Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
as-installer-7.0.2594-web.exe

Overview

General Information

Sample name:as-installer-7.0.2594-web.exe
Analysis ID:1431891
MD5:300f31971ebd5be2cc52e0925b8f8776
SHA1:84d4858f76728b3809402183670b732fee418410
SHA256:bd98e452f417b03919ce232385d4d5022e1fcea9f57de86fafe934c53c117c24
Infos:

Detection

Score:39
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

.NET source code contains potential unpacker
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • as-installer-7.0.2594-web.exe (PID: 7504 cmdline: "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" MD5: 300F31971EBD5BE2CC52E0925B8F8776)
    • as-installer-7.0.2594-web.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504 MD5: 300F31971EBD5BE2CC52E0925B8F8776)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: as-installer-7.0.2594-web.exe PID: 7524JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000559EA DecryptFileW,DecryptFileW,0_2_000559EA
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00076A8B _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_00076A8B
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00055C08 DecryptFileW,0_2_00055C08
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00054C6D CryptHashPublicKeyInfo,_memcmp,_memcmp,GetLastError,0_2_00054C6D
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00054DE0 _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust,0_2_00054DE0
      Source: as-installer-7.0.2594-web.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 52.92.181.152:443 -> 192.168.2.4:49733 version: TLS 1.0
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\License.rtfJump to behavior
      Source: as-installer-7.0.2594-web.exeStatic PE information: certificate valid
      Source: as-installer-7.0.2594-web.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller\obj\Release\Xeam.VisualInstaller.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb3 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: C:\src\wix39\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.MVVM\obj\Release\Xeam.Base.MVVM.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: $^q!costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.UI\obj\Release\Xeam.Base.UI.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: xeam.base.ui9costura.xeam.base.ui.dll.zip9costura.xeam.base.ui.pdb.zip/xeam.license.activationOcostura.xeam.license.activation.dll.zipOcostura.xeam.license.activation.pdb.zip#xeam.license.coreCcostura.xeam.license.core.dll.zipCcostura.xeam.license.core.pdb.zip3xeam.visualinstaller.dataScostura.xeam.visualinstaller.data.dll.zipScostura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: {0}.{1}!bootstrappercoreAcostura.bootstrappercore.dll.zip9system.windows.interactivityYcostura.system.windows.interactivity.dll.zip'xeam.base.documentsGcostura.xeam.base.documents.dll.zipGcostura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.Data\obj\Release\Xeam.VisualInstaller.Data.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr
      Source: Binary string: costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: C:\src\wix39\build\ship\x86\burn.pdb source: as-installer-7.0.2594-web.exe
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
      Source: Binary string: costura.xeam.base.ui.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb`\~\ p\_CorDllMainmscoree.dll source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: $^q#costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: $^q)costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: $^q'costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.DummyLicenseValidator\obj\Release\Xeam.DummyLicenseValidator.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2928811138.00000000073E2000.00000002.00000001.01000000.0000000F.sdmp, Xeam.DummyLicenseValidator.dll.1.dr
      Source: Binary string: xeam.base.mvvm=costura.xeam.base.mvvm.dll.zip=costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: c:\src\wix39\build\obj\ship\x86\core\BootstrapperCore.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr
      Source: Binary string: C:\src\wix39\build\ship\x86\mbahost.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.1.dr
      Source: Binary string: costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb8 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
      Source: Binary string: C:\Jenkins_MCU\workspace\as-bootstrapper\bootstrapper\vsproj\as-bootstrapper.Ui\obj\External\as-bootstrapper.Ui.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007DAF5 _memset,FindFirstFileW,FindClose,0_2_0007DAF5
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007E632 _memset,_memset,GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,0_2_0007E632
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0005568E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_0005568E

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll, type: DROPPED
      Source: global trafficHTTP traffic detected: GET /atmel-studio/update-info/7.0/update-aws.xml HTTP/1.1Host: s3-us-west-2.amazonaws.comConnection: Keep-Alive
      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
      Source: unknownHTTPS traffic detected: 52.92.181.152:443 -> 192.168.2.4:49733 version: TLS 1.0
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007FFA3 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError,0_2_0007FFA3
      Source: global trafficHTTP traffic detected: GET /atmel-studio/update-info/7.0/update-aws.xml HTTP/1.1Host: s3-us-west-2.amazonaws.comConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: s3-us-west-2.amazonaws.com
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://Laika42.License.LicenseInfoObject
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://Laika42.License.PrivateKeyFile
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://Laika42.License.PrivateKeyFilely
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics-time
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Brushes.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Colours.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Buttons.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.ListView.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Scrollbars.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Fonts.xamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Styles/Brushes.xaml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Styles/Controls.ListView.xaml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Styles/Controls.Scrollbars.xaml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Styles/Controls.xaml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/brushes.baml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/brushes.bamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.baml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.bamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.listview.baml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.listview.bamld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.scrollbars.baml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/styles/controls.scrollbars.bamld
      Source: License.rtf.1.drString found in binary or memory: http://mvvmlight.codeplex.com/license
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mvvmlight.codeplex.com/licenseLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mvvmlight.codeplex.com/licenseo
      Source: Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://ocsp.comodoca.com0
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://ocsp.digicert.com0A
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://ocsp.digicert.com0C
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://ocsp.digicert.com0H
