfa457546c8eab5d4c12ac0b9a61c8aef060f9ef20f07efd
                                                                                                                                                                                  • Instruction ID: 74b6ab9463c924a1ac37be5feb1e19a97064d2796fd9792cdf094e890a03f718
                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb13398a3542e26dfa457546c8eab5d4c12ac0b9a61c8aef060f9ef20f07efd
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB417A32A09A4682EB14FF15E954179A3A1AF44BB0FD40131DA2E877A4DF7DF486C7A0
                                                                                                                                                                                  Function 00007FF7C100BDA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\memory\shared_memory_tracker.cc$DecrementMemoryUsage$it != usages_.end()
                                                                                                                                                                                  • API String ID: 1678258262-3010543142
                                                                                                                                                                                  • Opcode ID: bc1b4013e630dcee6112208a7e82479b1f1fa2a601f6c2764bf8402031e014a8
                                                                                                                                                                                  • Instruction ID: dc928e7a4ac5be8d3b8a989581e48854c7616eb5d892957fd3a7c37650c60d0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc1b4013e630dcee6112208a7e82479b1f1fa2a601f6c2764bf8402031e014a8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E416B6AB09A8682EF14EF129514179E3A1BF19FE4F858432DE0D0B754DFBCE895C320
                                                                                                                                                                                  Function 00007FF7C0FC9EF0 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandle$ErrorLast
                                                                                                                                                                                  • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                                                                                                                                                  • API String ID: 1798101686-1661544796
                                                                                                                                                                                  • Opcode ID: 2ae72de8744ba8cfa9121e3a2b89fdfd9fb1e1fb64acca0abaf814389d87283a
                                                                                                                                                                                  • Instruction ID: 89e2be8311233a0645d65cbd69517afe9037d9f7b6d2b7c119a6e2c5a648c01b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ae72de8744ba8cfa9121e3a2b89fdfd9fb1e1fb64acca0abaf814389d87283a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F731AF21B1C64782FB20BF21B8562BAE360AF41BA4FD14035D90D86B95DFACF586C770
                                                                                                                                                                                  Function 00007FF7C103E270 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$AddressCreateEventHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 687412823-1090674830
                                                                                                                                                                                  • Opcode ID: 2a46b3b27b395f8b706b82bf48550544c70c43b5e9856c00a6b2a1ba83b87e1d
                                                                                                                                                                                  • Instruction ID: 3f4108dce368522762f1deca0a57d65223adac71a6e13f291a4906d5dcb61e1d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a46b3b27b395f8b706b82bf48550544c70c43b5e9856c00a6b2a1ba83b87e1d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F318E35A0D74B82FB29AF25B558779E251AF45BA0FC58434CA4E43790DFBCA485C360
                                                                                                                                                                                  Function 00007FF7C10961F4 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: 7ebc734ee44cc287cad0a22565030c003ffc5dcdd7282fed80855bba93b1f86c
                                                                                                                                                                                  • Instruction ID: eeabd17e2224e9ecd293601455b7d7dbb82d5a36a099f549c64a357c1aad404f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ebc734ee44cc287cad0a22565030c003ffc5dcdd7282fed80855bba93b1f86c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E219220B0D64642FB18BFA1A565139D2925F84BB0F864734D83E47BD6EEACB4838320
                                                                                                                                                                                  Function 00007FF7C0EEA300 Relevance: 10.6, APIs: 7, Instructions: 59threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00007FF7C0EEA317
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA330
                                                                                                                                                                                  • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA34D
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA364
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00007FF7C0EEA383
                                                                                                                                                                                  • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA39A
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA3C3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$Priority$CurrentInformation
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3180331770-0
                                                                                                                                                                                  • Opcode ID: b6050db19ba1334f646b28b39040b34b330af5d0dbeaa66ae66bc0229ad75e65
                                                                                                                                                                                  • Instruction ID: 4aa0f161a6ba684ee9f1c237ed2f01945c654fbc17d372a90e7c99fd29105bf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6050db19ba1334f646b28b39040b34b330af5d0dbeaa66ae66bc0229ad75e65
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10218E31A18A1683E710BF21F95466DA2A0AF88FB0F954135DD1E43B94DF7CF8468760
                                                                                                                                                                                  Function 00007FF7C10A6684 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                  • Opcode ID: 741978a0998bfc87aef89c81d378bf6149570891829d04740e769a4e84b9bfcb
                                                                                                                                                                                  • Instruction ID: 3d1ca0230f9321788916345f1f78ba2077f9013cf48e0c0cfa265218ad6845a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 741978a0998bfc87aef89c81d378bf6149570891829d04740e769a4e84b9bfcb
                                                                                                                                                                                  • Instruction Fuzzy Hash: C9118131B28A4283E750AF12F854329E6A0FB88FF4F844234EA5D87794DFBCD8448750
                                                                                                                                                                                  Function 00007FF7C0EEC2A0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 345COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$PERFETTO_CHECK(ptr <= chunk.end() - SharedMemoryABI::kPacketHeaderSize)
                                                                                                                                                                                  • API String ID: 17069307-3792523027
                                                                                                                                                                                  • Opcode ID: 5afaef8b43b3e78a383d903b1babb7e1887c9b35eb94b8a40b2dc3276c72710b
                                                                                                                                                                                  • Instruction ID: c003730cbf363250fad336652f0b8820c0cc12c06ee42e15e58bd397e5533628
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5afaef8b43b3e78a383d903b1babb7e1887c9b35eb94b8a40b2dc3276c72710b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84F1E132A0878586E754EF25E04036EBBA0FB84B64F448136EBAD83794DF7CE492C750
                                                                                                                                                                                  Function 00007FF7C10001E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.MismatchedConstructionArguments
                                                                                                                                                                                  • API String ID: 1678258262-1291613963
                                                                                                                                                                                  • Opcode ID: 5e4665ff32823282a26e0efbf0f47b0d54b8d2c841dc2afd416d3b0991948777
                                                                                                                                                                                  • Instruction ID: 0e22efd36e4c35bbf17df2d1a68e8b1d655c09e17220e30364ddaf7fd84a1f30
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4665ff32823282a26e0efbf0f47b0d54b8d2c841dc2afd416d3b0991948777
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1D1C322B0974682EB20EF15E44037AA3A0FB89BE4F928531DE4D47399DFBCE585C350
                                                                                                                                                                                  Function 00007FF7C108B7B8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                  • String ID: MZx
                                                                                                                                                                                  • API String ID: 2718003287-2575928145
                                                                                                                                                                                  • Opcode ID: 2672e53833cb2fc68dffb8b7191d881260781bfdfc968900550d8bdf3fe9f617
                                                                                                                                                                                  • Instruction ID: 88abdbd6cb511179b4e20fe628474375b500f353309498cacc74c05d7c283ccd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2672e53833cb2fc68dffb8b7191d881260781bfdfc968900550d8bdf3fe9f617
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D11232B0CA8189F710DF65D4406ACBBB1FB44BA8B854236CE5D97F99DE78D486C350
                                                                                                                                                                                  Function 00007FF7C0FD4FC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                  • String ID: ProcessPrng$bcryptprimitives.dll$xn--
                                                                                                                                                                                  • API String ID: 2574300362-110522026
                                                                                                                                                                                  • Opcode ID: 22dd28c5f545e4ae27005e6343604365e7982823b25def481a772eda2806ca82
                                                                                                                                                                                  • Instruction ID: c101751fdf527b72868f167f93ad3ebfd53ec0b9b3edbf0c2cb54b411f359872
                                                                                                                                                                                  • Opcode Fuzzy Hash: 22dd28c5f545e4ae27005e6343604365e7982823b25def481a772eda2806ca82
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC516A11B1D74642FE56BF22A9153B9D291AF45FE0F848035DD0D86B91EF6CF88683A0
                                                                                                                                                                                  Function 00007FF7C0F18780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F1888E
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F1889E
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F188D6
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F188E6
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: b6c4fa440982b494e6df9ced0acfae9db41435414ebe8469eb72633a9ef09bdd
                                                                                                                                                                                  • Instruction ID: ac100d0b1771f9a199b993320bd73a64a8147e2a99a15455a7d2353e847c8d05
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6c4fa440982b494e6df9ced0acfae9db41435414ebe8469eb72633a9ef09bdd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D410825A0DA0A82EB24BF16F6553B9A361AF40BB0FD44035C94E873A4CF7CF485C3A1
                                                                                                                                                                                  Function 00007FF7C0F0F760 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLockLongNamePath$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                  • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 839722070-2989128051
                                                                                                                                                                                  • Opcode ID: b4d3de17c8255d9be60315dbacc86b9690764f8e07dcecae17b070e1a7699ba5
                                                                                                                                                                                  • Instruction ID: da74facf393bc4b7c8b5b5c6d5494b2fb8150d58a57a48acda15cfb179d55238
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4d3de17c8255d9be60315dbacc86b9690764f8e07dcecae17b070e1a7699ba5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A41C621A1CA9281FB21EF25E5107F6A360BF85B64F889031DA8D43B55EFBCE1C98750
                                                                                                                                                                                  Function 00007FF7C0F184B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93libraryloadersynchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleObjectProcProcessSingleTerminateWait
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 2756416720-1090674830
                                                                                                                                                                                  • Opcode ID: ec6d47e36616f468e828ad401cebf3d2974227d9b4cdf672441ac5d583ebae92
                                                                                                                                                                                  • Instruction ID: e816b498f6bfcd8b6a602a46482d8d51710fe849cc16dac64e11f4f755c2fafc
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec6d47e36616f468e828ad401cebf3d2974227d9b4cdf672441ac5d583ebae92
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54418425A1D60682FB24FF11E2543B9E261EF44BB0FC44031CA4E83791DF6CF48683A1
                                                                                                                                                                                  Function 00007FF7C10391E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1762409328-1090674830
                                                                                                                                                                                  • Opcode ID: 84a4a67dc84283cf48c6793d2e208855c5165b2abea69f404d72d851573b5d32
                                                                                                                                                                                  • Instruction ID: 706139073209ec0998c4bade8867db895c14c9edacdf2004d5de8aafded5d4ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 84a4a67dc84283cf48c6793d2e208855c5165b2abea69f404d72d851573b5d32
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7931AE36A08E4682EB25AF16A540379B761BB45B60FC18431CA5E433A1DFBCE4D5C360
                                                                                                                                                                                  Function 00007FF7C103FA50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7C103FB36
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7C103FB46
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1682205630
                                                                                                                                                                                  • Opcode ID: 0bea5f4f0fdfba0300efe2eab11ccebf0da56c765f9b07c4c0ee5e613acbdc25
                                                                                                                                                                                  • Instruction ID: c86f61f3179d40c2f63cbf2ca8576306eb23c3e69279e76097525a14db7d7aef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bea5f4f0fdfba0300efe2eab11ccebf0da56c765f9b07c4c0ee5e613acbdc25
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B31A120A0CA8781FB25BF25F5653B9D361BF80BA4FD14031D94E437A0EEACE586C361
                                                                                                                                                                                  Function 00007FF7C1080894 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                  • Opcode ID: 13df5ce38fb156cefe56dd94bd3652ef1bade8bf14340295928b618caeb48d88
                                                                                                                                                                                  • Instruction ID: 2dbd654c3d64f4614a67798cc567961df74a5b92684632e103b45f7f4685345e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 13df5ce38fb156cefe56dd94bd3652ef1bade8bf14340295928b618caeb48d88
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40F0C261B2970682FB10AF24F454379A320EF44B70FD00235C6AD066E8DFACD588C3A0
                                                                                                                                                                                  Function 00007FF7C0F72B90 Relevance: 7.8, APIs: 5, Instructions: 336COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C119A700,00007FF7C119A700,?,00000001,00000000,?,00007FF7C0F74675), ref: 00007FF7C0F7309E
                                                                                                                                                                                    • Part of subcall function 00007FF7C0F75870: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000198), ref: 00007FF7C0F758C6
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72DCD
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72E9F
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72ED8
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72FA3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: e484edf4434918ffb1e09d753d9c610cc8b2120032f89aad0b0583e76e1f55f5
                                                                                                                                                                                  • Instruction ID: 0bdb1ecfc8dcbcefa0e8e1085bc4dda82e04bc3c040adfeb7fb30928223f1ead
                                                                                                                                                                                  • Opcode Fuzzy Hash: e484edf4434918ffb1e09d753d9c610cc8b2120032f89aad0b0583e76e1f55f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E1E132A08A4582EB54DF29E458379B7A1FB48BB4F844231EB6E437A4DF7DE485C350
                                                                                                                                                                                  Function 00007FF7C0F18950 Relevance: 7.7, APIs: 5, Instructions: 165COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$UnregisterWait
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2338655335-0
                                                                                                                                                                                  • Opcode ID: d0f68ebfad5e455230e52523ffc722c858d44b856bfe22fe4db7eb134da450d5
                                                                                                                                                                                  • Instruction ID: 460feab7341ced0da9491e309524ccfd5e6b2d744f5ba0c3c1fa03cca46066e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f68ebfad5e455230e52523ffc722c858d44b856bfe22fe4db7eb134da450d5
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF519362B1DA5682EA10FF11A6101B9A350BF85BB0F994635ED6D837D0DF7DF482C360
                                                                                                                                                                                  Function 00007FF7C1096434 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C1096453
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C1096472
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C109649A
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C10964AB
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C10964BC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 2466618eabf79cfc8f4079df219ec32fdae25c47607054c56235cb4a8af0e319
                                                                                                                                                                                  • Instruction ID: a1769be5f064f7fcad76da58f780d93a1ad72af52714d32bf11a709f232cbe0a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2466618eabf79cfc8f4079df219ec32fdae25c47607054c56235cb4a8af0e319
                                                                                                                                                                                  • Instruction Fuzzy Hash: 80116D20E0C25602FB58BFA1A571179E2865F847B0EC64334D93D46BC6EEACB4834231
                                                                                                                                                                                  Function 00007FF7C10962C8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: e46dcc0af29b572bea9188fb6dab3bb5616f701afb0bc69f194c4f05d8fc2bb9
                                                                                                                                                                                  • Instruction ID: 33066a1745a1562eebf71806e6041b81050de082342fed5860bfdb6dabb55bdd
                                                                                                                                                                                  • Opcode Fuzzy Hash: e46dcc0af29b572bea9188fb6dab3bb5616f701afb0bc69f194c4f05d8fc2bb9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A11E810E0D24742FB58BF71A47257992855F85770EDA8734D83E4A6D2EEADB4C34231
                                                                                                                                                                                  Function 00007FF7C0FD7360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD7434
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD74AA
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD74BA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: cb0c5278d54275e8085a0eee572d894937d566a904c015a68523ccf70fa32c9e
                                                                                                                                                                                  • Instruction ID: f111eb0a871d716a721d0c69699216a73159ba684784633b33a61fdd83daeda1
                                                                                                                                                                                  • Opcode Fuzzy Hash: cb0c5278d54275e8085a0eee572d894937d566a904c015a68523ccf70fa32c9e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D41A122B0D74682FB26BF16A454278D651AB41BB0FC48431CE1E8B791EF7CB586C3A0
                                                                                                                                                                                  Function 00007FF7C0ED7F60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED8029
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED80CF
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED814A
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDA4
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDE4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.TooManyBuckets.1000
                                                                                                                                                                                  • API String ID: 1678258262-786474106
                                                                                                                                                                                  • Opcode ID: 0c2c71ba42dbc3db91620377ee9654bc0550e33b447ccf794a0f8c1c5fb99121
                                                                                                                                                                                  • Instruction ID: d1aaceea8011af5bd6867e31d4f83eb4cd0370cd86fa182e03f6ddd822cb0939
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c2c71ba42dbc3db91620377ee9654bc0550e33b447ccf794a0f8c1c5fb99121
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5514121A0864682FB10FF15E9502B9A361EB45BB4FD44132DA5D837A5DFACF48AC360
                                                                                                                                                                                  Function 00007FF7C0FFA7B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.TooManyBuckets.1000
                                                                                                                                                                                  • API String ID: 1678258262-786474106