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://ocsp.digicert.com0I
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://ocsp.digicert.com0X
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
      Source: License.rtf.1.drString found in binary or memory: http://opensource.org/licenses/apache2.0.php
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://opensource.org/licenses/apache2.0.phpLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
      Source: Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/Laika42.Base.Documents
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: License.rtf.1.drString found in binary or memory: http://sourceware.org/newlib/COPYING.NEWLIB
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://test.laika42.com/update/testsetup.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://wixtoolset.org/
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.drString found in binary or memory: http://wixtoolset.org/news/
      Source: mbapreq.thm.1.drString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://wixtoolset.org/telemetry/v
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ww1.microchip.com/downloads/en/DeviceDoc/Getting-Started-with-Atmel-Studio7.pdf
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.arm.c
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.arm.cLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, License.rtf.1.drString found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontr
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, License.rtf.1.drString found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontroller-software-inte
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontroller-software-interface-standard.p
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004BC2000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.atmel.com/About/privacy.aspx
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: http://www.atmel.com/About/privacy.aspx?
      Source: License.rtf.1.drString found in binary or memory: http://www.boost.org/users/license.html
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.boost.org/users/license.html:
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.boost.org/users/license.htmlLR
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.o
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.oLR
      Source: License.rtf.1.drString found in binary or memory: http://www.gnu.org/licenses/gpl.html
      Source: License.rtf.1.drString found in binary or memory: http://www.gnu.org/licenses/lgpl.html
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmla
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmld
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlt
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlv
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/Bootstrapp
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr, Configuration.xml.1.drString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd#Configuration.xml
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd$
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AccentColor
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AccentContrastColor
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AnotherInstallationRunning
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AppSecret
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:BackupDir
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:BackupDirVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ConnectionStringVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:CreateDatabase
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Culture
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DataDir
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DataDirVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DatabaseNameVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DefaultSystemCulture
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DetailCheck
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ExcelVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FeatureU:Required
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Finish
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FinishError
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FolderValidation
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Help
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:HelpUiSequence
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:HelpUiSequence0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IISVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IISVersion_Pkgmgr
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionLength
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionNo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDir
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDirVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallMetrics
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallUiSequence
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallWelcome
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstanceNameVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IntegratedSecurityVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:;Read37_Laika42W
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:ika42.com/Bootst
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:l
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper;
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommand
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommandl
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchProductEnabled
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutUiSequence
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutWelcome
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:License
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseAssembly
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseClassWithNamespace
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseStringVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseValidation
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LogDir
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LogDirVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:MaintenanceUiSequence
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:MaintenanceWelcome
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:NewerVersionInstalled
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:NewerVersionInstalledUiSequence
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OleDbProvider
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OperatingSystem
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OutlookVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Pages
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PasswordVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection//www.laika42.com/BootstrapperConf
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PowerPointVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Process
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Process$
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Progress
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:QueryDatabase
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Role
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Role3:DisplayName
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:RunningProcess
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SendMetricsDefault
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Sequences