                                                                                                                                                                                  • Opcode ID: d5a5028f9f4a70f86bbf5af9e1ab828fca3f0666923c0e2e856acb2f53e5ec4f
                                                                                                                                                                                  • Instruction ID: 9924d38452c96c03a97a1ce87ce9894cf96a0369f64f4bf9101817bbc77f112e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a5028f9f4a70f86bbf5af9e1ab828fca3f0666923c0e2e856acb2f53e5ec4f
                                                                                                                                                                                  • Instruction Fuzzy Hash: F1313071E0CA0A86FB14BF15A55067893E1AF44BF0F955131D82E577A0CFACF481C661
                                                                                                                                                                                  Function 00007FF7C0FD8AF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConditionSleepVariable
                                                                                                                                                                                  • String ID: ..\..\base\synchronization\condition_variable_win.cc$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait
                                                                                                                                                                                  • API String ID: 1382704212-1641630961
                                                                                                                                                                                  • Opcode ID: ab94b1d782c197831efa4a0e349b632c348739a28c7ec5b76b0ae22641b4c047
                                                                                                                                                                                  • Instruction ID: f30fe7920f11e02ed27bc64e71d8fc0ac24e182905b3ad5f669f980e474c064b
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab94b1d782c197831efa4a0e349b632c348739a28c7ec5b76b0ae22641b4c047
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1531AE31A0CBC595F761AF29B4013EAB7A0BB81764F844132DA8C42B95DF6DE08BC760
                                                                                                                                                                                  Function 00007FF7C0EE95C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: 4ff829e253a010901519fdf0d16eff89565a88dfcf04b435e8441e434bebebb0
                                                                                                                                                                                  • Instruction ID: 551b846d6b413cc91edc1d47edc80e3735c8c07341659525121de3e0b11b84a7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ff829e253a010901519fdf0d16eff89565a88dfcf04b435e8441e434bebebb0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91215435A4DB0B82FB257F15A4552799251AF45B70FC08436CD1E87390DF7CB895C3A1
                                                                                                                                                                                  Function 00007FF7C0EE1C00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000001,00000000,?,00007FF7C0EDCA2D,?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C18
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000001,00000000,?,00007FF7C0EDCA2D,?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C80
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C90
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 3224599007-1090674830
                                                                                                                                                                                  • Opcode ID: 5fd75159740fcdfb87166d4a69fd30226966a164064416109555e7dd86531c99
                                                                                                                                                                                  • Instruction ID: 4e97bd3f9111d1a703e6d6c5e1f5f0483bccf9bcd53f50063142cee7773c03a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fd75159740fcdfb87166d4a69fd30226966a164064416109555e7dd86531c99
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF213E35A4CA0A82EB29BF25E454379D321AF44FA4FA44571D91E833A0DF6DB4C5C3A1
                                                                                                                                                                                  Function 00007FF7C0F1F540 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastUnlock
                                                                                                                                                                                  • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$UnlockFileEx
                                                                                                                                                                                  • API String ID: 3655728120-3540829929
                                                                                                                                                                                  • Opcode ID: 5fb87a611bca4d73144f19a369d44b682422db7df117ca47698c64429257cf18
                                                                                                                                                                                  • Instruction ID: 11cad8d53e2fa0ff8eab587696645d5dc8e30ac54039d109e4cd40817d1a0481
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fb87a611bca4d73144f19a369d44b682422db7df117ca47698c64429257cf18
                                                                                                                                                                                  • Instruction Fuzzy Hash: B711E432A1CA5691F720BF25F4013B9A361AF447B4FC58231C85C47790EF6CE2868B60
                                                                                                                                                                                  Function 00007FF7C108B390 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C108B7A3,?), ref: 00007FF7C108B4AC
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C108B7A3,?), ref: 00007FF7C108B537
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                  • Opcode ID: a46f1c941d9f676f1e9b9ee0d4017086c39f87b6bbeddcc237c03f2c3d073e5d
                                                                                                                                                                                  • Instruction ID: 6d3d4615a878294db17cb04ed74124c22c076246dbf05734e164d49202598bb0
                                                                                                                                                                                  • Opcode Fuzzy Hash: a46f1c941d9f676f1e9b9ee0d4017086c39f87b6bbeddcc237c03f2c3d073e5d
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC91CF22E0C65685F750EF2594502BDBBA0FB04BA8F954139DE0E66E95DEBCE482C720
                                                                                                                                                                                  Function 00007FF7C0ED3A70 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1678258262-0
                                                                                                                                                                                  • Opcode ID: 35cf6f981fe6dea0949239f0f4838ec27b275adfaa112027fd632b6dd37ce083
                                                                                                                                                                                  • Instruction ID: ebeebc0fd9326e3968183fa36fc1936f289363b8fdcc6811cc8571dc6f59e163
                                                                                                                                                                                  • Opcode Fuzzy Hash: 35cf6f981fe6dea0949239f0f4838ec27b275adfaa112027fd632b6dd37ce083
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4418F12B4E78191EA65BF3294042B9E7A1EB85B74F8C8136CA4D47381DF7DB886C360
                                                                                                                                                                                  Function 00007FF7C0F1B910 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,7FFFFFFFFFFFFFF8,00007FF7C0ED241B), ref: 00007FF7C0F1B939
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B974
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B990
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B9A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: dcf0e8028572862e1bd733bb4442979cc67ab2a37d08acb376053e500a09972b
                                                                                                                                                                                  • Instruction ID: 4ade7c7a202215eaffa98f0568ee6f9c8abd42e019b48b25f6e36fbaacccc953
                                                                                                                                                                                  • Opcode Fuzzy Hash: dcf0e8028572862e1bd733bb4442979cc67ab2a37d08acb376053e500a09972b
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6213E32A19A4A92EB11AF05F944178A3A1BF00BB4FC00631DE6D463A0DFBCA586C790
                                                                                                                                                                                  Function 00007FF7C0EE4C90 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$Current$CodeExitMultipleObjectsWait
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3026435989-0
                                                                                                                                                                                  • Opcode ID: 91ed608a89dbea9f9a13e8fb60de240ecb1e8dfc0b46f94829d1fbf9d7cfe291
                                                                                                                                                                                  • Instruction ID: 1ddf16e86c82f26c54606596e1e0f21cfc3634ba110dbc5d69902a5ff379f1b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 91ed608a89dbea9f9a13e8fb60de240ecb1e8dfc0b46f94829d1fbf9d7cfe291
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC11DBB160990A82F7617F15F854239E3A0AF44BA0FA48434CA6D83790DF7CE485C760
                                                                                                                                                                                  Function 00007FF7C106FA94 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: df166ec9bdf915b1a4cb18e9f5c7c565ee8334193d4342c14a45c8c9e10148fe
                                                                                                                                                                                  • Instruction ID: e8774384ff37042ec9c628cf1773f768cabc39b142734b0633ac3d53a4f685a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: df166ec9bdf915b1a4cb18e9f5c7c565ee8334193d4342c14a45c8c9e10148fe
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE115126B14F058AEB00DF60E8542B873A4F719B68F841D31DA2D42754DF7CD558C390
                                                                                                                                                                                  Function 00007FF7C0ED90B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 28ca430f80ee3751c6f872b22611997e78ef16fb5b0ea4c97d6ba08121f0bdd3
                                                                                                                                                                                  • Instruction ID: e988525175a897715aead9c03e958d3610c98ab0209c510e70e9725fd94dac33
                                                                                                                                                                                  • Opcode Fuzzy Hash: 28ca430f80ee3751c6f872b22611997e78ef16fb5b0ea4c97d6ba08121f0bdd3
                                                                                                                                                                                  • Instruction Fuzzy Hash: AF519131B4974691EA14BF25F850378B351EB94BA0F988931CA1D87BA4DF7DF452C360
                                                                                                                                                                                  Function 00007FF7C109B3B8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: GetLastError.KERNEL32 ref: 00007FF7C1096203
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: FlsGetValue.KERNEL32 ref: 00007FF7C1096218
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: SetLastError.KERNEL32 ref: 00007FF7C10962A3
                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7C1081638), ref: 00007FF7C109B4A4
                                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7C1081638), ref: 00007FF7C109B4DC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$CodePageValidValue
                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                  • API String ID: 1184045147-905460609
                                                                                                                                                                                  • Opcode ID: b667834869973abe9a75217fb2699f0f92a347d48eb77e9fc552f1f1f80fb36d
                                                                                                                                                                                  • Instruction ID: f125b986e207c4c0370e0146be6deed7c266f4b19e50a50383dc64adcb18f3b5
                                                                                                                                                                                  • Opcode Fuzzy Hash: b667834869973abe9a75217fb2699f0f92a347d48eb77e9fc552f1f1f80fb36d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2061A222A1874281FB64FF129520AB9A364AF44BB0F864131DE5C077C6DFBCE9D1C361
                                                                                                                                                                                  Function 00007FF7C108BE50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                  • Opcode ID: b59a8b98753be9fc18698dacda24cb81b4d0f9a1b69ff4c74740e361ec616263
                                                                                                                                                                                  • Instruction ID: b40f649c5b6eebaebd0158f5e6844601c349a8cac0e2ea762a3cdd34fe269480
                                                                                                                                                                                  • Opcode Fuzzy Hash: b59a8b98753be9fc18698dacda24cb81b4d0f9a1b69ff4c74740e361ec616263
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD41B66271CA4186EB20DF25E4543BAB7A1FB94BA4F854031EE4D87B94DFBCD441CB60
                                                                                                                                                                                  Function 00007FF7C0F6E9F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionGlobalMemoryRaiseStatus
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 367200128-2766056989
                                                                                                                                                                                  • Opcode ID: 12061d95fdab03c538e9020c3639f455dbc69da12756165f845991ad265b71e6
                                                                                                                                                                                  • Instruction ID: a2bc65dedfa1b2dacc5341ddd56d173a236ea6480ce31b64b06a5e5fca739da3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 12061d95fdab03c538e9020c3639f455dbc69da12756165f845991ad265b71e6
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3115E62D2C7C282E700AF64E44167AE720FBD9760F644239F6C941E59DFACE684CB90
                                                                                                                                                                                  Function 00007FF7C106C650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Event
                                                                                                                                                                                  • String ID: WaitableEvent::Signal$WorkerThread::WakeUp
                                                                                                                                                                                  • API String ID: 4201588131-1078715686
                                                                                                                                                                                  • Opcode ID: 1f96355f4c94133f67d59e2f386e2e737b87b4b3eac844566d6f882d260a857b
                                                                                                                                                                                  • Instruction ID: 2f20afe7624430f1c50f9d127353fe5498ca68ec520540a31caca7bca6235a58
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f96355f4c94133f67d59e2f386e2e737b87b4b3eac844566d6f882d260a857b
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE215172618B5282EB11AF24F4503B9B3A0FB44B64F826072EA9D07754CFBCE546C720
                                                                                                                                                                                  Function 00007FF7C0EE40E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: QueryPerformanceCounter.KERNEL32 ref: 00007FF7C101CF29
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CF89
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,chrome.dll,?,?,?,00000000,?,?,00007FF7C0EDDD3A), ref: 00007FF7C101CFD9
                                                                                                                                                                                  • GetFileSizeEx.KERNEL32 ref: 00007FF7C0EE4165
                                                                                                                                                                                    • Part of subcall function 00007FF7C101C910: GetLastError.KERNEL32 ref: 00007FF7C101C96F
                                                                                                                                                                                    • Part of subcall function 00007FF7C101C910: SetLastError.KERNEL32 ref: 00007FF7C101C979
                                                                                                                                                                                    • Part of subcall function 00007FF7C101C910: SetLastError.KERNEL32 ref: 00007FF7C101C98D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$ExclusiveLock$AcquireCounterFilePerformanceQueryReleaseSize
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$GetLength
                                                                                                                                                                                  • API String ID: 1511923460-1822068241
                                                                                                                                                                                  • Opcode ID: 7d20dff335bb3ed0df1d23da93880758d6c75023571ae984c38e37753db00413
                                                                                                                                                                                  • Instruction ID: 4e193a702ddf58cadd41a4351bcd87d58d519c91b0ee75c2b4f26f7dc767ea83
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d20dff335bb3ed0df1d23da93880758d6c75023571ae984c38e37753db00413
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF11B13170898681FB61AF29A8157E9A3A0BF84BA8F815031DE8D13B14EE7DE1878750
                                                                                                                                                                                  Function 00007FF7C106FC1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C10AA9F1), ref: 00007FF7C106FC6C
                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C10AA9F1), ref: 00007FF7C106FCAD
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                  • Opcode ID: 5ad9a2e7260239cac5118377ad6587ea1122a789ddd6e2fb2c4436d479ea23c7
                                                                                                                                                                                  • Instruction ID: 3edf77f9982a7563958ba45176fb2f4dfe615825b0722f50d968dc65d7305a6b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ad9a2e7260239cac5118377ad6587ea1122a789ddd6e2fb2c4436d479ea23c7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E118F32628B8582EB219F15F51026AB7E1FB88BA4F994230DF9C07758DF7CD951CB00
                                                                                                                                                                                  Function 00007FF7C0F02B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 924537bb2319845474cdc0a0e0b80c48ad8194703c1006af086ad9a32f41ad74
                                                                                                                                                                                  • Instruction ID: 181fe0ff1523855c4ef6cb04707cb7a79944ef906383c318f9e1ca7b8b6b7bbc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 924537bb2319845474cdc0a0e0b80c48ad8194703c1006af086ad9a32f41ad74
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59011B64A0DA4681EB59BF15B458378A321BF84BA4FD04435CA0E873A0DF7CB4C5C3B0
                                                                                                                                                                                  Function 00007FF7C10B9B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • overflow_error was thrown in -fno-exceptions mode with message "%s", xrefs: 00007FF7C10B9B37
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: overflow_error was thrown in -fno-exceptions mode with message "%s"
                                                                                                                                                                                  • API String ID: 17069307-2656094229
                                                                                                                                                                                  • Opcode ID: 7c351e97509bfc1bd9518450cbded3244fccacf144971ccce5a5482732ffa885
                                                                                                                                                                                  • Instruction ID: 1921401f9dd1d40ee533a429f711e76fd228a9ac697a4375196bf4bf8c08c486
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c351e97509bfc1bd9518450cbded3244fccacf144971ccce5a5482732ffa885
                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F08212E0954A83EB06BF16F9853B8A361AF54FB1FD44031CE0D02760DFAC59CAC360
                                                                                                                                                                                  Function 00007FF7C1056080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000019.00000002.22787604552.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000019.00000002.22787539426.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788197998.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788336309.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788402164.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788453890.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788495132.00007FF7C1195000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788556835.00007FF7C1196000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788636199.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788739580.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788801597.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000019.00000002.22788868513.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_25_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 834d5ba5c077a2fb8cd31b22083489274831732861d826059627d067a57446f1
                                                                                                                                                                                  • Instruction ID: 41ee50e05ae89c6d69579a595d61f1a277e9d6194d2a87b27ac5e7119d83753a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 834d5ba5c077a2fb8cd31b22083489274831732861d826059627d067a57446f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5013624E0DA1782FB25BF55A46427693616F44F70FC19435D81E433A0DEADE886C365

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:2.3%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:696
                                                                                                                                                                                  Total number of Limit Nodes:41