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ServerNameVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowBackupDirSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowDataDirSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowInstallDirSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLaunchProduct
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLicenseInfo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLogDirSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowMachineKey
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowSendMetrics
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowTempDirSelection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SqlServerConnection
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemRebootPending
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemValidation
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemValidationCp
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TempDir
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TempDirVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TestModeOn
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeBase
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeColor
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Transition
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UI
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UpdateAvailable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UpperCase
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UseOleDb
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UserNameVariable
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VersionCheck
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VersionCheckt
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VisioVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VisualStudioVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersionk:Deactivated
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WordVersion
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsdT
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsdl
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visual
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B985000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000457F000.00000004.00000800.00020000.00000000.sdmp, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B985000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:?Read3_VisualInstallerUpdateInf
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:er/updateinfo/1.0:DownloadUrl
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:l
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Descri
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Description
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadSize
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadUrl
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Name
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:UpdateInfo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Version
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:VisualInstallerUpdateInfo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:VisualInstallerUpdateInfoLocal
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.drString found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0T
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1816253996.000000000B9C7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.2117689583.000000000B9C7000.00000004.00000020.00020000.00000000.sdmp, License.rtf.1.drString found in binary or memory: http://www.microchip.com
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.microchip.comLR
      Source: License.rtf.1.drString found in binary or memory: http://www.nongnu.org/avr-libc/LICENSE.txt
      Source: License.rtf.1.drString found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.php
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.phpLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.phpq
      Source: License.rtf.1.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpJ
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpLR
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.drString found in binary or memory: http://www.wixtoolset.org
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.html
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drString found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.htmlQXeam.VisualInstaller.Bootstrapper.l42pv
      Source: License.rtf.1.drString found in binary or memory: https://dotnetzip.codeplex.com/license
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dotnetzip.codeplex.com/licenseLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.c
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.cLR
      Source: License.rtf.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.md
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.mdLR
      Source: Xeam.VisualInstaller.dll.1.drString found in binary or memory: https://imr.xeam-solutions.com/receiver.aspx
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1674630526.0000000006C81000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926996083.0000000006F30000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006D59000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.00000000055F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://markusw.visualstudio.com/DefaultCollection
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: https://microchipsupport.force.com/s/article/Atmel-Studio-intallation-error-specified-account-exists
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-The-older-version-o
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-There-is-a-problem-
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: https://microchipsupport.force.com/s/global-search/Atmel%20Studio%207%20Installer
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.gith
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githLR
      Source: License.rtf.1.drString found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSE
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSE=
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSELR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSEQX
      Source: License.rtf.1.drString found in binary or memory: https://raw.githubusercontent.com/cefsharp/cef-binary/master/LICENSE.txt
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/cefsharp/cef-binary/master/LICENSE.txtLR
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.am
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazo
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, AS_20240425230623.log.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7z9
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7zN
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000457F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/asf-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.7zd
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msi4z
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msible=
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.msi_SAMPACKS
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.7zXzN
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.msiq
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrq
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrtoolchain-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrtoolchain-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x64-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x86
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x86-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-libusb0-installer-x64-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-libusb0-installer-x86-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-mplabcomm-installer-7.0.2594.exe