                                                                                                                                                                                  execution_graph 30931 7ff7c0ee4216 30932 7ff7c0ee4237 30931->30932 30933 7ff7c0ee4241 GetCurrentThread SetThreadDescription 30932->30933 30934 7ff7c0ee4265 IsDebuggerPresent 30933->30934 30935 7ff7c0ee425c 30933->30935 30936 7ff7c0ee4273 30934->30936 30935->30934 31810 7ff7c10b9b30 186 API calls 31747 7ff7c0eda210 196 API calls 31748 7ff7c0ee4a10 204 API calls 31749 7ff7c0edbe10 145 API calls 31750 7ff7c0ed9010 25 API calls 31751 7ff7c0ed7a10 227 API calls 31814 7ff7c0ed3510 111 API calls 31815 7ff7c0ed6910 206 API calls 31753 7ff7c102cc30 19 API calls 31755 7ff7c0ed6965 204 API calls 31817 7ff7c0ee4273 GetCurrentThreadId RaiseException 31756 7ff7c10ac420 6 API calls 31758 7ff7c0ee4c00 231 API calls 31818 7ff7c0eda700 185 API calls 31824 7ff7c103df20 205 API calls 31825 7ff7c0ee70fd 9 API calls 31694 7ff7c1080820 31695 7ff7c108095c 31694->31695 31696 7ff7c10809cb 31695->31696 31697 7ff7c1080981 GetModuleHandleW 31695->31697 31705 7ff7c1080af0 31696->31705 31697->31696 31703 7ff7c108098e 31697->31703 31700 7ff7c1080a0e 31703->31696 31719 7ff7c1080894 GetModuleHandleExW 31703->31719 31725 7ff7c1097698 EnterCriticalSection 31705->31725 31707 7ff7c1080b0c 31708 7ff7c1080a24 EnterCriticalSection LeaveCriticalSection 31707->31708 31709 7ff7c1080b15 31708->31709 31710 7ff7c10976b4 LeaveCriticalSection 31709->31710 31711 7ff7c1080a07 31710->31711 31711->31700 31712 7ff7c1080928 31711->31712 31726 7ff7c1080904 31712->31726 31714 7ff7c1080935 31715 7ff7c108094a 31714->31715 31716 7ff7c1080939 GetCurrentProcess TerminateProcess 31714->31716 31717 7ff7c1080894 3 API calls 31715->31717 31716->31715 31718 7ff7c1080951 ExitProcess 31717->31718 31720 7ff7c10808c8 GetProcAddress 31719->31720 31721 7ff7c10808f1 31719->31721 31722 7ff7c10808da 31720->31722 31723 7ff7c10808fd 31721->31723 31724 7ff7c10808f6 FreeLibrary 31721->31724 31722->31721 31723->31696 31724->31723 31729 7ff7c1099d40 31726->31729 31728 7ff7c108090d 31728->31714 31730 7ff7c1099d51 31729->31730 31731 7ff7c1099d5f 31730->31731 31733 7ff7c1097154 31730->31733 31731->31728 31736 7ff7c1097390 31733->31736 31737 7ff7c10973e8 31736->31737 31738 7ff7c109717c 31736->31738 31737->31738 31739 7ff7c109741d LoadLibraryExW 31737->31739 31740 7ff7c1097512 GetProcAddress 31737->31740 31745 7ff7c109747c LoadLibraryExW 31737->31745 31738->31731 31741 7ff7c10974f2 31739->31741 31742 7ff7c1097442 GetLastError 31739->31742 31740->31738 31744 7ff7c1097523 31740->31744 31741->31740 31743 7ff7c1097509 FreeLibrary 31741->31743 31742->31737 31743->31740 31744->31738 31745->31737 31745->31741 31760 7ff7c0edaff0 16 API calls 31829 7ff7c0ed30ee 183 API calls 31762 7ff7c0ed4fe8 192 API calls 31830 7ff7c106c550 102 API calls 31831 7ff7c0ede6e6 202 API calls 31832 7ff7c0ed54df 208 API calls 31396 7ff7c0fdb550 31399 7ff7c0fdb590 31396->31399 31400 7ff7c0fdb5ed 31399->31400 31401 7ff7c0fdb56b 31399->31401 31402 7ff7c106ce70 3 API calls 31400->31402 31403 7ff7c0fdb5f9 31402->31403 31403->31401 31404 7ff7c0fdb623 31403->31404 31405 7ff7c106ce70 3 API calls 31403->31405 31409 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31404->31409 31407 7ff7c0fdb65a 31405->31407 31407->31404 31410 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31407->31410 31834 7ff7c0ed5ce0 201 API calls 31835 7ff7c0ee34de 185 API calls 31594 7ff7c0edc1d8 31595 7ff7c0edc1e5 31594->31595 31632 7ff7c102b830 31595->31632 31597 7ff7c0edc250 SetCurrentDirectoryW 31599 7ff7c0edc275 31597->31599 31600 7ff7c0edc3d3 31599->31600 31601 7ff7c0edc28b 31599->31601 31602 7ff7c0edc3fc QueryPerformanceCounter 31600->31602 31610 7ff7c0edc418 31600->31610 31603 7ff7c0edc2a2 LoadLibraryExW 31601->31603 31604 7ff7c0edc5c1 31601->31604 31602->31610 31609 7ff7c0edc2ce 31603->31609 31623 7ff7c0edc4ce 31603->31623 31664 7ff7c106a660 9 API calls 31604->31664 31608 7ff7c0edc5d1 31613 7ff7c0edc830 273 API calls 31608->31613 31614 7ff7c0edc2eb GetProcAddress 31609->31614 31615 7ff7c0edc2d7 SetProcessShutdownParameters 31609->31615 31611 7ff7c0edc450 QueryPerformanceCounter 31610->31611 31612 7ff7c0edc49c 31610->31612 31644 7ff7c0edc830 31610->31644 31611->31610 31616 7ff7c0edc62c 31611->31616 31659 7ff7c0ed4e70 191 API calls 31612->31659 31617 7ff7c0edc5ed 31613->31617 31620 7ff7c0edc314 31614->31620 31615->31614 31665 7ff7c106a660 9 API calls 31617->31665 31619 7ff7c0edc56c GetLastError 31661 7ff7c10d5ad0 201 API calls 31619->31661 31620->31612 31622 7ff7c0edc349 31620->31622 31624 7ff7c0edc367 31622->31624 31625 7ff7c0edc4c4 31622->31625 31623->31619 31662 7ff7c1053370 197 API calls 31623->31662 31663 7ff7c0f35b40 197 API calls 31623->31663 31631 7ff7c0edc380 31624->31631 31658 7ff7c106f290 8 API calls 31624->31658 31660 7ff7c0ed4e70 191 API calls 31625->31660 31633 7ff7c102b87c 31632->31633 31634 7ff7c102b86f 31632->31634 31636 7ff7c102bd5b 31633->31636 31637 7ff7c102b8ab 31633->31637 31643 7ff7c102b8b4 31633->31643 31634->31633 31635 7ff7c102bd94 31634->31635 31667 7ff7c10ac2a0 183 API calls 31635->31667 31666 7ff7c10ac2e0 183 API calls 31636->31666 31640 7ff7c106ca88 4 API calls 31637->31640 31640->31643 31641 7ff7c102bb2d 31641->31597 31641->31641 31642 7ff7c1044530 183 API calls 31642->31643 31643->31641 31643->31642 31645 7ff7c0edc857 31644->31645 31649 7ff7c0edc8cb 31644->31649 31668 7ff7c0edc960 31645->31668 31648 7ff7c0edc8e4 31648->31610 31649->31648 31689 7ff7c106f290 8 API calls 31649->31689 31650 7ff7c0edc8f1 GetCurrentProcess PrefetchVirtualMemory 31651 7ff7c0edc8a1 31650->31651 31687 7ff7c0ee1c00 62 API calls 31651->31687 31654 7ff7c0edc8c1 31688 7ff7c1039010 231 API calls 31654->31688 31656 7ff7c0edc8b0 31656->31654 31690 7ff7c1056080 23 API calls 31656->31690 31658->31631 31659->31625 31660->31623 31661->31623 31662->31623 31663->31623 31664->31608 31665->31612 31669 7ff7c0edc983 31668->31669 31670 7ff7c0edc9e6 31668->31670 31673 7ff7c0edca3b 31669->31673 31674 7ff7c1022e70 198 API calls 31669->31674 31671 7ff7c0edc89d 31670->31671 31692 7ff7c106f290 8 API calls 31670->31692 31671->31650 31671->31651 31676 7ff7c0edca55 SetLastError 31673->31676 31675 7ff7c0edc9a2 31674->31675 31675->31676 31678 7ff7c0edc9aa 31675->31678 31677 7ff7c0edc9da 31676->31677 31677->31670 31680 7ff7c0ee3c70 69 API calls 31677->31680 31679 7ff7c0eddcc0 249 API calls 31678->31679 31681 7ff7c0edc9d2 31679->31681 31682 7ff7c0edca1f 31680->31682 31691 7ff7c1022cf0 191 API calls 31681->31691 31682->31670 31684 7ff7c0edca25 31682->31684 31693 7ff7c0ee1c00 62 API calls 31684->31693 31686 7ff7c0edca2d 31686->31670 31687->31656 31688->31649 31689->31648 31691->31677 31692->31671 31693->31686 31766 7ff7c0edb1d0 197 API calls 31836 7ff7c0ed9cd0 12 API calls 31837 7ff7c0ee1cd0 190 API calls 31768 7ff7c0eda9d2 8 API calls 31839 7ff7c1014370 198 API calls 31360 7ff7c109636c GetLastError 31361 7ff7c10963ad FlsSetValue 31360->31361 31365 7ff7c1096390 31360->31365 31362 7ff7c10963bf 31361->31362 31366 7ff7c109639d 31361->31366 31364 7ff7c0f6eba0 55 API calls 31362->31364 31363 7ff7c1096419 SetLastError 31367 7ff7c10963ce 31364->31367 31365->31361 31365->31366 31366->31363 31368 7ff7c10963ec FlsSetValue 31367->31368 31369 7ff7c10963dc FlsSetValue 31367->31369 31370 7ff7c10963f8 FlsSetValue 31368->31370 31371 7ff7c109640a 31368->31371 31369->31366 31370->31366 31373 7ff7c1096588 EnterCriticalSection LeaveCriticalSection 31371->31373 31373->31366 31841 7ff7c0ed24c3 186 API calls 31771 7ff7c10d3c60 207 API calls 31774 7ff7c0ee25b7 ReleaseSRWLockExclusive 31845 7ff7c0ed90b0 147 API calls 31776 7ff7c0ed63b0 186 API calls 30937 7ff7c106d988 30942 7ff7c10961f4 GetLastError 30937->30942 30943 7ff7c1096235 FlsSetValue 30942->30943 30944 7ff7c1096218 FlsGetValue 30942->30944 30946 7ff7c1096247 30943->30946 30958 7ff7c1096225 30943->30958 30945 7ff7c109622f 30944->30945 30944->30958 30945->30943 30964 7ff7c0f6eba0 30946->30964 30947 7ff7c10962a1 SetLastError 30949 7ff7c10962c1 30947->30949 30950 7ff7c106d991 30947->30950 30970 7ff7c108795c 101 API calls 30949->30970 30960 7ff7c1096878 30950->30960 30953 7ff7c1096274 FlsSetValue 30955 7ff7c1096280 FlsSetValue 30953->30955 30956 7ff7c1096292 30953->30956 30954 7ff7c1096264 FlsSetValue 30954->30958 30955->30958 30969 7ff7c1096588 EnterCriticalSection LeaveCriticalSection 30956->30969 30957 7ff7c10962c6 30958->30947 30961 7ff7c109688d 30960->30961 30963 7ff7c106d9aa 30960->30963 30961->30963 31009 7ff7c109b2e0 30961->31009 30965 7ff7c0f6ebb3 30964->30965 30966 7ff7c0f6ebe1 30965->30966 30971 7ff7c0ed94a0 30965->30971 30993 7ff7c106caec 30965->30993 30966->30953 30966->30954 30969->30958 30970->30957 30983 7ff7c0ed95f9 30971->30983 30989 7ff7c0ed94ca 30971->30989 30972 7ff7c0ed9948 30973 7ff7c0ed9a12 ReleaseSRWLockExclusive 30972->30973 30977 7ff7c0ed9854 30972->30977 30987 7ff7c0ed9a2f 30972->30987 30973->30977 30974 7ff7c0ed9814 TryAcquireSRWLockExclusive 30975 7ff7c0ed983f 30974->30975 30976 7ff7c0ed9837 30974->30976 30975->30977 30998 7ff7c0f914c0 30975->30998 31006 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30976->31006 30981 7ff7c0ed98ca ReleaseSRWLockExclusive 30977->30981 30977->30987 30981->30983 30982 7ff7c0ed969a 30982->30965 30983->30982 31002 7ff7c106f290 8 API calls 30983->31002 30984 7ff7c0ed970c TryAcquireSRWLockExclusive 30984->30989 30988 7ff7c0ed9996 30991 7ff7c0f914c0 8 API calls 30988->30991 30989->30972 30989->30974 30989->30983 30989->30984 30989->30987 30989->30988 30992 7ff7c0ed97a3 ReleaseSRWLockExclusive 30989->30992 31003 7ff7c0f75870 12 API calls 30989->31003 31004 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 30989->31004 31005 7ff7c0f745e0 61 API calls 30989->31005 30991->30972 30992->30989 31008 7ff7c1097698 EnterCriticalSection 30993->31008 30995 7ff7c106caf9 30996 7ff7c10976b4 LeaveCriticalSection 30995->30996 30997 7ff7c106cb1a 30996->30997 30997->30965 30999 7ff7c0f916ca 30998->30999 31001 7ff7c0f9177e 30999->31001 31007 7ff7c106f290 8 API calls 30999->31007 31001->30972 31002->30982 31003->30989 31004->30989 31005->30989 31006->30975 31007->31001 31010 7ff7c10961f4 101 API calls 31009->31010 31011 7ff7c109b2ef 31010->31011 31012 7ff7c109b33a 31011->31012 31019 7ff7c1097698 EnterCriticalSection 31011->31019 31012->30963 31014 7ff7c109b318 31015 7ff7c10976b4 LeaveCriticalSection 31014->31015 31016 7ff7c109b335 31015->31016 31016->31012 31017 7ff7c108795c 101 API calls 31016->31017 31018 7ff7c109b34d 31017->31018 31777 7ff7c1088a8c 102 API calls 31779 7ff7c0edadaa 198 API calls 31780 7ff7c0edada4 197 API calls 31782 7ff7c10d3880 197 API calls 31783 7ff7c0f0ca90 187 API calls 31849 7ff7c107ad84 103 API calls 31784 7ff7c106fa80 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31785 7ff7c0edd390 312 API calls 31850 7ff7c0ed3c90 191 API calls 31787 7ff7c0ee1980 190 API calls 31788 7ff7c0eded80 192 API calls 31853 7ff7c0edca80 186 API calls 31854 7ff7c0edaa80 201 API calls 31855 7ff7c0ee5680 31 API calls 31411 7ff7c0ed1b80 31417 7ff7c0ed1b84 31411->31417 31412 7ff7c0ed1d6a TryAcquireSRWLockExclusive 31413 7ff7c0ed1d82 31412->31413 31414 7ff7c0ed1d8a 31412->31414 31463 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31413->31463 31416 7ff7c0ed1ebf 31414->31416 31423 7ff7c0ed1ddf 31414->31423 31466 7ff7c106cacc 61 API calls 31416->31466 31417->31412 31418 7ff7c0ed1d47 31417->31418 31419 7ff7c0ed1e32 31417->31419 31420 7ff7c0ed1d2b 31417->31420 31421 7ff7c0ed1c78 31417->31421 31433 7ff7c0ed1d1e 31417->31433 31418->31412 31418->31416 31465 7ff7c0f75b20 61 API calls 31419->31465 31421->31419 31421->31433 31426 7ff7c0ed1e08 ReleaseSRWLockExclusive 31423->31426 31448 7ff7c0f75e70 31423->31448 31424 7ff7c0ed1efb 31467 7ff7c106cacc 61 API calls 31424->31467 31426->31433 31431 7ff7c0ed1e2d 31432 7ff7c0ed1f02 GetLastError SetLastError 31434 7ff7c0ed1f39 31432->31434 31433->31420 31464 7ff7c0f75c40 61 API calls 31433->31464 31468 7ff7c0ed2590 190 API calls 31434->31468 31436 7ff7c0ed2048 31469 7ff7c0ed8e90 190 API calls 31436->31469 31438 7ff7c0ed227b 31441 7ff7c0ed2294 31438->31441 31442 7ff7c0ed23b6 31438->31442 31439 7ff7c0ed2050 31439->31438 31471 7ff7c106cb24 127 API calls 31439->31471 31444 7ff7c0ed22a5 SetLastError 31441->31444 31472 7ff7c10d56d0 11 API calls 31442->31472 31470 7ff7c106cacc 61 API calls 31444->31470 31445 7ff7c0ed23c6 31445->31445 31447 7ff7c0ed22b7 31449 7ff7c0f75e98 31448->31449 31450 7ff7c0f761fb 31449->31450 31451 7ff7c0f76137 ReleaseSRWLockExclusive 31449->31451 31459 7ff7c0f75ef2 31449->31459 31462 7ff7c0f75fa3 31449->31462 31455 7ff7c0f761cd 31451->31455 31454 7ff7c0ed1eba 31454->31426 31474 7ff7c0f76310 61 API calls 31455->31474 31457 7ff7c0f761e4 31475 7ff7c0f763d0 TryAcquireSRWLockExclusive 31457->31475 31460 7ff7c0f76084 VirtualFree 31459->31460 31459->31462 31461 7ff7c0f76100 GetLastError 31460->31461 31460->31462 31461->31450 31461->31462 31462->31454 31473 7ff7c106f290 8 API calls 31462->31473 31463->31414 31464->31431 31465->31420 31466->31424 31467->31432 31468->31436 31469->31439 31470->31447 31471->31439 31472->31445 31473->31454 31474->31457 31475->31462 31856 7ff7c0ed2680 103 API calls 31858 7ff7c100bda0 204 API calls 31789 7ff7c0edff77 10 API calls 31859 7ff7c0edbe70 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 31860 7ff7c0ee8070 213 API calls 31020 7ff7c0ee8e70 31072 7ff7c0edc660 31020->31072 31026 7ff7c0ee93c7 31036 7ff7c0ee935d 31026->31036 31039 7ff7c0ee9366 31026->31039 31052 7ff7c0ee8f3c 31026->31052 31134 7ff7c10391e0 25 API calls 31026->31134 31135 7ff7c0ee3b80 254 API calls 31026->31135 31027 7ff7c0ee8f04 31030 7ff7c0ee8f1d 31027->31030 31084 7ff7c106f290 8 API calls 31027->31084 31032 7ff7c0ee9348 31131 7ff7c1039010 231 API calls 31032->31131 31035 7ff7c0ee8fb1 31035->31032 31096 7ff7c0ee9510 228 API calls 31035->31096 31036->31039 31061 7ff7c0ee8ef5 31036->31061 31037 7ff7c0ee9355 31132 7ff7c0efbbe0 230 API calls 31037->31132 31039->31036 31133 7ff7c0ee1bc0 64 API calls 31039->31133 31042 7ff7c0ee9026 31097 7ff7c0ee3c70 31042->31097 31043 7ff7c106ca88 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 31043->31052 31046 7ff7c0ee9044 31123 7ff7c1039010 231 API calls 31046->31123 31047 7ff7c0ee9340 31130 7ff7c0ee1c00 62 API calls 31047->31130 31051 7ff7c0ee9051 31051->31037 31051->31052 31052->31026 31052->31043 31053 7ff7c0ee91a6 TryAcquireSRWLockExclusive 31052->31053 31054 7ff7c0ee937b 31052->31054 31058 7ff7c0ee92f1 31052->31058 31124 7ff7c0ee9690 245 API calls 31052->31124 31055 7ff7c0ee93b9 AcquireSRWLockExclusive 31053->31055 31056 7ff7c0ee91b7 31053->31056 31055->31026 31056->31054 31057 7ff7c0ee91c7 ReleaseSRWLockExclusive 31056->31057 31059 7ff7c0ee91dd 31057->31059 31070 7ff7c0ee922e 31057->31070 31058->31061 31128 7ff7c0edbbb0 183 API calls 31058->31128 31059->31070 31125 7ff7c0ee9440 201 API calls 31059->31125 31083 7ff7c1039010 231 API calls 31061->31083 31063 7ff7c0ee9327 31129 7ff7c0edbcb0 183 API calls 31063->31129 31064 7ff7c0ee91ef 31064->31070 31126 7ff7c0ee9440 201 API calls 31064->31126 31068 7ff7c0ee9201 31068->31070 31127 7ff7c0ee9440 201 API calls 31068->31127 31070->31054 31070->31058 31070->31061 31070->31063 31071 7ff7c0ee92c2 31070->31071 31071->31070 31136 7ff7c1022e70 31072->31136 31075 7ff7c0edc6de SetLastError 31077 7ff7c0edc6bd 31075->31077 31076 7ff7c0edc68d 31142 7ff7c0eddcc0 31076->31142 31079 7ff7c0edc6d3 31077->31079 31165 7ff7c106f290 8 API calls 31077->31165 31079->31061 31085 7ff7c106ca88 31079->31085 31083->31027 31084->31030 31088 7ff7c106ca93 31085->31088 31087 7ff7c0ee8f53 31087->31026 31095 7ff7c10391e0 25 API calls 31087->31095 31088->31087 31090 7ff7c106cab2 31088->31090 31253 7ff7c1080b28 31088->31253 31256 7ff7c0f6ead0 31088->31256 31093 7ff7c106cabd 31090->31093 31260 7ff7c106eb98 RtlPcToFileHeader RaiseException 31090->31260 31261 7ff7c106ebb8 RtlPcToFileHeader RaiseException 31093->31261 31094 7ff7c106cac3 31095->31035 31096->31042 31098 7ff7c0ee3ce5 31097->31098 31262 7ff7c0fd8c50 31098->31262 31100 7ff7c0ee3cf2 31101 7ff7c0ee4047 31100->31101 31103 7ff7c0ee3ded 31100->31103 31104 7ff7c0ee3d28 CreateFileMappingW 31100->31104 31122 7ff7c0ee3e4a 31100->31122 31309 7ff7c10d3060 8 API calls 31101->31309 31108 7ff7c0ee3e10 31103->31108 31307 7ff7c106f290 8 API calls 31103->31307 31105 7ff7c0ee3d54 GetLastError 31104->31105 31106 7ff7c0ee3d90 31104->31106 31109 7ff7c0ee4003 31105->31109 31110 7ff7c0ee3d6e 31105->31110 31107 7ff7c0ee3de0 31106->31107 31111 7ff7c0ee3dad 31106->31111 31106->31122 31107->31103 31108->31046 31108->31047 31308 7ff7c1056080 23 API calls 31109->31308 31113 7ff7c0ee3d83 SetLastError 31110->31113 31306 7ff7c0ee40e0 55 API calls 31111->31306 31113->31106 31115 7ff7c0ee4071 31310 7ff7c10d3060 8 API calls 31115->31310 31117 7ff7c0ee3db5 31117->31103 31120 7ff7c0ee3dbc MapViewOfFile 31117->31120 31120->31107 31121 7ff7c0ee40d3 31121->31121 31122->31103 31122->31109 31122->31115 31123->31051 31124->31052 31125->31064 31126->31068 31127->31070 31128->31061 31129->31061 31130->31032 31131->31037 31132->31036 31134->31026 31135->31026 31137 7ff7c1022e93 31136->31137 31141 7ff7c1022ed1 31137->31141 31167 7ff7c0ee0740 198 API calls 31137->31167 31138 7ff7c0edc689 31138->31075 31138->31076 31141->31138 31166 7ff7c106f290 8 API calls 31141->31166 31143 7ff7c0eddd2c 31142->31143 31168 7ff7c101ce00 31143->31168 31145 7ff7c0edde25 CreateFileW 31148 7ff7c0edde7f 31145->31148 31149 7ff7c0edde48 GetLastError 31145->31149 31146 7ff7c0eddd3a 31146->31145 31147 7ff7c0eddf8c 31146->31147 31156 7ff7c0eddf10 31146->31156 31206 7ff7c0f0d980 31147->31206 31150 7ff7c0eddee1 GetLastError 31148->31150 31151 7ff7c0edde88 31148->31151 31149->31156 31157 7ff7c0edde60 31149->31157 31161 7ff7c0eddeab 31150->31161 31153 7ff7c0eddef3 GetLastError 31151->31153 31154 7ff7c0edde9c 31151->31154 31152 7ff7c0edde74 SetLastError 31152->31148 31153->31154 31154->31161 31205 7ff7c0ede0b0 237 API calls 31154->31205 31156->31147 31156->31157 31158 7ff7c0eddf5a GetModuleHandleW GetProcAddress 31156->31158 31157->31152 31158->31147 31159 7ff7c0eddf77 31158->31159 31159->31147 31162 7ff7c0edc6b5 31161->31162 31204 7ff7c106f290 8 API calls 31161->31204 31164 7ff7c1022cf0 191 API calls 31162->31164 31164->31077 31165->31079 31166->31138 31167->31141 31170 7ff7c101ce5f 31168->31170 31172 7ff7c101d046 31168->31172 31169 7ff7c101d093 31182 7ff7c101d0b8 31169->31182 31238 7ff7c106ce70 AcquireSRWLockExclusive 31169->31238 31170->31169 31171 7ff7c101ceed 31170->31171 31175 7ff7c101cfe8 31170->31175 31180 7ff7c101d145 31170->31180 31203 7ff7c101d3ff 31170->31203 31171->31175 31176 7ff7c101cf1b QueryPerformanceCounter 31171->31176 31193 7ff7c101cf47 31171->31193 31171->31203 31172->31146 31175->31172 31235 7ff7c106f290 8 API calls 31175->31235 31236 7ff7c0fd9350 32 API calls 31175->31236 31245 7ff7c10d3060 8 API calls 31175->31245 31246 7ff7c10e9e00 11 API calls 31175->31246 31176->31193 31180->31175 31237 7ff7c0edba30 6 API calls 31180->31237 31182->31175 31187 7ff7c106ca88 4 API calls 31182->31187 31195 7ff7c101d508 31182->31195 31186 7ff7c101cf82 TryAcquireSRWLockExclusive 31189 7ff7c101d1f7 AcquireSRWLockExclusive 31186->31189 31186->31193 31199 7ff7c101d2bf 31187->31199 31188 7ff7c106ce70 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 31188->31193 31189->31169 31190 7ff7c101cfca 31192 7ff7c101cfd2 ReleaseSRWLockExclusive 31190->31192 31191 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31191->31193 31192->31175 31193->31182 31193->31186 31193->31188 31193->31190 31193->31191 31193->31192 31194 7ff7c101d397 ReleaseSRWLockExclusive 31194->31195 31197 7ff7c101d3dd 31194->31197 31195->31146 31196 7ff7c101d352 31196->31194 31196->31195 31243 7ff7c0edba30 6 API calls 31196->31243 31200 7ff7c106ca88 4 API calls 31197->31200 31199->31195 31199->31196 31247 7ff7c0edba30 6 API calls 31199->31247 31200->31203 31201 7ff7c101d38f 31201->31194 31244 7ff7c10de060 18 API calls 31203->31244 31204->31162 31205->31161 31207 7ff7c0f0d9f9 31206->31207 31208 7ff7c0f0d9c0 31206->31208 31210 7ff7c0f0db1d 31207->31210 31212 7ff7c0f0da26 TryAcquireSRWLockExclusive 31207->31212 31209 7ff7c106ce70 3 API calls 31208->31209 31211 7ff7c0f0d9cc 31209->31211 31210->31157 31211->31207 31214 7ff7c106ca88 4 API calls 31211->31214 31212->31210 31213 7ff7c0f0da37 31212->31213 31215 7ff7c0f0da4d ReleaseSRWLockExclusive 31213->31215 31218 7ff7c0f0da86 31213->31218 31219 7ff7c0f0da46 31213->31219 31217 7ff7c0f0d9df 31214->31217 31216 7ff7c0f0db7e 31215->31216 31222 7ff7c0f0da63 31215->31222 31252 7ff7c106f290 8 API calls 31216->31252 31248 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31217->31248 31223 7ff7c106ca88 4 API calls 31218->31223 31219->31215 31221 7ff7c0f0da79 31221->31157 31222->31221 31249 7ff7c106f290 8 API calls 31222->31249 31227 7ff7c0f0da90 31223->31227 31225 7ff7c0f0db8b 31250 7ff7c0eff370 RtlCaptureStackBackTrace 31227->31250 31229 7ff7c0f0dab6 31229->31210 31230 7ff7c106ce70 3 API calls 31229->31230 31231 7ff7c0f0daf0 31230->31231 31231->31210 31232 7ff7c106ca88 4 API calls 31231->31232 31233 7ff7c0f0db03 31232->31233 31251 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31233->31251 31235->31175 31236->31175 31237->31175 31239 7ff7c106ce86 31238->31239 31240 7ff7c106ce8b ReleaseSRWLockExclusive 31239->31240 31242 7ff7c106ce90 SleepConditionVariableSRW 31239->31242 31242->31239 31243->31201 31244->31175 31245->31175 31246->31175 31247->31196 31249->31221 31250->31229 31252->31225 31254 7ff7c106caec 2 API calls 31253->31254 31255 7ff7c1080b3a 31254->31255 31255->31088 31257 7ff7c0f6eadf 31256->31257 31258 7ff7c0f6eb0c 31257->31258 31259 7ff7c106caec 2 API calls 31257->31259 31258->31088 31259->31257 31261->31094 31265 7ff7c0fd8cae 31262->31265 31272 7ff7c0fd8da4 31262->31272 31263 7ff7c0fd8ee2 31264 7ff7c106ce70 3 API calls 31263->31264 31295 7ff7c0fd8e19 31263->31295 31279 7ff7c0fd9056 31264->31279 31265->31263 31270 7ff7c0fd8d78 QueryPerformanceCounter 31265->31270 31265->31272 31284 7ff7c0fd8e45 31265->31284 31305 7ff7c0fd9221 31265->31305 31267 7ff7c0fd8ea5 31267->31100 31270->31272 31271 7ff7c0fd8ddf TryAcquireSRWLockExclusive 31276 7ff7c0fd8df4 31271->31276 31277 7ff7c0fd9038 AcquireSRWLockExclusive 31271->31277 31272->31271 31278 7ff7c106ce70 3 API calls 31272->31278 31273 7ff7c0fd8f3e 31281 7ff7c0fd90c8 31273->31281 31282 7ff7c0fd8e27 31273->31282 31275 7ff7c106ce70 3 API calls 31283 7ff7c0fd909f 31275->31283 31288 7ff7c106ce70 3 API calls 31276->31288 31276->31295 31277->31263 31285 7ff7c0fd8fda 31278->31285 31279->31295 31316 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31279->31316 31287 7ff7c106ca88 4 API calls 31281->31287 31298 7ff7c0fd92fe 31281->31298 31282->31284 31289 7ff7c0fd8e2f ReleaseSRWLockExclusive 31282->31289 31283->31273 31317 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31283->31317 31284->31267 31311 7ff7c106f290 8 API calls 31284->31311 31312 7ff7c0fd9350 32 API calls 31284->31312 31313 7ff7c0edba30 6 API calls 31284->31313 31320 7ff7c10e9e00 11 API calls 31284->31320 31285->31271 31314 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31285->31314 31297 7ff7c0fd90f4 31287->31297 31290 7ff7c0fd900f 31288->31290 31289->31284 31290->31295 31315 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31290->31315 31295->31273 31295->31275 31295->31282 31295->31284 31296 7ff7c0fd91c5 ReleaseSRWLockExclusive 31296->31298 31300 7ff7c0fd9200 31296->31300 31297->31298 31299 7ff7c0fd9181 31297->31299 31321 7ff7c0edba30 6 API calls 31297->31321 31298->31100 31299->31296 31299->31298 31318 7ff7c0edba30 6 API calls 31299->31318 31302 7ff7c106ca88 4 API calls 31300->31302 31302->31305 31304 7ff7c0fd91bd 31304->31296 31319 7ff7c10de060 18 API calls 31305->31319 31306->31117 31307->31108 31309->31115 31310->31121 31311->31284 31312->31284 31313->31284 31318->31304 31319->31284 31320->31284 31321->31299 31374 7ff7c0ee3e67 31375 7ff7c0ee3e9f 31374->31375 31376 7ff7c0fd8c50 54 API calls 31375->31376 31377 7ff7c0ee3eac 31376->31377 31378 7ff7c0ee40a6 31377->31378 31379 7ff7c0ee3ee7 CreateFileMappingW 31377->31379 31390 7ff7c0ee3ded 31377->31390 31395 7ff7c10d3060 8 API calls 31378->31395 31382 7ff7c0ee3f12 GetLastError 31379->31382 31383 7ff7c0ee3f4d 31379->31383 31381 7ff7c0ee40d3 31381->31381 31385 7ff7c0ee402c 31382->31385 31386 7ff7c0ee3f2e 31382->31386 31384 7ff7c0ee3f5b MapViewOfFile 31383->31384 31383->31390 31384->31390 31394 7ff7c1056080 23 API calls 31385->31394 31387 7ff7c0ee3f41 SetLastError 31386->31387 31387->31383 31392 7ff7c0ee3e10 31390->31392 31393 7ff7c106f290 8 API calls 31390->31393 31393->31392 31395->31381 31476 7ff7c0ed3660 31477 7ff7c0ed3678 31476->31477 31478 7ff7c0f7a416 31477->31478 31480 7ff7c0f7a189 TryAcquireSRWLockExclusive 31477->31480 31504 7ff7c0f7a42f 31477->31504 31534 7ff7c0f746f0 63 API calls 31478->31534 31484 7ff7c0f7a1d7 31480->31484 31485 7ff7c0f7a1df 31480->31485 31481 7ff7c0f7acdc ReleaseSRWLockExclusive 31481->31504 31482 7ff7c0f7aa6c TryAcquireSRWLockExclusive 31482->31504 31530 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31484->31530 31485->31478 31487 7ff7c0f7abca 31485->31487 31491 7ff7c0f7a1fe 31485->31491 31488 7ff7c0f7abd0 ReleaseSRWLockExclusive 31487->31488 31542 7ff7c0f93690 19 API calls 31488->31542 31489 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31489->31504 31490 7ff7c0f7a401 31496 7ff7c0f7a5de 31491->31496 31497 7ff7c0f7a214 ReleaseSRWLockExclusive 31491->31497 31493 7ff7c0f914c0 8 API calls 31493->31504 31520 7ff7c0f74130 31496->31520 31531 7ff7c0f743f0 61 API calls 31497->31531 31500 7ff7c0f7a94d TryAcquireSRWLockExclusive 31500->31504 31503 7ff7c0f7ab19 ReleaseSRWLockExclusive 31503->31504 31504->31481 31504->31482 31504->31487 31504->31488 31504->31489 31504->31493 31504->31500 31504->31503 31506 7ff7c0f7a5cb 31504->31506 31508 7ff7c0f7a9ee ReleaseSRWLockExclusive 31504->31508 31511 7ff7c0f7a828 ReleaseSRWLockExclusive 31504->31511 31519 7ff7c0f7a3e8 31504->31519 31539 7ff7c0f93690 19 API calls 31504->31539 31540 7ff7c0f75870 12 API calls 31504->31540 31541 7ff7c0f745e0 61 API calls 31504->31541 31505 7ff7c0f7a774 TryAcquireSRWLockExclusive 31505->31504 31507 7ff7c0f7a798 31505->31507 31538 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31507->31538 31508->31504 31511->31504 31512 7ff7c0f7a651 TryAcquireSRWLockExclusive 31513 7ff7c0f7a22e 31512->31513 31513->31504 31513->31505 31513->31506 31513->31512 31516 7ff7c0f7a3bd 31513->31516 31517 7ff7c0f7a6f8 ReleaseSRWLockExclusive 31513->31517 31513->31519 31535 7ff7c0f75870 12 API calls 31513->31535 31536 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31513->31536 31537 7ff7c0f745e0 61 API calls 31513->31537 31532 7ff7c0f746f0 63 API calls 31516->31532 31517->31513 31519->31490 31533 7ff7c106f290 8 API calls 31519->31533 31521 7ff7c0f7419d ReleaseSRWLockExclusive 31520->31521 31522 7ff7c0f7416b 31520->31522 31521->31513 31521->31519 31522->31521 31523 7ff7c0f74204 VirtualFree 31522->31523 31526 7ff7c0f74236 31522->31526 31528 7ff7c0f74311 31522->31528 31524 7ff7c0f74228 GetLastError 31523->31524 31523->31526 31525 7ff7c0f743e1 31524->31525 31524->31526 31526->31521 31574 7ff7c0f745e0 61 API calls 31526->31574 31528->31521 31528->31526 31543 7ff7c0f76450 31528->31543 31530->31485 31531->31513 31532->31519 31533->31490 31534->31519 31535->31513 31536->31513 31537->31513 31538->31504 31539->31504 31540->31504 31541->31504 31542->31506 31545 7ff7c0f7645f 31543->31545 31544 7ff7c0f76534 31575 7ff7c0f767a0 31544->31575 31545->31544 31588 7ff7c0f93750 63 API calls 31545->31588 31548 7ff7c0f7654f 31549 7ff7c0f76580 31548->31549 31550 7ff7c0f7674a 31548->31550 31551 7ff7c0f76567 VirtualFree 31548->31551 31549->31550 31589 7ff7c0f93750 63 API calls 31549->31589 31550->31526 31551->31549 31551->31550 31553 7ff7c0f7658d 31554 7ff7c0f767a0 10 API calls 31553->31554 31555 7ff7c0f765b3 31554->31555 31555->31550 31556 7ff7c0f765e4 31555->31556 31557 7ff7c0f765cb VirtualFree 31555->31557 31556->31550 31590 7ff7c0f93750 63 API calls 31556->31590 31557->31550 31557->31556 31559 7ff7c0f765f1 31560 7ff7c0f767a0 10 API calls 31559->31560 31561 7ff7c0f76617 31560->31561 31561->31550 31562 7ff7c0f76648 31561->31562 31563 7ff7c0f7662f VirtualFree 31561->31563 31562->31550 31591 7ff7c0f93750 63 API calls 31562->31591 31563->31550 31563->31562 31565 7ff7c0f7665a 31565->31550 31566 7ff7c0f767a0 10 API calls 31565->31566 31568 7ff7c0f7667f 31566->31568 31567 7ff7c0f766c8 VirtualFree 31567->31550 31567->31568 31568->31550 31568->31567 31569 7ff7c0f766f3 VirtualAlloc 31568->31569 31570 7ff7c0f7671a GetLastError 31569->31570 31571 7ff7c0f7673f 31569->31571 31572 7ff7c0f767a0 10 API calls 31570->31572 31571->31550 31573 7ff7c0f76736 31572->31573 31573->31568 31573->31571 31574->31521 31576 7ff7c0f767b7 VirtualAlloc 31575->31576 31577 7ff7c0f76866 TryAcquireSRWLockExclusive 31575->31577 31578 7ff7c0f767fd GetLastError 31576->31578 31581 7ff7c0f767e1 31576->31581 31579 7ff7c0f76885 31577->31579 31580 7ff7c0f76891 ReleaseSRWLockExclusive 31577->31580 31578->31581 31582 7ff7c0f76812 TryAcquireSRWLockExclusive 31578->31582 31593 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31579->31593 31580->31548 31581->31548 31584 7ff7c0f76823 31582->31584 31585 7ff7c0f7682f ReleaseSRWLockExclusive VirtualAlloc 31582->31585 31592 7ff7c0eee950 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 31584->31592 31585->31581 31587 7ff7c0f76858 GetLastError 31585->31587 31587->31581 31588->31544 31589->31553 31590->31559 31591->31565 31592->31585 31593->31580 31862 7ff7c0ed2660 190 API calls 31796 7ff7c0ee4353 197 API calls 31797 7ff7c10a8af0 201 API calls 31863 7ff7c0ee8451 225 API calls 31323 7ff7c0edd04b 31324 7ff7c0edd03c 31323->31324 31343 7ff7c0edcbd6 31323->31343 31325 7ff7c106ce70 3 API calls 31324->31325 31342 7ff7c0edd17c 31324->31342 31327 7ff7c0edd1b3 31325->31327 31326 7ff7c0edd19c 31330 7ff7c0edd1d1 GetVersionExW GetProductInfo 31327->31330 31327->31342 31329 7ff7c0edce01 31333 7ff7c106ca88 4 API calls 31330->31333 31331 7ff7c0edcc00 31332 7ff7c0edcbea 31332->31331 31345 7ff7c106f290 8 API calls 31332->31345 31335 7ff7c0edd212 31333->31335 31336 7ff7c0edd238 31335->31336 31337 7ff7c106ce70 3 API calls 31335->31337 31347 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31336->31347 31338 7ff7c0edd273 31337->31338 31338->31336 31339 7ff7c0edd27c GetNativeSystemInfo 31338->31339 31344 7ff7c106cd94 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31339->31344 31342->31326 31346 7ff7c106f290 8 API calls 31342->31346 31343->31324 31343->31329 31343->31332 31345->31331 31346->31326 31348 7ff7c0edc99a 269 API calls 31349 7ff7c0ee724e 31350 7ff7c0f03f3b WriteProcessMemory 31349->31350 31351 7ff7c0f03f62 31350->31351 31358 7ff7c0f03f7e 31350->31358 31356 7ff7c106ca88 4 API calls 31351->31356 31351->31358 31352 7ff7c0f04003 31355 7ff7c0f0401c 31352->31355 31359 7ff7c106f290 8 API calls 31352->31359 31353 7ff7c0f03f97 WriteProcessMemory 31353->31358 31354 7ff7c0f184b0 207 API calls 31354->31358 31356->31358 31358->31352 31358->31353 31358->31354 31359->31355 31865 7ff7c0ed3247 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31803 7ff7c0fd70f0 63 API calls 31804 7ff7c0ee073b 198 API calls 31805 7ff7c0ee3b3d 215 API calls 31867 7ff7c0ed7e2f 18 API calls 31871 7ff7c0ed2283 63 API calls 31872 7ff7c10aaa00 137 API calls 31809 7ff7c0ed9320 27 API calls 31873 7ff7c1081204 101 API calls

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00007FF7C0EDDCC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 200filelibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 80 7ff7c0eddcc0-7ff7c0eddd75 call 7ff7c1003460 call 7ff7c101ce00 85 7ff7c0eddf9b-7ff7c0eddf9c 80->85 86 7ff7c0eddd7b-7ff7c0eddd9d 80->86 87 7ff7c0eddf9e-7ff7c0eddf9f 85->87 88 7ff7c0eddda3-7ff7c0edde20 86->88 89 7ff7c0eddf10-7ff7c0eddf14 86->89 91 7ff7c0eddfa1-7ff7c0eddfa3 87->91 92 7ff7c0edde25-7ff7c0edde46 CreateFileW 88->92 93 7ff7c0edde22 88->93 89->87 90 7ff7c0eddf1a 89->90 97 7ff7c0eddf26-7ff7c0eddf36 call 7ff7c0fd74f0 90->97 94 7ff7c0eddf8c 91->94 95 7ff7c0edde7f-7ff7c0edde86 92->95 96 7ff7c0edde48-7ff7c0edde5a GetLastError 92->96 93->92 101 7ff7c0eddf8e-7ff7c0eddf93 call 7ff7c0f0d980 94->101 99 7ff7c0eddee1-7ff7c0eddef1 GetLastError call 7ff7c0eddfb0 95->99 100 7ff7c0edde88-7ff7c0edde9a 95->100 96->97 98 7ff7c0edde60-7ff7c0edde6a 96->98 117 7ff7c0eddf38-7ff7c0eddf55 97->117 118 7ff7c0eddf5a-7ff7c0eddf75 GetModuleHandleW GetProcAddress 97->118 102 7ff7c0edde74-7ff7c0edde7c SetLastError 98->102 103 7ff7c0edde6c-7ff7c0edde6f call 7ff7c0fd74f0 98->103 115 7ff7c0eddeab-7ff7c0eddec7 call 7ff7c101c910 99->115 105 7ff7c0eddef3-7ff7c0eddf02 GetLastError 100->105 106 7ff7c0edde9c-7ff7c0edde9f 100->106 101->117 102->95 103->102 111 7ff7c0eddea5-7ff7c0eddea9 105->111 106->111 112 7ff7c0eddea1 106->112 111->115 116 7ff7c0eddf04-7ff7c0eddf0e call 7ff7c0ede0b0 111->116 112->111 127 7ff7c0eddecf-7ff7c0eddee0 115->127 128 7ff7c0eddec9-7ff7c0eddece call 7ff7c106f290 115->128 116->115 117->98 118->91 119 7ff7c0eddf77-7ff7c0eddf81 118->119 122 7ff7c0eddf83-7ff7c0eddf89 119->122 123 7ff7c0eddf95-7ff7c0eddf99 119->123 122->94 123->101 128->127
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$ExclusiveLock$AcquireAddressCounterCreateFileHandleModulePerformanceProcQueryRelease
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$DoInitialize$GetHandleVerifier$chrome.dll
                                                                                                                                                                                  • API String ID: 3329152108-1597322536
                                                                                                                                                                                  • Opcode ID: 628e8ed8b65ad36c5016054b6b7a8bfed85fd2ac63e4d4512eb614b82304d74b
                                                                                                                                                                                  • Instruction ID: 1987ae746a0075f6a9236762581423ca3ad0e32b39df46009f0ed6883f18f99c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 628e8ed8b65ad36c5016054b6b7a8bfed85fd2ac63e4d4512eb614b82304d74b
                                                                                                                                                                                  • Instruction Fuzzy Hash: A471FE21B1C64682FB25BF15A455BB8A791FB91BA0F885434DE0E87B90CF7CF455C3A0
                                                                                                                                                                                  Function 00007FF7C0EDCA80 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 396COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 158 7ff7c0edca80-7ff7c0edcaaa call 7ff7c101e980 161 7ff7c0edcab0-7ff7c0edcafc call 7ff7c101ea70 158->161 162 7ff7c0edcd78 158->162 166 7ff7c0edcb03-7ff7c0edcb07 161->166 167 7ff7c0edcafe 161->167 165 7ff7c0edcd82-7ff7c0edcd8c call 7ff7c106cac4 162->165 181 7ff7c0edcd91-7ff7c0edcd94 165->181 169 7ff7c0edcb14-7ff7c0edcb18 166->169 170 7ff7c0edcb09-7ff7c0edcb0b 166->170 167->166 174 7ff7c0edcc8c-7ff7c0edcc94 169->174 175 7ff7c0edcb1e-7ff7c0edcb20 169->175 172 7ff7c0edcb0d-7ff7c0edcb12 170->172 173 7ff7c0edcb48 170->173 176 7ff7c0edcb4d-7ff7c0edcb60 172->176 173->176 177 7ff7c0edcbe2-7ff7c0edcbe4 174->177 178 7ff7c0edcc9a-7ff7c0edcc9e 174->178 179 7ff7c0edcb22-7ff7c0edcb27 175->179 180 7ff7c0edcb29 175->180 184 7ff7c0edcdc6-7ff7c0edcdc7 176->184 185 7ff7c0edcb66-7ff7c0edcba7 call 7ff7c101ea70 176->185 177->165 187 7ff7c0edcbea-7ff7c0edcbf9 177->187 178->184 186 7ff7c0edcca4-7ff7c0edcca6 178->186 182 7ff7c0edcb2e-7ff7c0edcb3d 179->182 180->182 183 7ff7c0edccfd-7ff7c0edcd11 181->183 188 7ff7c0edcb43 182->188 189 7ff7c0edcbde 182->189 190 7ff7c0edcd17-7ff7c0edcd1b 183->190 191 7ff7c0edcdc9-7ff7c0edcdfb 183->191 184->191 208 7ff7c0edcc0e-7ff7c0edcc12 185->208 209 7ff7c0edcba9-7ff7c0edcbad 185->209 193 7ff7c0edccad-7ff7c0edccc5 186->193 194 7ff7c0edcca8 186->194 195 7ff7c0edcc01-7ff7c0edcc0d 187->195 196 7ff7c0edcbfb-7ff7c0edcc00 call 7ff7c106f290 187->196 188->184 189->177 197 7ff7c0edcd21-7ff7c0edcd25 190->197 198 7ff7c0edce47-7ff7c0edce70 190->198 191->190 199 7ff7c0edce01 191->199 201 7ff7c0edcda3-7ff7c0edcdc0 193->201 202 7ff7c0edcccb-7ff7c0edcce4 call 7ff7c101e980 193->202 194->193 196->195 205 7ff7c0edce80-7ff7c0edcead 197->205 206 7ff7c0edcd2b 197->206 210 7ff7c0edce76-7ff7c0edce7b 198->210 211 7ff7c0edcd2e-7ff7c0edcd31 198->211 207 7ff7c0edce06-7ff7c0edce0b call 7ff7c106cac4 199->207 201->184 201->189 202->189 205->206 220 7ff7c0edceb3-7ff7c0edceb8 205->220 206->211 213 7ff7c0edcc18-7ff7c0edcc3e 208->213 214 7ff7c0edcce9-7ff7c0edcced 208->214 209->183 218 7ff7c0edcbb3-7ff7c0edcbd0 209->218 219 7ff7c0edcbd6-7ff7c0edcbd8 210->219 216 7ff7c0edce10-7ff7c0edce37 211->216 217 7ff7c0edcd37-7ff7c0edcd3b 211->217 224 7ff7c0edcc44-7ff7c0edcc5e 213->224 225 7ff7c0edcd99-7ff7c0edcd9e 213->225 222 7ff7c0edccf3-7ff7c0edccf7 214->222 223 7ff7c0edcebd-7ff7c0edcee7 214->223 216->217 229 7ff7c0edce3d-7ff7c0edce42 216->229 227 7ff7c0edcd41-7ff7c0edcd6d 217->227 228 7ff7c0edcf88-7ff7c0edcf8c 217->228 218->181 218->219 219->189 219->207 220->219 222->183 230 7ff7c0edd0df-7ff7c0edd125 222->230 223->183 235 7ff7c0edceed-7ff7c0edcef2 223->235 224->219 233 7ff7c0edcc64-7ff7c0edcc81 224->233 225->219 227->219 234 7ff7c0edcd73 227->234 231 7ff7c0edcf8e-7ff7c0edcf96 228->231 232 7ff7c0edcfda-7ff7c0edd003 228->232 229->219 230->181 240 7ff7c0edd12b-7ff7c0edd130 230->240 236 7ff7c0edd005-7ff7c0edd008 231->236 237 7ff7c0edcf98-7ff7c0edcfa3 231->237 232->236 238 7ff7c0edd041 232->238 233->219 239 7ff7c0edcc87 233->239 234->236 235->219 241 7ff7c0edd135-7ff7c0edd17a 236->241 242 7ff7c0edd00e-7ff7c0edd036 236->242 237->232 238->230 239->181 240->219 244 7ff7c0edd17c-7ff7c0edd195 241->244 245 7ff7c0edd1a7-7ff7c0edd1ba call 7ff7c106ce70 241->245 242->219 243 7ff7c0edd03c 242->243 243->241 247 7ff7c0edd19d-7ff7c0edd1a6 244->247 248 7ff7c0edd197-7ff7c0edd19c call 7ff7c106f290 244->248 245->244 252 7ff7c0edd1bc-7ff7c0edd236 call 7ff7c10a8720 GetVersionExW GetProductInfo call 7ff7c106ca88 245->252 248->247 257 7ff7c0edd238-7ff7c0edd262 call 7ff7c0efdc30 call 7ff7c106cd94 252->257 258 7ff7c0edd267-7ff7c0edd27a call 7ff7c106ce70 252->258 257->244 258->257 263 7ff7c0edd27c-7ff7c0edd2ad GetNativeSystemInfo call 7ff7c106cd94 258->263 263->257
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: disable-gpu-sandbox$no-sandbox$service-sandbox-type$type
                                                                                                                                                                                  • API String ID: 0-1293740873
                                                                                                                                                                                  • Opcode ID: 1e7985ea40c615f9057fdd802e732dab18ceea690237479783a52847c5ef1b8d
                                                                                                                                                                                  • Instruction ID: 89568bd308166147327161a705bb3db558f5481a0bc61ab4beb0cf58708c44a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e7985ea40c615f9057fdd802e732dab18ceea690237479783a52847c5ef1b8d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B02B132A0C64382FB50BF21E9106B9A362EF99BB4F945132DA4E93790DF6CF545C760
                                                                                                                                                                                  Function 00007FF7C0ED94A0 Relevance: 7.9, APIs: 5, Instructions: 355COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 476 7ff7c0ed94a0-7ff7c0ed94c4 477 7ff7c0ed96ae-7ff7c0ed96af 476->477 478 7ff7c0ed94ca-7ff7c0ed94d7 476->478 479 7ff7c0ed96b6 call 7ff7c0f7a090 477->479 478->479 480 7ff7c0ed94dd-7ff7c0ed94eb 478->480 485 7ff7c0ed96bb 479->485 482 7ff7c0ed94f1-7ff7c0ed954e 480->482 483 7ff7c0ed9a07-7ff7c0ed9a08 480->483 486 7ff7c0ed9550-7ff7c0ed9568 482->486 487 7ff7c0ed956a-7ff7c0ed9573 482->487 484 7ff7c0ed9a0a-7ff7c0ed9a0d 483->484 488 7ff7c0ed9a12-7ff7c0ed9a18 ReleaseSRWLockExclusive 484->488 491 7ff7c0ed96c3-7ff7c0ed96e0 485->491 486->487 489 7ff7c0ed9814-7ff7c0ed9835 TryAcquireSRWLockExclusive 487->489 490 7ff7c0ed9579-7ff7c0ed9593 487->490 496 7ff7c0ed9a1f-7ff7c0ed9a24 488->496 492 7ff7c0ed983f-7ff7c0ed984e 489->492 493 7ff7c0ed9837-7ff7c0ed983a call 7ff7c0eee950 489->493 494 7ff7c0ed9595 call 7ff7c106eb48 490->494 495 7ff7c0ed959a-7ff7c0ed95b8 490->495 497 7ff7c0ed967e 491->497 499 7ff7c0ed9854-7ff7c0ed9873 492->499 500 7ff7c0ed9917-7ff7c0ed9943 call 7ff7c0f914c0 492->500 493->492 494->495 502 7ff7c0ed97ff-7ff7c0ed980e call 7ff7c0f745e0 495->502 503 7ff7c0ed95be-7ff7c0ed95c2 495->503 507 7ff7c0ed998b-7ff7c0ed9991 496->507 508 7ff7c0ed9684-7ff7c0ed9693 497->508 509 7ff7c0ed9a2f-7ff7c0ed9a30 499->509 510 7ff7c0ed9879-7ff7c0ed98c5 499->510 513 7ff7c0ed9948-7ff7c0ed994b 500->513 502->489 504 7ff7c0ed95c8-7ff7c0ed95d7 502->504 503->489 503->504 511 7ff7c0ed9704-7ff7c0ed9708 504->511 512 7ff7c0ed95dd-7ff7c0ed95f3 504->512 515 7ff7c0ed98ca-7ff7c0ed990c ReleaseSRWLockExclusive 507->515 517 7ff7c0ed9695-7ff7c0ed969a call 7ff7c106f290 508->517 518 7ff7c0ed969b-7ff7c0ed96ad 508->518 516 7ff7c0ed9a32-7ff7c0ed9a33 509->516 510->515 526 7ff7c0ed970c-7ff7c0ed972a TryAcquireSRWLockExclusive 511->526 520 7ff7c0ed96e2-7ff7c0ed96fc call 7ff7c0f75870 512->520 521 7ff7c0ed95f9 512->521 513->484 524 7ff7c0ed9951-7ff7c0ed9970 513->524 522 7ff7c0ed9912 515->522 523 7ff7c0ed965a-7ff7c0ed9662 call 7ff7c10a8720 515->523 525 7ff7c0ed9a35-7ff7c0ed9a36 516->525 517->518 528 7ff7c0ed95fd-7ff7c0ed9658 520->528 547 7ff7c0ed9702 520->547 521->528 529 7ff7c0ed9667-7ff7c0ed966b 522->529 523->529 524->525 531 7ff7c0ed9976-7ff7c0ed997c 524->531 533 7ff7c0ed9a38-7ff7c0ed9a3b 525->533 534 7ff7c0ed9734-7ff7c0ed9744 526->534 535 7ff7c0ed972c-7ff7c0ed972f call 7ff7c0eee950 526->535 528->523 528->529 529->508 540 7ff7c0ed966d-7ff7c0ed9674 529->540 531->496 539 7ff7c0ed9982-7ff7c0ed9987 531->539 537 7ff7c0ed9996-7ff7c0ed99ca call 7ff7c0f914c0 534->537 538 7ff7c0ed974a-7ff7c0ed9769 534->538 535->534 550 7ff7c0ed9a0f 537->550 551 7ff7c0ed99cc-7ff7c0ed99eb 537->551 538->516 543 7ff7c0ed976f-7ff7c0ed97f4 ReleaseSRWLockExclusive 538->543 539->507 540->491 545 7ff7c0ed9676-7ff7c0ed967a 540->545 543->502 545->497 547->526 550->488 551->533 552 7ff7c0ed99ed-7ff7c0ed99f2 551->552 553 7ff7c0ed99f4-7ff7c0ed99f8 552->553 554 7ff7c0ed9a29-7ff7c0ed9a2d 552->554 555 7ff7c0ed99fc-7ff7c0ed99ff 553->555 554->555 555->483
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: f553015655abf721a4e02bec845a4e1b7a8a300cb897d197ecb37415c9be64fe
                                                                                                                                                                                  • Instruction ID: 12d45c5fe993ab84c4a963bc13e30826d83de05ae6c4668b870ff23f2c7dfcf7
                                                                                                                                                                                  • Opcode Fuzzy Hash: f553015655abf721a4e02bec845a4e1b7a8a300cb897d197ecb37415c9be64fe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E1B032A08B4586EB14EF25E854279B7A1FB48BB4F894231DA6E837D4DF3DE445C360
                                                                                                                                                                                  Function 00007FF7C0F76450 Relevance: 7.7, APIs: 6, Instructions: 229COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 556 7ff7c0f76450-7ff7c0f76459 557 7ff7c0f764e9-7ff7c0f76527 556->557 558 7ff7c0f7645f-7ff7c0f76473 556->558 559 7ff7c0f7653d-7ff7c0f7654a call 7ff7c0f767a0 557->559 560 7ff7c0f76529-7ff7c0f7653a call 7ff7c0f93750 557->560 558->557 564 7ff7c0f7654f-7ff7c0f76552 559->564 560->559 565 7ff7c0f76757-7ff7c0f7675a 564->565 566 7ff7c0f76558-7ff7c0f76561 564->566 567 7ff7c0f76588-7ff7c0f765b6 call 7ff7c0f93750 call 7ff7c0f767a0 565->567 568 7ff7c0f76760 565->568 569 7ff7c0f76567-7ff7c0f7657a VirtualFree 566->569 570 7ff7c0f76763-7ff7c0f76776 566->570 578 7ff7c0f765bc-7ff7c0f765c5 567->578 579 7ff7c0f76741-7ff7c0f76744 567->579 568->570 571 7ff7c0f7678a-7ff7c0f7678b 569->571 572 7ff7c0f76580 569->572 575 7ff7c0f7678d-7ff7c0f76790 571->575 572->567 578->570 582 7ff7c0f765cb-7ff7c0f765de VirtualFree 578->582 580 7ff7c0f765ec-7ff7c0f7661a call 7ff7c0f93750 call 7ff7c0f767a0 579->580 581 7ff7c0f7674a 579->581 588 7ff7c0f7674c-7ff7c0f7674f 580->588 589 7ff7c0f76620-7ff7c0f76629 580->589 581->568 582->571 583 7ff7c0f765e4 582->583 583->580 590 7ff7c0f76755 588->590 591 7ff7c0f76650-7ff7c0f76669 call 7ff7c0f93750 588->591 589->570 592 7ff7c0f7662f-7ff7c0f76642 VirtualFree 589->592 590->568 591->575 596 7ff7c0f7666f-7ff7c0f76682 call 7ff7c0f767a0 591->596 592->571 593 7ff7c0f76648 592->593 593->591 596->570 599 7ff7c0f76688-7ff7c0f7668e 596->599 600 7ff7c0f76690-7ff7c0f766c2 599->600 601 7ff7c0f766c8-7ff7c0f766db VirtualFree 600->601 602 7ff7c0f7677f-7ff7c0f76782 600->602 603 7ff7c0f76784-7ff7c0f76785 601->603 604 7ff7c0f766e1-7ff7c0f766ed 601->604 602->570 605 7ff7c0f76787-7ff7c0f76788 603->605 604->605 606 7ff7c0f766f3-7ff7c0f76718 VirtualAlloc 604->606 605->571 607 7ff7c0f7671a-7ff7c0f76739 GetLastError call 7ff7c0f767a0 606->607 608 7ff7c0f76777 606->608 607->600 611 7ff7c0f7673f 607->611 608->602 611->570
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76572
                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F765D6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                  • Opcode ID: 194675e2e99414a8811d657dfa2e25dcdc2f047f1ac8ba3c8209b07d08d130b1
                                                                                                                                                                                  • Instruction ID: 3a2b19aa73f8e5b5e822c6a3985e486398cca456ff70ae244f9d2fc8fedee716
                                                                                                                                                                                  • Opcode Fuzzy Hash: 194675e2e99414a8811d657dfa2e25dcdc2f047f1ac8ba3c8209b07d08d130b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E51D611B1D62242FE18AF66590963D9A897F45FF8FC44834ED0E87B90EF7CF44286A1
                                                                                                                                                                                  Function 00007FF7C0EDC1D8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 212libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 7ff7c0edc1d8-7ff7c0edc1ed call 7ff7c106cac4 3 7ff7c0edc1ef-7ff7c0edc1f7 call 7ff7c106cac4 0->3 4 7ff7c0edc1fc-7ff7c0edc201 0->4 3->4 6 7ff7c0edc203-7ff7c0edc208 call 7ff7c106cac4 4->6 7 7ff7c0edc20d-7ff7c0edc230 4->7 6->7 9 7ff7c0edc232 7->9 10 7ff7c0edc237-7ff7c0edc258 call 7ff7c102b830 7->10 9->10 14 7ff7c0edc262-7ff7c0edc273 SetCurrentDirectoryW 10->14 15 7ff7c0edc25a 10->15 16 7ff7c0edc275-7ff7c0edc27d call 7ff7c106cac4 14->16 17 7ff7c0edc282-7ff7c0edc285 14->17 15->14 16->17 19 7ff7c0edc3d3-7ff7c0edc3f6 17->19 20 7ff7c0edc28b-7ff7c0edc29c call 7ff7c101e980 17->20 22 7ff7c0edc3fc-7ff7c0edc412 QueryPerformanceCounter 19->22 23 7ff7c0edc48e-7ff7c0edc49a 19->23 28 7ff7c0edc2a2-7ff7c0edc2ad 20->28 29 7ff7c0edc5c1-7ff7c0edc5fd call 7ff7c106a660 call 7ff7c0edc830 call 7ff7c106a660 20->29 25 7ff7c0edc602-7ff7c0edc627 22->25 26 7ff7c0edc418-7ff7c0edc428 22->26 30 7ff7c0edc42b-7ff7c0edc43f call 7ff7c0edc830 23->30 25->30 26->30 32 7ff7c0edc2b4-7ff7c0edc2c8 LoadLibraryExW 28->32 33 7ff7c0edc2af 28->33 50 7ff7c0edc4ad 29->50 38 7ff7c0edc444-7ff7c0edc44e 30->38 36 7ff7c0edc55e-7ff7c0edc56a call 7ff7c106ae60 32->36 37 7ff7c0edc2ce-7ff7c0edc2d5 32->37 33->32 51 7ff7c0edc54c-7ff7c0edc554 36->51 52 7ff7c0edc56c-7ff7c0edc5bf GetLastError call 7ff7c10d5ad0 call 7ff7c1053370 call 7ff7c0f35b40 36->52 43 7ff7c0edc2eb-7ff7c0edc30b GetProcAddress 37->43 44 7ff7c0edc2d7-7ff7c0edc2e7 SetProcessShutdownParameters 37->44 39 7ff7c0edc450-7ff7c0edc470 QueryPerformanceCounter 38->39 40 7ff7c0edc49c-7ff7c0edc4a4 38->40 45 7ff7c0edc476-7ff7c0edc486 39->45 46 7ff7c0edc62c-7ff7c0edc64e 39->46 40->50 53 7ff7c0edc314-7ff7c0edc31b 43->53 44->43 45->23 58 7ff7c0edc4bf-7ff7c0edc4c4 call 7ff7c0ed4e70 50->58 51->36 76 7ff7c0edc544-7ff7c0edc547 call 7ff7c10d5b40 52->76 56 7ff7c0edc31d-7ff7c0edc322 call 7ff7c106cac4 53->56 57 7ff7c0edc327-7ff7c0edc343 53->57 56->57 57->58 59 7ff7c0edc349-7ff7c0edc361 57->59 63 7ff7c0edc4c9-7ff7c0edc4ce call 7ff7c0ed4e70 58->63 62 7ff7c0edc367-7ff7c0edc379 59->62 59->63 66 7ff7c0edc3b5-7ff7c0edc3d2 62->66 67 7ff7c0edc37b-7ff7c0edc396 call 7ff7c106f290 call 7ff7c101e890 62->67 63->76 67->66 76->51
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressCurrentDirectoryLibraryLoadParametersProcProcessShutdown
                                                                                                                                                                                  • String ID: ..\..\chrome\app\main_dll_loader_win.cc$ChromeMain$Failed to load Chrome DLL from $no-pre-read-main-dll
                                                                                                                                                                                  • API String ID: 4180520086-3232293009
                                                                                                                                                                                  • Opcode ID: 5a93d46bc84d543e7c88fd11061c94af9ca4c9e78cd846fc102ee4f6ba13899d
                                                                                                                                                                                  • Instruction ID: 7c33b00819752021527ee72bd1d06ec906ed128646c0756c788eee76793e6870
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a93d46bc84d543e7c88fd11061c94af9ca4c9e78cd846fc102ee4f6ba13899d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93A13B21A48A8781EB20FF15F0513B9E361FB85BA4F895031DA5E46B95DFBDF084C760
                                                                                                                                                                                  Function 00007FF7C1097390 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7C109717C,?,?,00000000,00007FF7C1099D5F,?,?,E0000008,00007FF7C108090D), ref: 00007FF7C109750C
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF7C109717C,?,?,00000000,00007FF7C1099D5F,?,?,E0000008,00007FF7C108090D), ref: 00007FF7C1097518
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                  • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                  • API String ID: 3013587201-2431898299
                                                                                                                                                                                  • Opcode ID: f3a0e931aee21bcdf5bbb018868af67f807ca3288ca5dcab4f5a2cde0f8af77d
                                                                                                                                                                                  • Instruction ID: 12f2996bc08f859627b37c79adf57a2956463908a7a94406b5c86a51d4a801cd
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3a0e931aee21bcdf5bbb018868af67f807ca3288ca5dcab4f5a2cde0f8af77d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B415622B1960242FB15EF16B824A79A391BF45BB0FCA8035CD0D87795EF7CE884C760
                                                                                                                                                                                  Function 00007FF7C0EE3E67 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                  • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 749074358-923734411
                                                                                                                                                                                  • Opcode ID: 22b950ed1e1b762d64ca26cb8eec077c0d14983904bd0af3fc5f0d6c0bb210a3
                                                                                                                                                                                  • Instruction ID: 5d5e961c90e9f99085eda85a75b741d14153a6ac5be244f19c2ab4a3c08b104a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b950ed1e1b762d64ca26cb8eec077c0d14983904bd0af3fc5f0d6c0bb210a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D416F32A0CA8682EB20BF24E0553BAE361FF80764F845136DA9E47B95DF7DE145C360
                                                                                                                                                                                  Function 00007FF7C0F767A0 Relevance: 12.1, APIs: 8, Instructions: 76memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000,?), ref: 00007FF7C0F767D6
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F767FD
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76819
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76836
                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F7684A
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00007FF7C0F7A5EC), ref: 00007FF7C0F76858
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000), ref: 00007FF7C0F7687B
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF7C0F7654F,?,?,?,?,?,00000000), ref: 00007FF7C0F76898
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireAllocErrorLastReleaseVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 527672694-0
                                                                                                                                                                                  • Opcode ID: cc1304fdf6f16a4824ded2f2e19ac6a6a428a03f31efcf2752814b012e07f392
                                                                                                                                                                                  • Instruction ID: a02b4b3a9aee8eadce2775ded089a9fa358e3e1586769811cafe8b88550278f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1304fdf6f16a4824ded2f2e19ac6a6a428a03f31efcf2752814b012e07f392
                                                                                                                                                                                  • Instruction Fuzzy Hash: E8216D21A1C91B97FB11BF15B8484B8A365BF58FB4FC40471E91D42B60DF6CB98AC3A1
                                                                                                                                                                                  Function 00007FF7C0ED1B80 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 450COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 319 7ff7c0ed1b80-7ff7c0ed1b82 320 7ff7c0ed1b84-7ff7c0ed1b8b 319->320 321 7ff7c0ed1bdf-7ff7c0ed1be3 319->321 324 7ff7c0ed1b91-7ff7c0ed1bab 320->324 325 7ff7c0ed1e32-7ff7c0ed1e41 320->325 322 7ff7c0ed1be9-7ff7c0ed1c03 321->322 323 7ff7c0ed1d6a-7ff7c0ed1d80 TryAcquireSRWLockExclusive 321->323 326 7ff7c0ed1c05 call 7ff7c106eb48 322->326 327 7ff7c0ed1c0a-7ff7c0ed1c28 322->327 328 7ff7c0ed1d82-7ff7c0ed1d85 call 7ff7c0eee950 323->328 329 7ff7c0ed1d8a-7ff7c0ed1d9e 323->329 330 7ff7c0ed1bb1-7ff7c0ed1bb4 324->330 331 7ff7c0ed1e4d-7ff7c0ed1e5b call 7ff7c0f746b0 324->331 325->331 326->327 327->323 333 7ff7c0ed1c2e-7ff7c0ed1c3c 327->333 328->329 336 7ff7c0ed1da4-7ff7c0ed1dd9 329->336 337 7ff7c0ed1ecb-7ff7c0ed1ecc 329->337 338 7ff7c0ed1bc0-7ff7c0ed1bca 330->338 356 7ff7c0ed1e60-7ff7c0ed1e72 call 7ff7c0f75b20 331->356 339 7ff7c0ed1c42-7ff7c0ed1c4c 333->339 340 7ff7c0ed1d4b-7ff7c0ed1d4f 333->340 341 7ff7c0ed1ece-7ff7c0ed1f44 call 7ff7c106cacc * 2 GetLastError SetLastError 336->341 357 7ff7c0ed1ddf-7ff7c0ed1dfa 336->357 337->341 338->338 343 7ff7c0ed1bcc-7ff7c0ed1bce 338->343 339->340 348 7ff7c0ed1c52-7ff7c0ed1c72 339->348 346 7ff7c0ed1d55-7ff7c0ed1d66 340->346 347 7ff7c0ed1ebf 340->347 381 7ff7c0ed1f46-7ff7c0ed1f4a 341->381 382 7ff7c0ed1f4d-7ff7c0ed1f7c 341->382 344 7ff7c0ed1bd4-7ff7c0ed1bd9 343->344 345 7ff7c0ed1e1b-7ff7c0ed1e20 call 7ff7c0f72b40 343->345 344->321 351 7ff7c0ed1e77-7ff7c0ed1ea5 344->351 359 7ff7c0ed1e25-7ff7c0ed1e2d call 7ff7c0f75c40 345->359 346->323 347->337 353 7ff7c0ed1d47 348->353 354 7ff7c0ed1c78-7ff7c0ed1ca9 348->354 358 7ff7c0ed1d3d-7ff7c0ed1d46 351->358 353->340 360 7ff7c0ed1cd0-7ff7c0ed1d18 354->360 361 7ff7c0ed1cab-7ff7c0ed1cb8 354->361 356->351 364 7ff7c0ed1e00-7ff7c0ed1e02 357->364 365 7ff7c0ed1eaa-7ff7c0ed1eb5 call 7ff7c0f75e70 357->365 360->356 377 7ff7c0ed1d1e-7ff7c0ed1d25 360->377 361->360 369 7ff7c0ed1cba-7ff7c0ed1cc1 361->369 364->365 366 7ff7c0ed1e08-7ff7c0ed1e14 ReleaseSRWLockExclusive 364->366 373 7ff7c0ed1eba 365->373 366->345 369->360 375 7ff7c0ed1cc3-7ff7c0ed1cca 369->375 373->366 375->360 378 7ff7c0ed1ccc 375->378 377->359 380 7ff7c0ed1d2b-7ff7c0ed1d39 377->380 378->360 380->358 381->382 386 7ff7c0ed1f7e-7ff7c0ed1f81 382->386 387 7ff7c0ed1f87-7ff7c0ed1f8a 382->387 386->387 388 7ff7c0ed1f8c-7ff7c0ed1f92 call 7ff7c10a8080 387->388 389 7ff7c0ed1f97-7ff7c0ed1fa7 387->389 388->389 391 7ff7c0ed1fae 389->391 392 7ff7c0ed1fa9 389->392 393 7ff7c0ed1fb0-7ff7c0ed1fb5 call 7ff7c106cac4 391->393 394 7ff7c0ed1fba-7ff7c0ed2081 call 7ff7c0ed2590 call 7ff7c0ed8e90 391->394 392->391 393->394 407 7ff7c0ed2083-7ff7c0ed2087 394->407 408 7ff7c0ed208a-7ff7c0ed20ba 394->408 407->408 412 7ff7c0ed20c5-7ff7c0ed20c8 408->412 413 7ff7c0ed20bc-7ff7c0ed20bf 408->413 414 7ff7c0ed20d5-7ff7c0ed20eb 412->414 415 7ff7c0ed20ca-7ff7c0ed20d0 call 7ff7c10a8080 412->415 413->412 417 7ff7c0ed20f2-7ff7c0ed21eb 414->417 418 7ff7c0ed20ed 414->418 415->414 424 7ff7c0ed21f6-7ff7c0ed21f9 417->424 425 7ff7c0ed21ed-7ff7c0ed21f0 417->425 418->417 426 7ff7c0ed2206-7ff7c0ed2246 424->426 427 7ff7c0ed21fb-7ff7c0ed2201 call 7ff7c10a8080 424->427 425->424 430 7ff7c0ed2252-7ff7c0ed226c 426->430 431 7ff7c0ed2248-7ff7c0ed224d call 7ff7c106cac4 426->431 427->426 435 7ff7c0ed22cd-7ff7c0ed22e6 430->435 436 7ff7c0ed226e-7ff7c0ed2273 430->436 431->430 437 7ff7c0ed227b-7ff7c0ed228e 435->437 438 7ff7c0ed22e8 435->438 436->437 439 7ff7c0ed2275-7ff7c0ed2279 436->439 443 7ff7c0ed2294-7ff7c0ed2299 437->443 444 7ff7c0ed23b6-7ff7c0ed23c1 call 7ff7c10d56d0 437->444 440 7ff7c0ed22eb-7ff7c0ed2311 call 7ff7c106cb24 438->440 439->435 439->437 449 7ff7c0ed2313-7ff7c0ed2319 440->449 447 7ff7c0ed22a5-7ff7c0ed22cc SetLastError call 7ff7c106cacc 443->447 448 7ff7c0ed229b-7ff7c0ed22a0 call 7ff7c106cac4 443->448 450 7ff7c0ed23c6 444->450 448->447 449->437 450->450