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-segger-installer-x64-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-segger-installer-x86-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-winusb-installer-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0.2594.7z
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0.2594.msi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0I
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/VS14-KB3095681-14.0.23317.0.exe
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/dotnetfx-4.0.30319.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1734101362.000000000B7D5000.00000004.00000020.00020000.00000000.sdmp, AS_20240425230623.log.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/update-info/7.0/update-aws.xml
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/vcredist_x86-10.0.30319.01.exe
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/visual-studio-isolated-shell-14.0.23107.10.exe
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drString found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/xc8-installer-v2.36-win.x64.exe
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: https://www.digicert.com/CPS0
      Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microchip.com
      Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microchip.com/mplab/avr-support/atmel-studio-7
      Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drString found in binary or memory: https://www.microchip.com/mplab/compilers?utm_source=StudioXC8&utm_medium=Install&utm_campaign=Studi
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.microchip.comZ
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000730720_2_00073072
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00074A4A0_2_00074A4A
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006C2500_2_0006C250
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000612730_2_00061273
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006A2AB0_2_0006A2AB
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00072B000_2_00072B00
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006ABB70_2_0006ABB7
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000673CA0_2_000673CA
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006B4210_2_0006B421
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007545B0_2_0007545B
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007054A0_2_0007054A
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00051DAD0_2_00051DAD
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000735E40_2_000735E4
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000456A40_2_000456A4
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006A79F0_2_0006A79F
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00046FAF0_2_00046FAF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006AFEC0_2_0006AFEC
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0658B2D51_2_0658B2D5
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_065882E31_2_065882E3
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0658A01A1_2_0658A01A
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0658781F1_2_0658781F
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_069F59231_2_069F5923
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0742D9621_2_0742D962
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07428A9A1_2_07428A9A
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_074284291_2_07428429
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_074242361_2_07424236
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0D4141_2_6CB0D414
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB054191_2_6CB05419
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0C9301_2_6CB0C930
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0CEA21_2_6CB0CEA2
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0E6811_2_6CB0E681
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0EEEF1_2_6CB0EEEF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB09FB11_2_6CB09FB1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_043262381_2_04326238
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_043298201_2_04329820
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0432AA9F1_2_0432AA9F
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_073FA2D01_2_073FA2D0
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07490F331_2_07490F33
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0742E0D11_2_0742E0D1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_065846B01_2_065846B0
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: String function: 00076473 appears 484 times
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: String function: 0007C9A2 appears 74 times
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: String function: 00077258 appears 655 times
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: String function: 0007A845 appears 51 times
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: String function: 00077731 appears 34 times
      Source: as-installer-7.0.2594-web.exeBinary or memory string: OriginalFilename vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.Base.MVVM.dll< vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.License.Core.dllD vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928838570.00000000073E4000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameXeam.DummyLicenseValidator.dllX vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1674480224.0000000006D35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006B70000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameXeam.VisualInstaller.dlld! vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamembahost.dll\ vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.Base.Documents.dll< vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926431928.00000000069FE000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameXeam.VisualInstaller.Data.dllT vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameBootstrapperCore.dll\ vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929250273.000000000747E000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenameXeam.VisualInstaller.SystemValidation.dlll& vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1674361218.0000000006D1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929137519.0000000007460000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameas-bootstrapper.Ui.dllR vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Xeam.VisualInstaller.dll.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: Xeam.VisualInstaller.dll.1.dr, Payload.csSuspicious method names: .Payload.IncrementDownloadAttemptsAndChangeDownloadMethod
      Source: Xeam.VisualInstaller.dll.1.dr, Payload.csSuspicious method names: .Payload.ParseProtocolFromUrl
      Source: Xeam.VisualInstaller.dll.1.dr, Payload.csSuspicious method names: .Payload.SetWinINet
      Source: Xeam.VisualInstaller.dll.1.dr, Payload.csSuspicious method names: .Payload.SetDownloadUrl
      Source: Xeam.VisualInstaller.dll.1.dr, Payload.csSuspicious method names: .Payload.SetBits
      Source: Xeam.VisualInstaller.dll.1.dr, Package.csSuspicious method names: .Package.GetPayloadByIdAddIfNotFound
      Source: Xeam.VisualInstaller.dll.1.dr, Package.csSuspicious method names: .Package.GetPayloadById
      Source: classification engineClassification label: sus39.troj.evad.winEXE@3/44@1/1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007A89B FormatMessageW,GetLastError,LocalFree,0_2_0007A89B
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00041248 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,0_2_00041248