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AcquireExclusiveLock
                                                                                                                                                                                  • String ID: W$@n
                                                                                                                                                                                  • API String ID: 4021432409-2671980476
                                                                                                                                                                                  • Opcode ID: 4ae8ff0c7d4120d0f58d42ea9cebb1e69520ee54ac295f9a22a09cd7d73a8d37
                                                                                                                                                                                  • Instruction ID: 1f6371ad26121ad1822c86f5e07b196195311d231545c7f5382e672d63c320f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ae8ff0c7d4120d0f58d42ea9cebb1e69520ee54ac295f9a22a09cd7d73a8d37
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F12C132A48B4282EB15BF29D4442B9A7A1FB55BA4F884135DF5D83790DF7DF482C3A0
                                                                                                                                                                                  Function 00007FF7C109636C Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C109637B
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963B1
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963DE
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C10963EF
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C1096400
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,AAAAAAAA,00007FF7C106CAD5,?,?,?,?,00007FF7C0FA002E), ref: 00007FF7C109641B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: b6577db9dae4a426543507c67470ffa707cb7943790ec4dfbef65006e9aa635d
                                                                                                                                                                                  • Instruction ID: 2aa7348e80171b981770485b206ffb3403ea809a71a7a553cfad81aa936e4fd4
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6577db9dae4a426543507c67470ffa707cb7943790ec4dfbef65006e9aa635d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9114D20A0C24642FB54BF71A561139E2969F84BB4F968634D83E47BC6EEACA4C34320
                                                                                                                                                                                  Function 00007FF7C0F0D980 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,00007FF7C0FD74E1,?,?,?,?,?,?,?,?), ref: 00007FF7C0F0DA29
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,00007FF7C0FD74E1,?,?,?,?,?,?,?,?), ref: 00007FF7C0F0DA50
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDA4
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDE4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 1678258262-3617602025
                                                                                                                                                                                  • Opcode ID: 1c219d54edd95529ae60d437d7a7b2478afd7701bc8689168f2ea21abcc9a51f
                                                                                                                                                                                  • Instruction ID: 5ca5034ba0ab52c6d1311af6b9ff99b347b2e9220b2fc736b7b25d04a6780e9c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c219d54edd95529ae60d437d7a7b2478afd7701bc8689168f2ea21abcc9a51f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E512A71A0DA4682FB50BF11F9513B8B3A1AB80B74F854131D96E467A1DF7CB486C7A0
                                                                                                                                                                                  Function 00007FF7C0F02B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 9fdb10fd3b84486d6bc8af504ad8da8cd08353bdbae300109d631cafe9bdf857
                                                                                                                                                                                  • Instruction ID: 181fe0ff1523855c4ef6cb04707cb7a79944ef906383c318f9e1ca7b8b6b7bbc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fdb10fd3b84486d6bc8af504ad8da8cd08353bdbae300109d631cafe9bdf857
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59011B64A0DA4681EB59BF15B458378A321BF84BA4FD04435CA0E873A0DF7CB4C5C3B0
                                                                                                                                                                                  Function 00007FF7C0F75E70 Relevance: 4.7, APIs: 3, Instructions: 232COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 676 7ff7c0f75e70-7ff7c0f75e96 677 7ff7c0f75ed9-7ff7c0f75ede 676->677 678 7ff7c0f75e98-7ff7c0f75eb1 676->678 681 7ff7c0f76056-7ff7c0f76065 677->681 682 7ff7c0f75ee4-7ff7c0f75eec 677->682 679 7ff7c0f75eb7-7ff7c0f75ec7 678->679 680 7ff7c0f75eb3 678->680 685 7ff7c0f75ecd-7ff7c0f75ed6 679->685 686 7ff7c0f761fb-7ff7c0f761fc 679->686 680->679 683 7ff7c0f7606d-7ff7c0f76079 681->683 684 7ff7c0f76067-7ff7c0f7606c call 7ff7c106f290 681->684 687 7ff7c0f76137-7ff7c0f7615f 682->687 688 7ff7c0f75ef2-7ff7c0f75ef5 682->688 684->683 685->677 690 7ff7c0f761fe-7ff7c0f76201 686->690 691 7ff7c0f76169-7ff7c0f761cb ReleaseSRWLockExclusive 687->691 692 7ff7c0f76161-7ff7c0f76165 687->692 693 7ff7c0f75ef7-7ff7c0f75eff call 7ff7c0f913d0 688->693 694 7ff7c0f75f02-7ff7c0f75f04 688->694 699 7ff7c0f761cd-7ff7c0f761d7 691->699 700 7ff7c0f761d9-7ff7c0f761ee call 7ff7c0f76310 call 7ff7c0f763d0 691->700 692->691 693->694 697 7ff7c0f75f0e-7ff7c0f75f6c 694->697 698 7ff7c0f75f06 694->698 697->681 702 7ff7c0f75f72-7ff7c0f75f85 697->702 698->697 699->700 703 7ff7c0f761f3-7ff7c0f761f9 699->703 700->681 705 7ff7c0f75f87-7ff7c0f75f9d 702->705 706 7ff7c0f75fb5-7ff7c0f76008 702->706 703->700 709 7ff7c0f7607a-7ff7c0f7607e 705->709 710 7ff7c0f75fa3-7ff7c0f75fa9 705->710 706->681 711 7ff7c0f7600a-7ff7c0f76016 706->711 709->710 713 7ff7c0f76084-7ff7c0f760fe VirtualFree 709->713 710->706 714 7ff7c0f7603a-7ff7c0f76041 711->714 715 7ff7c0f7610e-7ff7c0f76132 713->715 716 7ff7c0f76100-7ff7c0f76108 GetLastError 713->716 714->681 717 7ff7c0f76043-7ff7c0f76052 714->717 715->710 716->690 716->715 718 7ff7c0f76054 717->718 719 7ff7c0f76020-7ff7c0f76023 call 7ff7c0f76210 717->719 720 7ff7c0f76028-7ff7c0f76038 718->720 719->720 720->681 720->714
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f773729c2e95860428d67b6b2319d8133d7c25518e3418408354b9cb3334820
                                                                                                                                                                                  • Instruction ID: b4ff87a165541496e6e59c8eaa1fe95512464b427e0eda1184f93afdac5bcf61
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f773729c2e95860428d67b6b2319d8133d7c25518e3418408354b9cb3334820
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0991D132B18A0582EB249F29E8547B9B3A4FB44BB0F844635EB6E877D4DF7CE4518350
                                                                                                                                                                                  Function 00007FF7C0EE4216 Relevance: 4.5, APIs: 3, Instructions: 29threadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$CurrentDebuggerDescriptionPresent
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2203314410-0
                                                                                                                                                                                  • Opcode ID: 07cf87255f92ad628669bcbff5d17c690fd3fe6f4a3f794c7e3d606d9ebb8e3e
                                                                                                                                                                                  • Instruction ID: 884c6ab3fd9283566e995cd97f0915a6a3f711ba707826aaf58978a3ec98b757
                                                                                                                                                                                  • Opcode Fuzzy Hash: 07cf87255f92ad628669bcbff5d17c690fd3fe6f4a3f794c7e3d606d9ebb8e3e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01F03C62B4864545FB01BF71E8443B8A320BB59BA8F884430DE5D52795EF7CE4848360
                                                                                                                                                                                  Function 00007FF7C1080928 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                  • Opcode ID: 4b99b9317b4118e3b2a5ff9b77863553023bf3a527551d299fe7e4eb74833062
                                                                                                                                                                                  • Instruction ID: 6251eb9b748570c091db15b71afc117ddd3480525bb21712e327039a6079aed0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b99b9317b4118e3b2a5ff9b77863553023bf3a527551d299fe7e4eb74833062
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CD09E50F1DA0A43FF547F7068955B892519F88B31F851438D84F46797DEBCE88D8360
                                                                                                                                                                                  Function 00007FF7C0EDC830 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentMemoryPrefetchProcessVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3768025762-0
                                                                                                                                                                                  • Opcode ID: 0ff2398a4f1d4b5d869af8df682b44401bbc5695536bc8d54a13d8b967c66fd2
                                                                                                                                                                                  • Instruction ID: 7dff248c660741da7fd0aaf33baa86056bcfa54fcc9eb031926eb163b4c8bd05
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ff2398a4f1d4b5d869af8df682b44401bbc5695536bc8d54a13d8b967c66fd2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C31C621A18B8782EB20BF14F4557B9A360FF84BA4F901130EA8D87B90DF3DE0479750
                                                                                                                                                                                  Function 00007FF7C1080820 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                  • Opcode ID: 552df39bf1990702b2f651dddb0815c4cde8980aaff4d2aed6c477843c5a5dc6
                                                                                                                                                                                  • Instruction ID: b8fa3d5561a407504a2583a813c50e0afeedba67b8c133275d6df844b9abf52f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 552df39bf1990702b2f651dddb0815c4cde8980aaff4d2aed6c477843c5a5dc6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91219132E19B018AFB25AF64C4802BC73A0EB04728F854A35D69D06EC9DFB8D585CB90
                                                                                                                                                                                  Function 00007FF7C0EDC960 Relevance: 1.3, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EDCA5A
                                                                                                                                                                                    • Part of subcall function 00007FF7C0EDDCC0: CreateFileW.KERNELBASE ref: 00007FF7C0EDDE3A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1214770103-0
                                                                                                                                                                                  • Opcode ID: 3622c907b3650dec3139cec8dd606c47b08bf772ff00628cd7e03e8a9ec31eca
                                                                                                                                                                                  • Instruction ID: 8625b55745dea44cadc4a073df6345e9a8415e0caaeb4b3c9b55b390ae76c9ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3622c907b3650dec3139cec8dd606c47b08bf772ff00628cd7e03e8a9ec31eca
                                                                                                                                                                                  • Instruction Fuzzy Hash: B621AC32A5871681FB10BF56A8A1379A290EF85BF0F95A031DE5E83791CF7CA4428360
                                                                                                                                                                                  Function 00007FF7C0EDC660 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1214770103-0
                                                                                                                                                                                  • Opcode ID: 3396749bb7636434b24503ce126a686e0b32efab0ff30a837666ac117f274941
                                                                                                                                                                                  • Instruction ID: a175cc47723ef8c08413b37bf20a34664d447aa3905639ef201b17035b62b5e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3396749bb7636434b24503ce126a686e0b32efab0ff30a837666ac117f274941
                                                                                                                                                                                  • Instruction Fuzzy Hash: A301DF3262864642FA20BF12A815379A3D0AB88FE0FD55030EE4D47B81CE7CE0428720

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF7C0EE4D60 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 402threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CurrentThread
                                                                                                                                                                                  • String ID: ..\..\base\threading\thread.cc$Histogram.TooManyBuckets.1000$Run
                                                                                                                                                                                  • API String ID: 1060291769-1462052136
                                                                                                                                                                                  • Opcode ID: 950df52247c63de4ec8900e31159e20a5011148419b2e6a65c5e0001256074d6
                                                                                                                                                                                  • Instruction ID: 8231985dc0e56458a3b519ca838f01ba1ceb4f8661a1feaf75c0e813850e1938
                                                                                                                                                                                  • Opcode Fuzzy Hash: 950df52247c63de4ec8900e31159e20a5011148419b2e6a65c5e0001256074d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F1D322A08A4682EB14FF21E5503B9E3A0FF44BA4F944535DA5E87795DF7CF581C3A0
                                                                                                                                                                                  Function 00007FF7C0EEBBA0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 314COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLockRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(protobuf_stream_writer_.bytes_available() != 0)$PERFETTO_CHECK(was_always_bound_)$Shared memory buffer max stall count exceeded; possible deadlock (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 1766480654-1852863068
                                                                                                                                                                                  • Opcode ID: f146be659d9773f0a338365d970d3be5a8573640604a25a8178e3dbd77c899b4
                                                                                                                                                                                  • Instruction ID: 4ce6d6d09bf684398d971b051a3986f4f21793b7ec30e89c7e99e52fa4b87d5d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f146be659d9773f0a338365d970d3be5a8573640604a25a8178e3dbd77c899b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD1C232A08A4A86EB50FF15E4403AAB3A0FB44BA4F904135DB5D47BA0DF7DE595CB50
                                                                                                                                                                                  Function 00007FF7C0EE3C70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                  • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapFileRegionToMemory$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 749074358-2278429350
                                                                                                                                                                                  • Opcode ID: 4c77c7efc00130e07401c273a9a497690e5cb643d02c2d62b402c14e03f8df10
                                                                                                                                                                                  • Instruction ID: 2226ae7853da908dab5457fe6da163ba9b44b24b35cf07fa1a6ca23c18584d08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c77c7efc00130e07401c273a9a497690e5cb643d02c2d62b402c14e03f8df10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7661D221B1CA8A82EB20BF65E4553BAE3A1EF447A4FC45031DA5E43755DF7DF0458360
                                                                                                                                                                                  Function 00007FF7C0F76310 Relevance: 10.9, APIs: 7, Instructions: 419COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fc254ab4d10dfe2c5b3e670c683d19ac2b36901da03d51e1e47ee7964f30d9cc
                                                                                                                                                                                  • Instruction ID: 59453c6449200a0c2319ea53cc65f421fb4cbeba2a1b033f350f72ef105d997c
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc254ab4d10dfe2c5b3e670c683d19ac2b36901da03d51e1e47ee7964f30d9cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F1D222B18A4586EB14AF19E418379B7A1FB44BB0F840631EA2D877E4DF7CF585C361
                                                                                                                                                                                  Function 00007FF7C109BDDC Relevance: 9.2, APIs: 6, Instructions: 171COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$Locale$ErrorInfoLastValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1706690794-0
                                                                                                                                                                                  • Opcode ID: d6fc0111985f954ec5a0db9ef814e8438fc5fc14d2694b487c4247d0c6ba58d2
                                                                                                                                                                                  • Instruction ID: e8b4fd41b862c864efb2023a47212e39a6a9c5076877ae849fd78faf09898eb3
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6fc0111985f954ec5a0db9ef814e8438fc5fc14d2694b487c4247d0c6ba58d2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18716B22F186428AFB10FF61D460ABCA3A4BF49B64FC54035DA1D53695DFBDE885C360
                                                                                                                                                                                  Function 00007FF7C10985FC Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                  • Opcode ID: ae3be572568f24c9e2d70560a2f5b2d1de07effebe944d51838e4ed41909b91e
                                                                                                                                                                                  • Instruction ID: ce420205b789ba9dc1be6ad96ed58f9bfa3329614f45a30981bf53988cf68d9e
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae3be572568f24c9e2d70560a2f5b2d1de07effebe944d51838e4ed41909b91e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B31A536618F8186E760DF25E8402EEB3A0FB887A4F940136EA8D43B54DF7CC595CB50
                                                                                                                                                                                  Function 00007FF7C109C688 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                  • Opcode ID: 220e77a53ef1a17a3be08ba79c58693656147ab1c29a76232f106e82a093aba7
                                                                                                                                                                                  • Instruction ID: 22be2e3763e4ce7e0b21dc09a87c0e17b9e6f4c281bad39076dbf54f61d1b025
                                                                                                                                                                                  • Opcode Fuzzy Hash: 220e77a53ef1a17a3be08ba79c58693656147ab1c29a76232f106e82a093aba7
                                                                                                                                                                                  • Instruction Fuzzy Hash: AB118E25E0C24383FB54AF21B62057AE360BF44BA4FC55035EA5A43685DFACF881C760
                                                                                                                                                                                  Function 00007FF7C0FF66B0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: ..\..\third_party\perfetto\src\protozero\static_buffer.cc$Static buffer too small (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 17069307-1723169051
                                                                                                                                                                                  • Opcode ID: 5139f0a85a3de955032f58c729ed5b9257e74cc2c64a7362f98c413b228d9f7f
                                                                                                                                                                                  • Instruction ID: aeaf0a6d185eac88824987722a78aeb3814a8b15eacc25cfa795ab512e61bc82
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5139f0a85a3de955032f58c729ed5b9257e74cc2c64a7362f98c413b228d9f7f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3112D122A09A8186EB20AF25D45037DB7A4FB94BA8F948235DB8D43B95DF3CF495C350
                                                                                                                                                                                  Function 00007FF7C0EDD390 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 372threadlibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$AddressLibraryLoadLongNamePathProc
                                                                                                                                                                                  • String ID: %08x-%04x-%04x-%04x-%012llx$..\..\base\files\file_util_win.cc$.tmp$CreateAndOpenTemporaryFileInDir$ProcessPrng$ScopedBlockingCall$bcryptprimitives.dll
                                                                                                                                                                                  • API String ID: 4272338124-2622647645
                                                                                                                                                                                  • Opcode ID: 973cbcfcdc11b6152ca54a7d9c97a81240c6d83072c640c5ddf4c09031f5d7d4
                                                                                                                                                                                  • Instruction ID: 7803fa3a4996ed072b8628139a116deea7080a33d664f151a166812f4ee25dff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 973cbcfcdc11b6152ca54a7d9c97a81240c6d83072c640c5ddf4c09031f5d7d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8025A32A0CBC586EB31AF15E5403EAA3A1FB94BA4F844131DA8D43BA5DF7CE185C750
                                                                                                                                                                                  Function 00007FF7C101CE00 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 394COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                  • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$ScopedBlockingCall$chrome.dll$enable-background-thread-pool
                                                                                                                                                                                  • API String ID: 1190089479-3721307498
                                                                                                                                                                                  • Opcode ID: fd1f6e008e67268f21c37c88b0100117a9d8827a2b4519f56469344693209d38
                                                                                                                                                                                  • Instruction ID: 799d8413f59191c4aa62fd3020672b8adfe22c1865d5c7e7d882e1e7049a36a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd1f6e008e67268f21c37c88b0100117a9d8827a2b4519f56469344693209d38
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61028C31A08A4686EB54FF11E4483B9B7A1EB44B74FE64135D96E423A1EFBCF485C720
                                                                                                                                                                                  Function 00007FF7C103DF20 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 200threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$CompletionEventPostQueuedStatus
                                                                                                                                                                                  • String ID: Chrome.MessageLoopProblem.COMPLETION_POST_ERROR$Chrome.MessageLoopProblem.MESSAGE_POST_ERROR$I$ScheduleWork$ScheduleWorkToSelf$WaitableEvent::Signal
                                                                                                                                                                                  • API String ID: 3823919964-1721350857
                                                                                                                                                                                  • Opcode ID: 079834976e3c9889d1dbaf4282a8bc1f38e969f0af46479a2bcc07e57ee33aa5
                                                                                                                                                                                  • Instruction ID: 72bb956fbaf29e037a0474b80b31f00bd87ddd534bd108ce387a10409682652f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 079834976e3c9889d1dbaf4282a8bc1f38e969f0af46479a2bcc07e57ee33aa5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1691C635608A4286FB20AF14F5903BAF7A1EB44BA4FC54135DA8D077A4DFADE585C720
                                                                                                                                                                                  Function 00007FF7C0EFBBE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 212fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesErrorExclusiveLastLock$AcquireCounterDeleteDirectoryPerformanceQueryReleaseRemove
                                                                                                                                                                                  • String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 4126504113-1263771705
                                                                                                                                                                                  • Opcode ID: 9b67c2088fc59ae45a70db1da0ba8ec1135e45f476d717d6603b43549f8b5aa9
                                                                                                                                                                                  • Instruction ID: c256bf355cf20681a68b33401943a5a9402c6e1f194d17d336115d49eb82bd72
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b67c2088fc59ae45a70db1da0ba8ec1135e45f476d717d6603b43549f8b5aa9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F81D122A0CA4645FB20BF21E4103BAE351AF81BB0FD54131DA8D877D5DF6EF5468BA1
                                                                                                                                                                                  Function 00007FF7C0FD9F60 Relevance: 15.3, APIs: 10, Instructions: 286COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 593636287-0
                                                                                                                                                                                  • Opcode ID: 6de5c40d0db44cba04cfc1a0ff9a8a7597ea320e950796035997b45bdbe35b2f
                                                                                                                                                                                  • Instruction ID: 910e0d9157bb005b1d7be1b1e529a226c2f712023582d399ac843f0d5d425f17
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de5c40d0db44cba04cfc1a0ff9a8a7597ea320e950796035997b45bdbe35b2f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22C1C022A0CB4681EB21AF21A510379A361BF45FB4F854232DA5E97790DF7DF4C2C3A4
                                                                                                                                                                                  Function 00007FF7C102CC30 Relevance: 15.2, APIs: 10, Instructions: 194COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2824607059-0
                                                                                                                                                                                  • Opcode ID: 76c09965ada01b5d92c6eee0f2b6c33fa6b5908643c7299a9d6531ba0fa746a0
                                                                                                                                                                                  • Instruction ID: 419afeb31fe5a3b2158acbcaecda085bdfc1d8a54c23ef80c53bac14518c86b7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c09965ada01b5d92c6eee0f2b6c33fa6b5908643c7299a9d6531ba0fa746a0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C61B221A0960686EF65BF15A914239A364BF45FB5F9A0971CD1E873E0CFBCE8C5C360
                                                                                                                                                                                  Function 00007FF7C0FD8C50 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 381COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                  • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$enable-background-thread-pool
                                                                                                                                                                                  • API String ID: 1190089479-3676744455
                                                                                                                                                                                  • Opcode ID: 9500ba63d2e51878e0ab6cbc504d39f53d47ea98fae46462e4ff44037ca09d57
                                                                                                                                                                                  • Instruction ID: 8d0e70f41354d58261ba25ca151f677f6e5289287b0b33160cc42c17058f2000
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9500ba63d2e51878e0ab6cbc504d39f53d47ea98fae46462e4ff44037ca09d57
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53027C21A0CB4686EB54FF55E8443B9A3A1AB44B74FD54131DA2E833A1DF7CF486C7A0
                                                                                                                                                                                  Function 00007FF7C0EFEB30 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 276timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$LocalTime
                                                                                                                                                                                  • String ID: )] $:.#$UNKNOWN$VERBOSE
                                                                                                                                                                                  • API String ID: 3586426482-1244416384
                                                                                                                                                                                  • Opcode ID: 0a53c9bab6da4d70b746ef184e061a2fda3b849d4194311a3877cfbee643182c
                                                                                                                                                                                  • Instruction ID: 846aeeb7626d9daa083905fa2fdb573ec1cebc51fd3f6e648863fddc5e5ca996
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a53c9bab6da4d70b746ef184e061a2fda3b849d4194311a3877cfbee643182c
                                                                                                                                                                                  • Instruction Fuzzy Hash: B0C1BD22709A4286EB10FF15E4502BAA7A0EB85FA4FC48035EE4E877A5DF7DF541C360
                                                                                                                                                                                  Function 00007FF7C101DDD0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 131libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7C101DDA9,?,?,?,?,00007FF7C0FD8AE0), ref: 00007FF7C101DF08
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7C101DDA9,?,?,?,?,00007FF7C0FD8AE0), ref: 00007FF7C101DF18
                                                                                                                                                                                    • Part of subcall function 00007FF7C0F730F0: WaitForSingleObject.KERNEL32 ref: 00007FF7C0F730FA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleObjectProcSingleWait
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
                                                                                                                                                                                  • API String ID: 2452614001-2914896919
                                                                                                                                                                                  • Opcode ID: 0a0878e11943811341ef80438624731e8059ecc1dd4f61f69806c3cba1fe438c
                                                                                                                                                                                  • Instruction ID: ca5cc6135aa7c65538706451114008a1b65f9020e85a889d50014b6c9756f9b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a0878e11943811341ef80438624731e8059ecc1dd4f61f69806c3cba1fe438c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D518D31A0CA4682FF54BF15F4542B9B3A2AF80BA4FD21036D95D473A1EFACE585C361
                                                                                                                                                                                  Function 00007FF7C1021870 Relevance: 13.6, APIs: 9, Instructions: 111threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2845919953-0
                                                                                                                                                                                  • Opcode ID: 4a2460e5feea845d0770e649b0e8a0a5084ed27ae922f44dc6b7649c15f2d7bc
                                                                                                                                                                                  • Instruction ID: 755fbec29cb89cf98477791e009a12e6f8b087b35e063df928d6acd408be0ba5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a2460e5feea845d0770e649b0e8a0a5084ed27ae922f44dc6b7649c15f2d7bc
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9517E25E18A4687F711FF35F855179E362AF45BB0F914232D92E132A1EFBCA486C360
                                                                                                                                                                                  Function 00007FF7C0ED26B0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\task\sequence_manager\work_tracker.cc$E$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$WaitNoSyncWork
                                                                                                                                                                                  • API String ID: 1678258262-2415033031
                                                                                                                                                                                  • Opcode ID: 124c27959f57da352ab1ca24cabc69c55b430d98f7a6b8e1a05a07993c9ae504
                                                                                                                                                                                  • Instruction ID: 202db5e6389d6c6f50ab7f919761e12c2244f55813cd79798ac638349e1897fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 124c27959f57da352ab1ca24cabc69c55b430d98f7a6b8e1a05a07993c9ae504
                                                                                                                                                                                  • Instruction Fuzzy Hash: E751B135A08B8682EB24EF15E4503B9B3A0FB54BA4F844036DA8D47755DF7DE14AC760
                                                                                                                                                                                  Function 00007FF7C0ED9320 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: 137c598eecb43e7c3ac92cc36fdc83dc2df0a740df58609db93d320d46979d5f
                                                                                                                                                                                  • Instruction ID: 42ec82dad9f42c693de66f6cfc73467ef66eb253a34a7d49c7daca9b368735bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 137c598eecb43e7c3ac92cc36fdc83dc2df0a740df58609db93d320d46979d5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22418C35A0DB4682FB25BF15A895379A221AF44B70FC84435D91E873A1DF7CB485C3A1
                                                                                                                                                                                  Function 00007FF7C10A3EC8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                  • String ID: MZx$api-ms-
                                                                                                                                                                                  • API String ID: 2559590344-259127448
                                                                                                                                                                                  • Opcode ID: 60619b0a41a83c94824ee0dc1da94f1909a4962e4e44d6481aaa8bc4d90f8d89
                                                                                                                                                                                  • Instruction ID: 74015bd36ed1deb0377b0eb3c148cde20fca980b11918f3c34f5cd5d7376ce7a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 60619b0a41a83c94824ee0dc1da94f1909a4962e4e44d6481aaa8bc4d90f8d89
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F31B621B2A64295EF15BF06A400A75E3A8FF44BB4F8A8539DD5D4B350DF7CE4848770
                                                                                                                                                                                  Function 00007FF7C0EDAFF0 Relevance: 12.1, APIs: 8, Instructions: 115threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$ExclusiveLock$Acquire$CounterPerformanceQueryRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1818721922-0
                                                                                                                                                                                  • Opcode ID: 635a66216e4fa743df2c8a957b8d48665c5b62ca7ca6d911d3a84572c369bab2
                                                                                                                                                                                  • Instruction ID: d752131f0fd8c4dd6a1d0dc1399c760d11143e5e3a54777eb2137a4221dc7326
                                                                                                                                                                                  • Opcode Fuzzy Hash: 635a66216e4fa743df2c8a957b8d48665c5b62ca7ca6d911d3a84572c369bab2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 20415636A49B06C2EB64BF15E550379A361EB84BB0F894431CA5D437A0EF7CF885C7A0
                                                                                                                                                                                  Function 00007FF7C0EF7F40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF813C
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF8179
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF81E3
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,-00000010,?,?,?,?,00007FF7C10D6A3B), ref: 00007FF7C0EF824C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$ReleaseValue
                                                                                                                                                                                  • String ID: ..\..\third_party\perfetto\src\protozero\static_buffer.cc$Static buffer too small (errno: %d, %s)
                                                                                                                                                                                  • API String ID: 2488027873-1723169051
                                                                                                                                                                                  • Opcode ID: 9f28383e9ab378ab6595b52b3289aa1ea456060469bf99ad3ebbfea727bc108f
                                                                                                                                                                                  • Instruction ID: 618b12d710227f7a0ace5f3cfda4b2cf64d293b6054dec5044b97b3188cb7a4a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f28383e9ab378ab6595b52b3289aa1ea456060469bf99ad3ebbfea727bc108f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E891AC32A08A469AEB10BF25E9442B9B7A1FB44BA4FD44131EA4D43794DF7CF585C3A0
                                                                                                                                                                                  Function 00007FF7C0EE8070 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 159COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID: ..\..\base\win\message_window.cc$Chrome_MessageWindow$Failed to create a message-only window$Failed to register the window class for a message-only window$MZx
                                                                                                                                                                                  • API String ID: 1452528299-3236826998
                                                                                                                                                                                  • Opcode ID: 4f93c8160a6040498567458eac20764e1bafae68049ee32a3ea32841cc293b73
                                                                                                                                                                                  • Instruction ID: a4f841842287804b5b347544e9cda3a01fe09e6a19837d186760ccb5a824fc89
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f93c8160a6040498567458eac20764e1bafae68049ee32a3ea32841cc293b73
                                                                                                                                                                                  • Instruction Fuzzy Hash: E871AD31A4CA4A82FB54BF14E9403B9A3A1FF44BA4FD04132D96D467E1EFACE042C761
                                                                                                                                                                                  Function 00007FF7C0EEC1D0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 151COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc$PERFETTO_CHECK(reinterpret_cast<uintptr_t>(begin) % kChunkAlignment == 0)$PERFETTO_CHECK(size > 0)
                                                                                                                                                                                  • API String ID: 17069307-524348897
                                                                                                                                                                                  • Opcode ID: 24c12f9b734c66b48824b418af82ee4fb2652749d259f3fffe367a07e690f8a6
                                                                                                                                                                                  • Instruction ID: f9dad7a24991474934937ed5288353cce82d932d8c169977d9a15f9c11d31356
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24c12f9b734c66b48824b418af82ee4fb2652749d259f3fffe367a07e690f8a6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8451E122A0869982F755BF25E4047ADB7A4FF44B64F848135EE5C43790DF7CE4A2C364
                                                                                                                                                                                  Function 00007FF7C102F870 Relevance: 10.6, APIs: 7, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4258034872-0
                                                                                                                                                                                  • Opcode ID: 613fecbf0c6430462b5f777b0508cb0a7c1c3067a5e4db70d5dee71cd6ac4b07
                                                                                                                                                                                  • Instruction ID: 6fc6bc62917ff4e49d2c1790f2d3507a9f6e61a573886cfa4d004a857d9ab019
                                                                                                                                                                                  • Opcode Fuzzy Hash: 613fecbf0c6430462b5f777b0508cb0a7c1c3067a5e4db70d5dee71cd6ac4b07
                                                                                                                                                                                  • Instruction Fuzzy Hash: D141C722F0565686EB16AF21A800379E360FB54BF5F9549B2DE1D07790DFBC98C5C350
                                                                                                                                                                                  Function 00007FF7C0EE4A10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\threading\hang_watcher.cc$UnregisterThread$it != watch_states_.end()
                                                                                                                                                                                  • API String ID: 1678258262-1505799933
                                                                                                                                                                                  • Opcode ID: 037edcb94c590b72f4ed389da50c4a7365bfd6ceb50492b2ecc5018b07b16730
                                                                                                                                                                                  • Instruction ID: e774ab63ba880df668f5b57fe0e4c1a3f4b47dd5d186009a7feb63b14fb902b2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 037edcb94c590b72f4ed389da50c4a7365bfd6ceb50492b2ecc5018b07b16730
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4514C62B49A0A81EB55FF11E454279A3A0BB44FB4F854431DE2E47790EF7CF842C364
                                                                                                                                                                                  Function 00007FF7C0EEE020 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 133libraryloaderthreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                                                                                                                                                                                  • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                  • API String ID: 4205643583-415897907
                                                                                                                                                                                  • Opcode ID: ffb13398a3542e26dfa457546c8eab5d4c12ac0b9a61c8aef060f9ef20f07efd
                                                                                                                                                                                  • Instruction ID: 74b6ab9463c924a1ac37be5feb1e19a97064d2796fd9792cdf094e890a03f718
                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb13398a3542e26dfa457546c8eab5d4c12ac0b9a61c8aef060f9ef20f07efd
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB417A32A09A4682EB14FF15E954179A3A1AF44BB0FD40131DA2E877A4DF7DF486C7A0
                                                                                                                                                                                  Function 00007FF7C100BDA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ..\..\base\memory\shared_memory_tracker.cc$DecrementMemoryUsage$it != usages_.end()
                                                                                                                                                                                  • API String ID: 1678258262-3010543142
                                                                                                                                                                                  • Opcode ID: bc1b4013e630dcee6112208a7e82479b1f1fa2a601f6c2764bf8402031e014a8
                                                                                                                                                                                  • Instruction ID: dc928e7a4ac5be8d3b8a989581e48854c7616eb5d892957fd3a7c37650c60d0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc1b4013e630dcee6112208a7e82479b1f1fa2a601f6c2764bf8402031e014a8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E416B6AB09A8682EF14EF129514179E3A1BF19FE4F858432DE0D0B754DFBCE895C320
                                                                                                                                                                                  Function 00007FF7C1039010 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 1646373207-3663164917
                                                                                                                                                                                  • Opcode ID: 9e03b54bddc0980920a8b32a0692d9b7d5c2e9ec651d10b4a9ac5ac2c17c8c5f
                                                                                                                                                                                  • Instruction ID: 5b19598acda196de9a54413d780b9ffcdb6dc6f9360929e05466c33b1c59ffc9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e03b54bddc0980920a8b32a0692d9b7d5c2e9ec651d10b4a9ac5ac2c17c8c5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53416E31A0CA8681FB21BF15F5553B9E361AF80BA4FC54035DA8E47795DEBCE186C360
                                                                                                                                                                                  Function 00007FF7C0FC9EF0 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandle$ErrorLast
                                                                                                                                                                                  • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                                                                                                                                                  • API String ID: 1798101686-1661544796
                                                                                                                                                                                  • Opcode ID: 2ae72de8744ba8cfa9121e3a2b89fdfd9fb1e1fb64acca0abaf814389d87283a
                                                                                                                                                                                  • Instruction ID: 89e2be8311233a0645d65cbd69517afe9037d9f7b6d2b7c119a6e2c5a648c01b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ae72de8744ba8cfa9121e3a2b89fdfd9fb1e1fb64acca0abaf814389d87283a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F731AF21B1C64782FB20BF21B8562BAE360AF41BA4FD14035D90D86B95DFACF586C770