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007C6FF GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_0007C6FF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00061C75 ChangeServiceConfigW,GetLastError,0_2_00061C75
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeMutant created: NULL
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\Jump to behavior
      Source: as-installer-7.0.2594-web.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: icenseInfo>true</ShowLicenseInfo> </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>false</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: rue</LaunchProductEnabled> <LaunchCommand>[INSTALLDIR]\Product.exe</LaunchCommand> </Finish> <SqlServerConnection> <ConnectionStringVariable>SQLCONNECTIONSTRING</ConnectionStringVariable> <QueryDatabase>true</Qu
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: r/> </InstallUiSequence> <!-- Layout/Administrative image sequence--> <LayoutUiSequence> <LayoutWelcome/> <!-- additional pages go here --> <Progress/> <Finish/> <FinishError/> </LayoutUiSequence>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: Color>#ffffffff</AccentContrastColor>--> <Transition>LeftSlide</Transition> <Pages> <InstallWelcome> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <ShowInstallDirSelection>true</ShowInstallDirSelection> <Show
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: ilable/>--> <InstallWelcome /> <!--<SystemValidation />--> <!--<LicenseValidation/>--> <!--<SqlServerConnection/>--> <!--<PathSelection/>--> <Progress/> <Finish/> <FinishError/> </InstallUiSequence>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: ttp://www.xeam-solutions.com/products/visual-installer.html
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: /LicenseValidation> <PathSelection> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <DataDirVariable>DATADIR</DataDirVariable> <BackupDirVariable>BACKUPDIR</BackupDirVariable> <LogDirVariable>LOGDIR</LogDirVaria
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: <LaunchCommand>[INSTALLDIR]\Product.exe</LaunchCommand> </Finish> <!-- sql server connection is not available in light version --> <SqlServerConnection> <ConnectionStringVariable>SQLCONNECTIONSTRING</ConnectionStringVaria
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: S</Culture> <ThemeColor>Xeam</ThemeColor> <Pages> <InstallWelcome> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <ShowInstallDirSelection>true</ShowInstallDirSelection> <ShowLicenseInfo>true</ShowLicenseInfo>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.html
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>true</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>true</LaunchProductEnabled>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>true</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>true</LaunchProductEnabled>
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics-time
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: /as-bootstrapper.Ui;component/integratedpages/installnotepage.xaml
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: as-installer-
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: integratedpages/installwelcomepage.baml
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-The-older-version-of-Product-Name-cannot-be-remov
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: integratedpages/installnotepage.baml
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-There-is-a-problem-with-this-Windows-Installer-pa
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: /as-bootstrapper.Ui;component/integratedpages/installwelcomepage.xaml
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: <UDWixBundleLayoutDirectoryFailed to initialize engine state.Failed to initialize COM.Failed to initialize Cryputil.Failed to initialize Regutil.Failed to initialize Wiutil.Failed to initialize XML util.engine.cppFailed to get OS info.3.9.1006.0Failed to initialize core.Failed to run per-user mode.Failed to run per-machine mode.Failed to run embedded mode.Failed to run RunOnce mode.Invalid run mode.txt_FailedSetupFailed to initialize engine section.Failed to open log.Failed to initialize internal cache functionality.Failed to create pipes to connect to elevated parent process.Failed to connect to elevated parent process.Failed to check global conditionsFailed to create the message window.Failed to query registration.Failed to set action variables.Failed to set registration variables.Failed to set layout directory variable to value provided from command-line.Failed while running Failed to create implicit elevated connection name and secret.Failed to launch unelevated process.Failed to connect to unelevated process.Failed to allocate thread local storage for logging.Failed to set elevated pipe into thread local storage for logging.Failed to pump messages from parent process.Failed to connect to parent of embedded process.Failed to run bootstrapper application embedded.Unable to get resume command line from the registryFailed to get current process path.Failed to re-launch bundle process after RunOnce: %lsFailed to create engine for UX.Failed to load UX.Failed to start bootstrapper application.Unexpected return value from message pump.Failed to get process token.SeShutdownPrivilegeFailed to get shutdown privilege LUID.Failed to adjust token to add shutdown privileges.Failed to schedule restart.
      Source: as-installer-7.0.2594-web.exeString found in binary or memory: 2020 Microchip Technology, Inc.d<OriginalFilenameas-installer-7.0.2594-web.exeD"ProductNameMicrochip Studio8
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile read: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe"
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504 Jump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msxml3.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: srclient.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: spp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: vssapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: vsstrace.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msxml3.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: feclient.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msvcp140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: d3d9.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: d3d10warp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dataexchange.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: d3d11.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dcomp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: twinapi.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: resourcepolicyclient.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dxcore.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: msctfui.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: uiautomationcore.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: d3dcompiler_47.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: explorerframe.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: as-installer-7.0.2594-web.exeStatic PE information: certificate valid
      Source: as-installer-7.0.2594-web.exeStatic file information: File size 2333360 > 1048576