                                                                                                                                                                                  Function 00007FF7C103E270 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$AddressCreateEventHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 687412823-1090674830
                                                                                                                                                                                  • Opcode ID: 926b55ce6d3c8c6ea0fb68d18d31fdcb8b1ff923bebfa6b8c4947460e32d6354
                                                                                                                                                                                  • Instruction ID: 3f4108dce368522762f1deca0a57d65223adac71a6e13f291a4906d5dcb61e1d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 926b55ce6d3c8c6ea0fb68d18d31fdcb8b1ff923bebfa6b8c4947460e32d6354
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F318E35A0D74B82FB29AF25B558779E251AF45BA0FC58434CA4E43790DFBCA485C360
                                                                                                                                                                                  Function 00007FF7C10961F4 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: 7ebc734ee44cc287cad0a22565030c003ffc5dcdd7282fed80855bba93b1f86c
                                                                                                                                                                                  • Instruction ID: eeabd17e2224e9ecd293601455b7d7dbb82d5a36a099f549c64a357c1aad404f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ebc734ee44cc287cad0a22565030c003ffc5dcdd7282fed80855bba93b1f86c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E219220B0D64642FB18BFA1A565139D2925F84BB0F864734D83E47BD6EEACB4838320
                                                                                                                                                                                  Function 00007FF7C0EEA300 Relevance: 10.6, APIs: 7, Instructions: 59threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00007FF7C0EEA317
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA330
                                                                                                                                                                                  • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA34D
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA364
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00007FF7C0EEA383
                                                                                                                                                                                  • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA39A
                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7C0EEA2C4,?,?,?,00007FF7C0FD9C2C), ref: 00007FF7C0EEA3C3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Thread$Priority$CurrentInformation
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3180331770-0
                                                                                                                                                                                  • Opcode ID: b6050db19ba1334f646b28b39040b34b330af5d0dbeaa66ae66bc0229ad75e65
                                                                                                                                                                                  • Instruction ID: 4aa0f161a6ba684ee9f1c237ed2f01945c654fbc17d372a90e7c99fd29105bf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6050db19ba1334f646b28b39040b34b330af5d0dbeaa66ae66bc0229ad75e65
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10218E31A18A1683E710BF21F95466DA2A0AF88FB0F954135DD1E43B94DF7CF8468760
                                                                                                                                                                                  Function 00007FF7C10A6684 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                  • Opcode ID: 741978a0998bfc87aef89c81d378bf6149570891829d04740e769a4e84b9bfcb
                                                                                                                                                                                  • Instruction ID: 3d1ca0230f9321788916345f1f78ba2077f9013cf48e0c0cfa265218ad6845a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 741978a0998bfc87aef89c81d378bf6149570891829d04740e769a4e84b9bfcb
                                                                                                                                                                                  • Instruction Fuzzy Hash: C9118131B28A4283E750AF12F854329E6A0FB88FF4F844234EA5D87794DFBCD8448750
                                                                                                                                                                                  Function 00007FF7C0EEC2A0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 345COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$PERFETTO_CHECK(ptr <= chunk.end() - SharedMemoryABI::kPacketHeaderSize)
                                                                                                                                                                                  • API String ID: 17069307-3792523027
                                                                                                                                                                                  • Opcode ID: 5afaef8b43b3e78a383d903b1babb7e1887c9b35eb94b8a40b2dc3276c72710b
                                                                                                                                                                                  • Instruction ID: c003730cbf363250fad336652f0b8820c0cc12c06ee42e15e58bd397e5533628
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5afaef8b43b3e78a383d903b1babb7e1887c9b35eb94b8a40b2dc3276c72710b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84F1E132A0878586E754EF25E04036EBBA0FB84B64F448136EBAD83794DF7CE492C750
                                                                                                                                                                                  Function 00007FF7C0EE8E70 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 321COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: ($UMA.PersistentAllocator.EarlyHistograms.
                                                                                                                                                                                  • API String ID: 1678258262-2412162110
                                                                                                                                                                                  • Opcode ID: 046b671d3790b33725780489130c9b6809e7afd8d58706bbdca1e039d0fa2bbf
                                                                                                                                                                                  • Instruction ID: 74450283ef525800e2dd36c41ca99d936f5d662d23934bbb856f3849528c90fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 046b671d3790b33725780489130c9b6809e7afd8d58706bbdca1e039d0fa2bbf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE19C31A49A8A81EB20BF11E4547B9A3A0EF84BA4F854535DEAD477D1DF7CF181C3A0
                                                                                                                                                                                  Function 00007FF7C10001E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.MismatchedConstructionArguments
                                                                                                                                                                                  • API String ID: 1678258262-1291613963
                                                                                                                                                                                  • Opcode ID: 5e4665ff32823282a26e0efbf0f47b0d54b8d2c841dc2afd416d3b0991948777
                                                                                                                                                                                  • Instruction ID: 0e22efd36e4c35bbf17df2d1a68e8b1d655c09e17220e30364ddaf7fd84a1f30
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4665ff32823282a26e0efbf0f47b0d54b8d2c841dc2afd416d3b0991948777
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1D1C322B0974682EB20EF15E44037AA3A0FB89BE4F928531DE4D47399DFBCE585C350
                                                                                                                                                                                  Function 00007FF7C108B7B8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                  • String ID: MZx
                                                                                                                                                                                  • API String ID: 2718003287-2575928145
                                                                                                                                                                                  • Opcode ID: 2672e53833cb2fc68dffb8b7191d881260781bfdfc968900550d8bdf3fe9f617
                                                                                                                                                                                  • Instruction ID: 88abdbd6cb511179b4e20fe628474375b500f353309498cacc74c05d7c283ccd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2672e53833cb2fc68dffb8b7191d881260781bfdfc968900550d8bdf3fe9f617
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D11232B0CA8189F710DF65D4406ACBBB1FB44BA8B854236CE5D97F99DE78D486C350
                                                                                                                                                                                  Function 00007FF7C0FD4FC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                  • String ID: ProcessPrng$bcryptprimitives.dll$xn--
                                                                                                                                                                                  • API String ID: 2574300362-110522026
                                                                                                                                                                                  • Opcode ID: 22dd28c5f545e4ae27005e6343604365e7982823b25def481a772eda2806ca82
                                                                                                                                                                                  • Instruction ID: c101751fdf527b72868f167f93ad3ebfd53ec0b9b3edbf0c2cb54b411f359872
                                                                                                                                                                                  • Opcode Fuzzy Hash: 22dd28c5f545e4ae27005e6343604365e7982823b25def481a772eda2806ca82
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC516A11B1D74642FE56BF22A9153B9D291AF45FE0F848035DD0D86B91EF6CF88683A0
                                                                                                                                                                                  Function 00007FF7C0F0CA90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: BuildEntriesErrorFreeLastLocalTrusteeWith
                                                                                                                                                                                  • String ID: chrome.dll
                                                                                                                                                                                  • API String ID: 2527364759-3400337608
                                                                                                                                                                                  • Opcode ID: 85e5967dc056fce3d03f4d6dfce389c51fa2594b11df715209a42504e88dec8c
                                                                                                                                                                                  • Instruction ID: 62ea7e58b92e7353798b7b7ae1a2acc175bed630ab10b0ee97026a173476e090
                                                                                                                                                                                  • Opcode Fuzzy Hash: 85e5967dc056fce3d03f4d6dfce389c51fa2594b11df715209a42504e88dec8c
                                                                                                                                                                                  • Instruction Fuzzy Hash: C551C462F0D68586EA54EF26942037AB290BB88BACF848531ED5D87780DF7CE4C1C790
                                                                                                                                                                                  Function 00007FF7C0F18780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F1888E
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F1889E
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F188D6
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF7C0F1873F), ref: 00007FF7C0F188E6
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 01a34f57522744a643f27f2d4a8ae2a9bc282450086d1b7509d6dc446243bc59
                                                                                                                                                                                  • Instruction ID: ac100d0b1771f9a199b993320bd73a64a8147e2a99a15455a7d2353e847c8d05
                                                                                                                                                                                  • Opcode Fuzzy Hash: 01a34f57522744a643f27f2d4a8ae2a9bc282450086d1b7509d6dc446243bc59
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D410825A0DA0A82EB24BF16F6553B9A361AF40BB0FD44035C94E873A4CF7CF485C3A1
                                                                                                                                                                                  Function 00007FF7C0F0F760 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLockLongNamePath$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                  • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                                                                                                                                                                  • API String ID: 839722070-2989128051
                                                                                                                                                                                  • Opcode ID: 4636efea944cf44f1e431927b2c17e434c99e50b3f144c8e32c73cde9d1bdd8a
                                                                                                                                                                                  • Instruction ID: da74facf393bc4b7c8b5b5c6d5494b2fb8150d58a57a48acda15cfb179d55238
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4636efea944cf44f1e431927b2c17e434c99e50b3f144c8e32c73cde9d1bdd8a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A41C621A1CA9281FB21EF25E5107F6A360BF85B64F889031DA8D43B55EFBCE1C98750
                                                                                                                                                                                  Function 00007FF7C0F184B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93libraryloadersynchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleObjectProcProcessSingleTerminateWait
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 2756416720-1090674830
                                                                                                                                                                                  • Opcode ID: ecab3e3e0c089c75540709eca076c008db8b0d063cd39c9e3bfda395cc9f4466
                                                                                                                                                                                  • Instruction ID: e816b498f6bfcd8b6a602a46482d8d51710fe849cc16dac64e11f4f755c2fafc
                                                                                                                                                                                  • Opcode Fuzzy Hash: ecab3e3e0c089c75540709eca076c008db8b0d063cd39c9e3bfda395cc9f4466
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54418425A1D60682FB24FF11E2543B9E261EF44BB0FC44031CA4E83791DF6CF48683A1
                                                                                                                                                                                  Function 00007FF7C10391E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1762409328-1090674830
                                                                                                                                                                                  • Opcode ID: 374d48ad0d2bed8e3e4dacd373ad3e60ba5ac0ec7f2795bce2fa07eeccda10f5
                                                                                                                                                                                  • Instruction ID: 706139073209ec0998c4bade8867db895c14c9edacdf2004d5de8aafded5d4ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 374d48ad0d2bed8e3e4dacd373ad3e60ba5ac0ec7f2795bce2fa07eeccda10f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7931AE36A08E4682EB25AF16A540379B761BB45B60FC18431CA5E433A1DFBCE4D5C360
                                                                                                                                                                                  Function 00007FF7C103FA50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7C103FB36
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7C103FB46
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1682205630
                                                                                                                                                                                  • Opcode ID: 41ec0bf95298dbfcabc368b0e3ffd928ebb2fe2b21ae8af417a30a1e60c3387c
                                                                                                                                                                                  • Instruction ID: c86f61f3179d40c2f63cbf2ca8576306eb23c3e69279e76097525a14db7d7aef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 41ec0bf95298dbfcabc368b0e3ffd928ebb2fe2b21ae8af417a30a1e60c3387c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B31A120A0CA8781FB25BF25F5653B9D361BF80BA4FD14031D94E437A0EEACE586C361
                                                                                                                                                                                  Function 00007FF7C1080894 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                  • Opcode ID: 13df5ce38fb156cefe56dd94bd3652ef1bade8bf14340295928b618caeb48d88
                                                                                                                                                                                  • Instruction ID: 2dbd654c3d64f4614a67798cc567961df74a5b92684632e103b45f7f4685345e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 13df5ce38fb156cefe56dd94bd3652ef1bade8bf14340295928b618caeb48d88
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40F0C261B2970682FB10AF24F454379A320EF44B70FD00235C6AD066E8DFACD588C3A0
                                                                                                                                                                                  Function 00007FF7C0F72B90 Relevance: 7.8, APIs: 5, Instructions: 336COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C119A700,00007FF7C119A700,?,00000001,00000000,?,00007FF7C0F74675), ref: 00007FF7C0F7309E
                                                                                                                                                                                    • Part of subcall function 00007FF7C0F75870: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000198), ref: 00007FF7C0F758C6
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72DCD
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72E9F
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72ED8
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0F72FA3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: e484edf4434918ffb1e09d753d9c610cc8b2120032f89aad0b0583e76e1f55f5
                                                                                                                                                                                  • Instruction ID: 0bdb1ecfc8dcbcefa0e8e1085bc4dda82e04bc3c040adfeb7fb30928223f1ead
                                                                                                                                                                                  • Opcode Fuzzy Hash: e484edf4434918ffb1e09d753d9c610cc8b2120032f89aad0b0583e76e1f55f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E1E132A08A4582EB54DF29E458379B7A1FB48BB4F844231EB6E437A4DF7DE485C350
                                                                                                                                                                                  Function 00007FF7C0F18950 Relevance: 7.7, APIs: 5, Instructions: 165COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease$UnregisterWait
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2338655335-0
                                                                                                                                                                                  • Opcode ID: d0f68ebfad5e455230e52523ffc722c858d44b856bfe22fe4db7eb134da450d5
                                                                                                                                                                                  • Instruction ID: 460feab7341ced0da9491e309524ccfd5e6b2d744f5ba0c3c1fa03cca46066e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f68ebfad5e455230e52523ffc722c858d44b856bfe22fe4db7eb134da450d5
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF519362B1DA5682EA10FF11A6101B9A350BF85BB0F994635ED6D837D0DF7DF482C360
                                                                                                                                                                                  Function 00007FF7C1096434 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C1096453
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C1096472
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C109649A
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C10964AB
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF7C1098873,?,?,00000000,00007FF7C109878A), ref: 00007FF7C10964BC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 2466618eabf79cfc8f4079df219ec32fdae25c47607054c56235cb4a8af0e319
                                                                                                                                                                                  • Instruction ID: a1769be5f064f7fcad76da58f780d93a1ad72af52714d32bf11a709f232cbe0a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2466618eabf79cfc8f4079df219ec32fdae25c47607054c56235cb4a8af0e319
                                                                                                                                                                                  • Instruction Fuzzy Hash: 80116D20E0C25602FB58BFA1A571179E2865F847B0EC64334D93D46BC6EEACB4834231
                                                                                                                                                                                  Function 00007FF7C10962C8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: e46dcc0af29b572bea9188fb6dab3bb5616f701afb0bc69f194c4f05d8fc2bb9
                                                                                                                                                                                  • Instruction ID: 33066a1745a1562eebf71806e6041b81050de082342fed5860bfdb6dabb55bdd
                                                                                                                                                                                  • Opcode Fuzzy Hash: e46dcc0af29b572bea9188fb6dab3bb5616f701afb0bc69f194c4f05d8fc2bb9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A11E810E0D24742FB58BF71A47257992855F85770EDA8734D83E4A6D2EEADB4C34231
                                                                                                                                                                                  Function 00007FF7C0FD7360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD7434
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD74AA
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C0ED56D2), ref: 00007FF7C0FD74BA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: fb5881440c751add0dac8f46d5d66ef300e6c2eafef807dd101a05aefb02d522
                                                                                                                                                                                  • Instruction ID: f111eb0a871d716a721d0c69699216a73159ba684784633b33a61fdd83daeda1
                                                                                                                                                                                  • Opcode Fuzzy Hash: fb5881440c751add0dac8f46d5d66ef300e6c2eafef807dd101a05aefb02d522
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D41A122B0D74682FB26BF16A454278D651AB41BB0FC48431CE1E8B791EF7CB586C3A0
                                                                                                                                                                                  Function 00007FF7C0ED7F60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED8029
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED80CF
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CE70: AcquireSRWLockExclusive.KERNEL32(?,?,00000198,00007FF7C0F90F83,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CE80
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C0ED814A
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDA4
                                                                                                                                                                                    • Part of subcall function 00007FF7C106CD94: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0F74665), ref: 00007FF7C106CDE4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.TooManyBuckets.1000
                                                                                                                                                                                  • API String ID: 1678258262-786474106
                                                                                                                                                                                  • Opcode ID: 0c2c71ba42dbc3db91620377ee9654bc0550e33b447ccf794a0f8c1c5fb99121
                                                                                                                                                                                  • Instruction ID: d1aaceea8011af5bd6867e31d4f83eb4cd0370cd86fa182e03f6ddd822cb0939
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c2c71ba42dbc3db91620377ee9654bc0550e33b447ccf794a0f8c1c5fb99121
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5514121A0864682FB10FF15E9502B9A361EB45BB4FD44132DA5D837A5DFACF48AC360
                                                                                                                                                                                  Function 00007FF7C0FFA7B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID: Histogram.TooManyBuckets.1000
                                                                                                                                                                                  • API String ID: 1678258262-786474106
                                                                                                                                                                                  • Opcode ID: d5a5028f9f4a70f86bbf5af9e1ab828fca3f0666923c0e2e856acb2f53e5ec4f
                                                                                                                                                                                  • Instruction ID: 9924d38452c96c03a97a1ce87ce9894cf96a0369f64f4bf9101817bbc77f112e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a5028f9f4a70f86bbf5af9e1ab828fca3f0666923c0e2e856acb2f53e5ec4f
                                                                                                                                                                                  • Instruction Fuzzy Hash: F1313071E0CA0A86FB14BF15A55067893E1AF44BF0F955131D82E577A0CFACF481C661
                                                                                                                                                                                  Function 00007FF7C0FD8AF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConditionSleepVariable
                                                                                                                                                                                  • String ID: ..\..\base\synchronization\condition_variable_win.cc$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait
                                                                                                                                                                                  • API String ID: 1382704212-1641630961
                                                                                                                                                                                  • Opcode ID: ab94b1d782c197831efa4a0e349b632c348739a28c7ec5b76b0ae22641b4c047
                                                                                                                                                                                  • Instruction ID: f30fe7920f11e02ed27bc64e71d8fc0ac24e182905b3ad5f669f980e474c064b
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab94b1d782c197831efa4a0e349b632c348739a28c7ec5b76b0ae22641b4c047
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1531AE31A0CBC595F761AF29B4013EAB7A0BB81764F844132DA8C42B95DF6DE08BC760
                                                                                                                                                                                  Function 00007FF7C0EE95C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 4275029093-1090674830
                                                                                                                                                                                  • Opcode ID: 2e024411294a27264bda0bc347b9a1f8ae008beb8ca34edf28a9f3d41e91c5b7
                                                                                                                                                                                  • Instruction ID: 551b846d6b413cc91edc1d47edc80e3735c8c07341659525121de3e0b11b84a7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e024411294a27264bda0bc347b9a1f8ae008beb8ca34edf28a9f3d41e91c5b7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91215435A4DB0B82FB257F15A4552799251AF45B70FC08436CD1E87390DF7CB895C3A1
                                                                                                                                                                                  Function 00007FF7C0EE1C00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000001,00000000,?,00007FF7C0EDCA2D,?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C18
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000001,00000000,?,00007FF7C0EDCA2D,?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C80
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7C0EDC89D), ref: 00007FF7C0EE1C90
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 3224599007-1090674830
                                                                                                                                                                                  • Opcode ID: 257be09a64f07e067b47262ac3fd06d5efcb6394cbcdf031b0edf6dea8590f5f
                                                                                                                                                                                  • Instruction ID: 4e97bd3f9111d1a703e6d6c5e1f5f0483bccf9bcd53f50063142cee7773c03a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 257be09a64f07e067b47262ac3fd06d5efcb6394cbcdf031b0edf6dea8590f5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF213E35A4CA0A82EB29BF25E454379D321AF44FA4FA44571D91E833A0DF6DB4C5C3A1
                                                                                                                                                                                  Function 00007FF7C0F1F540 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastUnlock
                                                                                                                                                                                  • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$UnlockFileEx
                                                                                                                                                                                  • API String ID: 3655728120-3540829929
                                                                                                                                                                                  • Opcode ID: 5fb87a611bca4d73144f19a369d44b682422db7df117ca47698c64429257cf18
                                                                                                                                                                                  • Instruction ID: 11cad8d53e2fa0ff8eab587696645d5dc8e30ac54039d109e4cd40817d1a0481
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fb87a611bca4d73144f19a369d44b682422db7df117ca47698c64429257cf18
                                                                                                                                                                                  • Instruction Fuzzy Hash: B711E432A1CA5691F720BF25F4013B9A361AF447B4FC58231C85C47790EF6CE2868B60
                                                                                                                                                                                  Function 00007FF7C108B390 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C108B7A3,?), ref: 00007FF7C108B4AC
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C108B7A3,?), ref: 00007FF7C108B537
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                  • Opcode ID: a46f1c941d9f676f1e9b9ee0d4017086c39f87b6bbeddcc237c03f2c3d073e5d
                                                                                                                                                                                  • Instruction ID: 6d3d4615a878294db17cb04ed74124c22c076246dbf05734e164d49202598bb0
                                                                                                                                                                                  • Opcode Fuzzy Hash: a46f1c941d9f676f1e9b9ee0d4017086c39f87b6bbeddcc237c03f2c3d073e5d
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC91CF22E0C65685F750EF2594502BDBBA0FB04BA8F954139DE0E66E95DEBCE482C720
                                                                                                                                                                                  Function 00007FF7C0EFBF30 Relevance: 6.2, APIs: 4, Instructions: 150fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesDeleteDirectoryErrorLastRemove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1000165283-0
                                                                                                                                                                                  • Opcode ID: 3d33d9c72eb8fcaffc15c2131c386160a0200233fcd09240e8119d7cf839d9b1
                                                                                                                                                                                  • Instruction ID: 63f050e7d59277eb434287b55cf25812c739ae099538626ea7b634e94bcd032f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d33d9c72eb8fcaffc15c2131c386160a0200233fcd09240e8119d7cf839d9b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A51C722B4D64689FA15BF61A95037AE790AF80BE4FD00031ED4D83B95EF6DF446C7A0
                                                                                                                                                                                  Function 00007FF7C0ED3A70 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1678258262-0
                                                                                                                                                                                  • Opcode ID: 35cf6f981fe6dea0949239f0f4838ec27b275adfaa112027fd632b6dd37ce083
                                                                                                                                                                                  • Instruction ID: ebeebc0fd9326e3968183fa36fc1936f289363b8fdcc6811cc8571dc6f59e163
                                                                                                                                                                                  • Opcode Fuzzy Hash: 35cf6f981fe6dea0949239f0f4838ec27b275adfaa112027fd632b6dd37ce083
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4418F12B4E78191EA65BF3294042B9E7A1EB85B74F8C8136CA4D47381DF7DB886C360
                                                                                                                                                                                  Function 00007FF7C0F1B910 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,7FFFFFFFFFFFFFF8,00007FF7C0ED241B), ref: 00007FF7C0F1B939
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B974
                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B990
                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C119A740,?,?,?), ref: 00007FF7C0F1B9A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                  • Opcode ID: dcf0e8028572862e1bd733bb4442979cc67ab2a37d08acb376053e500a09972b
                                                                                                                                                                                  • Instruction ID: 4ade7c7a202215eaffa98f0568ee6f9c8abd42e019b48b25f6e36fbaacccc953
                                                                                                                                                                                  • Opcode Fuzzy Hash: dcf0e8028572862e1bd733bb4442979cc67ab2a37d08acb376053e500a09972b
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6213E32A19A4A92EB11AF05F944178A3A1BF00BB4FC00631DE6D463A0DFBCA586C790
                                                                                                                                                                                  Function 00007FF7C0EE4C90 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$Current$CodeExitMultipleObjectsWait
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3026435989-0
                                                                                                                                                                                  • Opcode ID: 91ed608a89dbea9f9a13e8fb60de240ecb1e8dfc0b46f94829d1fbf9d7cfe291
                                                                                                                                                                                  • Instruction ID: 1ddf16e86c82f26c54606596e1e0f21cfc3634ba110dbc5d69902a5ff379f1b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 91ed608a89dbea9f9a13e8fb60de240ecb1e8dfc0b46f94829d1fbf9d7cfe291
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC11DBB160990A82F7617F15F854239E3A0AF44BA0FA48434CA6D83790DF7CE485C760
                                                                                                                                                                                  Function 00007FF7C106FA94 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: df166ec9bdf915b1a4cb18e9f5c7c565ee8334193d4342c14a45c8c9e10148fe
                                                                                                                                                                                  • Instruction ID: e8774384ff37042ec9c628cf1773f768cabc39b142734b0633ac3d53a4f685a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: df166ec9bdf915b1a4cb18e9f5c7c565ee8334193d4342c14a45c8c9e10148fe
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE115126B14F058AEB00DF60E8542B873A4F719B68F841D31DA2D42754DF7CD558C390
                                                                                                                                                                                  Function 00007FF7C0ED90B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: cf43062b6510816c421a538acce0e12d859501adc8af8735d4fc562d25f3c396
                                                                                                                                                                                  • Instruction ID: e988525175a897715aead9c03e958d3610c98ab0209c510e70e9725fd94dac33
                                                                                                                                                                                  • Opcode Fuzzy Hash: cf43062b6510816c421a538acce0e12d859501adc8af8735d4fc562d25f3c396
                                                                                                                                                                                  • Instruction Fuzzy Hash: AF519131B4974691EA14BF25F850378B351EB94BA0F988931CA1D87BA4DF7DF452C360
                                                                                                                                                                                  Function 00007FF7C109B3B8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: GetLastError.KERNEL32 ref: 00007FF7C1096203
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: FlsGetValue.KERNEL32 ref: 00007FF7C1096218
                                                                                                                                                                                    • Part of subcall function 00007FF7C10961F4: SetLastError.KERNEL32 ref: 00007FF7C10962A3
                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7C1081638), ref: 00007FF7C109B4A4
                                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7C1081638), ref: 00007FF7C109B4DC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast$CodePageValidValue
                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                  • API String ID: 1184045147-905460609
                                                                                                                                                                                  • Opcode ID: b667834869973abe9a75217fb2699f0f92a347d48eb77e9fc552f1f1f80fb36d
                                                                                                                                                                                  • Instruction ID: f125b986e207c4c0370e0146be6deed7c266f4b19e50a50383dc64adcb18f3b5
                                                                                                                                                                                  • Opcode Fuzzy Hash: b667834869973abe9a75217fb2699f0f92a347d48eb77e9fc552f1f1f80fb36d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2061A222A1874281FB64FF129520AB9A364AF44BB0F864131DE5C077C6DFBCE9D1C361
                                                                                                                                                                                  Function 00007FF7C108BE50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                  • Opcode ID: b59a8b98753be9fc18698dacda24cb81b4d0f9a1b69ff4c74740e361ec616263
                                                                                                                                                                                  • Instruction ID: b40f649c5b6eebaebd0158f5e6844601c349a8cac0e2ea762a3cdd34fe269480
                                                                                                                                                                                  • Opcode Fuzzy Hash: b59a8b98753be9fc18698dacda24cb81b4d0f9a1b69ff4c74740e361ec616263
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD41B66271CA4186EB20DF25E4543BAB7A1FB94BA4F854031EE4D87B94DFBCD441CB60
                                                                                                                                                                                  Function 00007FF7C0F6E9F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionGlobalMemoryRaiseStatus
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 367200128-2766056989
                                                                                                                                                                                  • Opcode ID: 12061d95fdab03c538e9020c3639f455dbc69da12756165f845991ad265b71e6
                                                                                                                                                                                  • Instruction ID: a2bc65dedfa1b2dacc5341ddd56d173a236ea6480ce31b64b06a5e5fca739da3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 12061d95fdab03c538e9020c3639f455dbc69da12756165f845991ad265b71e6
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3115E62D2C7C282E700AF64E44167AE720FBD9760F644239F6C941E59DFACE684CB90
                                                                                                                                                                                  Function 00007FF7C106C650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Event
                                                                                                                                                                                  • String ID: WaitableEvent::Signal$WorkerThread::WakeUp
                                                                                                                                                                                  • API String ID: 4201588131-1078715686
                                                                                                                                                                                  • Opcode ID: 1f96355f4c94133f67d59e2f386e2e737b87b4b3eac844566d6f882d260a857b
                                                                                                                                                                                  • Instruction ID: 2f20afe7624430f1c50f9d127353fe5498ca68ec520540a31caca7bca6235a58
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f96355f4c94133f67d59e2f386e2e737b87b4b3eac844566d6f882d260a857b
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE215172618B5282EB11AF24F4503B9B3A0FB44B64F826072EA9D07754CFBCE546C720
                                                                                                                                                                                  Function 00007FF7C0EE40E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: QueryPerformanceCounter.KERNEL32 ref: 00007FF7C101CF29
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7C101CF89
                                                                                                                                                                                    • Part of subcall function 00007FF7C101CE00: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7C101CFD9
                                                                                                                                                                                  • GetFileSizeEx.KERNEL32 ref: 00007FF7C0EE4165
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCounterFilePerformanceQueryReleaseSize
                                                                                                                                                                                  • String ID: ..\..\base\files\file_win.cc$GetLength
                                                                                                                                                                                  • API String ID: 870130176-1822068241
                                                                                                                                                                                  • Opcode ID: 7d20dff335bb3ed0df1d23da93880758d6c75023571ae984c38e37753db00413
                                                                                                                                                                                  • Instruction ID: 4e193a702ddf58cadd41a4351bcd87d58d519c91b0ee75c2b4f26f7dc767ea83
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d20dff335bb3ed0df1d23da93880758d6c75023571ae984c38e37753db00413
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF11B13170898681FB61AF29A8157E9A3A0BF84BA8F815031DE8D13B14EE7DE1878750
                                                                                                                                                                                  Function 00007FF7C106FC1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C10AA9F1), ref: 00007FF7C106FC6C
                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C10AA9F1), ref: 00007FF7C106FCAD
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                  • Opcode ID: 5ad9a2e7260239cac5118377ad6587ea1122a789ddd6e2fb2c4436d479ea23c7
                                                                                                                                                                                  • Instruction ID: 3edf77f9982a7563958ba45176fb2f4dfe615825b0722f50d968dc65d7305a6b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ad9a2e7260239cac5118377ad6587ea1122a789ddd6e2fb2c4436d479ea23c7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E118F32628B8582EB219F15F51026AB7E1FB88BA4F994230DF9C07758DF7CD951CB00
                                                                                                                                                                                  Function 00007FF7C10B9B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • overflow_error was thrown in -fno-exceptions mode with message "%s", xrefs: 00007FF7C10B9B37
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                  • String ID: overflow_error was thrown in -fno-exceptions mode with message "%s"
                                                                                                                                                                                  • API String ID: 17069307-2656094229
                                                                                                                                                                                  • Opcode ID: 7c351e97509bfc1bd9518450cbded3244fccacf144971ccce5a5482732ffa885
                                                                                                                                                                                  • Instruction ID: 1921401f9dd1d40ee533a429f711e76fd228a9ac697a4375196bf4bf8c08c486
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c351e97509bfc1bd9518450cbded3244fccacf144971ccce5a5482732ffa885
                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F08212E0954A83EB06BF16F9853B8A361AF54FB1FD44031CE0D02760DFAC59CAC360
                                                                                                                                                                                  Function 00007FF7C1056080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000001A.00000002.22793014516.00007FF7C0ED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C0ED0000, based on PE: true
                                                                                                                                                                                  • Associated: 0000001A.00000002.22792831690.00007FF7C0ED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794498227.00007FF7C1138000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794821920.00007FF7C1187000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22794985866.00007FF7C1188000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795134138.00007FF7C1189000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795342345.00007FF7C1195000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795451226.00007FF7C11A1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795686108.00007FF7C11B7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795842536.00007FF7C11B8000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000001A.00000002.22795948141.00007FF7C11B9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_26_2_7ff7c0ed0000_onestart.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                  • String ID: GetHandleVerifier
                                                                                                                                                                                  • API String ID: 1646373207-1090674830
                                                                                                                                                                                  • Opcode ID: 18fdafec04d4c3a1df42026052fa72b2e387c83aedea660d467e154bae152191
                                                                                                                                                                                  • Instruction ID: 41ee50e05ae89c6d69579a595d61f1a277e9d6194d2a87b27ac5e7119d83753a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18fdafec04d4c3a1df42026052fa72b2e387c83aedea660d467e154bae152191
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5013624E0DA1782FB25BF55A46427693616F44F70FC19435D81E433A0DEADE886C365