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: as-installer-7.0.2594-web.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: as-installer-7.0.2594-web.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller\obj\Release\Xeam.VisualInstaller.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb3 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: C:\src\wix39\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.MVVM\obj\Release\Xeam.Base.MVVM.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: $^q!costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.UI\obj\Release\Xeam.Base.UI.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: xeam.base.ui9costura.xeam.base.ui.dll.zip9costura.xeam.base.ui.pdb.zip/xeam.license.activationOcostura.xeam.license.activation.dll.zipOcostura.xeam.license.activation.pdb.zip#xeam.license.coreCcostura.xeam.license.core.dll.zipCcostura.xeam.license.core.pdb.zip3xeam.visualinstaller.dataScostura.xeam.visualinstaller.data.dll.zipScostura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: {0}.{1}!bootstrappercoreAcostura.bootstrappercore.dll.zip9system.windows.interactivityYcostura.system.windows.interactivity.dll.zip'xeam.base.documentsGcostura.xeam.base.documents.dll.zipGcostura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.Data\obj\Release\Xeam.VisualInstaller.Data.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr
      Source: Binary string: costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: C:\src\wix39\build\ship\x86\burn.pdb source: as-installer-7.0.2594-web.exe
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
      Source: Binary string: costura.xeam.base.ui.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb`\~\ p\_CorDllMainmscoree.dll source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: $^q#costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: $^q)costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: $^q'costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.DummyLicenseValidator\obj\Release\Xeam.DummyLicenseValidator.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2928811138.00000000073E2000.00000002.00000001.01000000.0000000F.sdmp, Xeam.DummyLicenseValidator.dll.1.dr
      Source: Binary string: xeam.base.mvvm=costura.xeam.base.mvvm.dll.zip=costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: c:\src\wix39\build\obj\ship\x86\core\BootstrapperCore.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr
      Source: Binary string: C:\src\wix39\build\ship\x86\mbahost.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.1.dr
      Source: Binary string: costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
      Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb8 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
      Source: Binary string: C:\Jenkins_MCU\workspace\as-bootstrapper\bootstrapper\vsproj\as-bootstrapper.Ui\obj\External\as-bootstrapper.Ui.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr
      Source: as-installer-7.0.2594-web.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: as-installer-7.0.2594-web.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: as-installer-7.0.2594-web.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: as-installer-7.0.2594-web.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: as-installer-7.0.2594-web.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: Xeam.VisualInstaller.dll.1.dr, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
      Yara detected Costura Assembly Loader
      Source: Yara matchFile source: Process Memory Space: as-installer-7.0.2594-web.exe PID: 7524, type: MEMORYSTR
      Source: as-installer-7.0.2594-web.exeStatic PE information: section name: .wixburn
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006D235 push ecx; ret 0_2_0006D248
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0658ADED push cs; iretd 1_2_0658AFB8
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0658750D push cs; ret 1_2_06587510
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_06A85428 push D00A0000h; retn 0000h1_2_06A8543C
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_06A853EC push D00A0000h; retn 0000h1_2_06A85400
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_06A8A6E0 push D00A0000h; retf 1_2_06A8A6EC
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_06A8A6A4 push D00A0000h; retf 1_2_06A8A6B0
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_06A8A79C push D00A0000h; iretd 1_2_06A8A7A8
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0742D962 pushfd ; retf 1_2_0742D971
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0742DD7B push es; ret 1_2_0742DD7E
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB06295 push ecx; ret 1_2_6CB062A8
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0432C348 push es; ret 1_2_0432C7BF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0432DB1A push es; ret 1_2_0432DFEF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_043287F9 push 8BD08B6Dh; iretd 1_2_043287FE
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_04327240 push es; ret 1_2_043271F6
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_04328896 push 8BD08B6Dh; iretd 1_2_0432889B
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_073FEB1F pushad ; retf 1_2_073FEB39
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07493432 push esp; retf 1_2_074933F1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_074933E2 push esp; retf 1_2_074933F1
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07492F43 pushfd ; iretd 1_2_07492F59
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07492F1A pushad ; iretd 1_2_07492F29
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_07497ED6 push 98074A74h; ret 1_2_07497EED
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_0D86A211 push cs; ret 1_2_0D86A224
      Source: as-bootstrapper.Ui.dll.1.drStatic PE information: section name: .text entropy: 6.9819931849185375
      Source: Xeam.VisualInstaller.dll.1.drStatic PE information: section name: .text entropy: 7.714424216601625
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\License.rtfJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006C250 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0006C250
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeMemory allocated: 32E0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeMemory allocated: 4350000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeMemory allocated: 6350000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeWindow / User API: threadDelayed 1618Jump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeWindow / User API: threadDelayed 457Jump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeEvaded block: after key decision
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00076EEC GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00076F87h0_2_00076EEC
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00076EEC GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00076F80h0_2_00076EEC
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007DAF5 _memset,FindFirstFileW,FindClose,0_2_0007DAF5
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007E632 _memset,_memset,GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,0_2_0007E632
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0005568E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_0005568E
      Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931365701.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.2080142318.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1726808051.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1843926962.000000000B743000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeAPI call chain: ExitProcess graph end node
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeAPI call chain: ExitProcess graph end node
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000701F5 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_000701F5
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000701F5 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_000701F5
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00077883 GetProcessHeap,RtlAllocateHeap,0_2_00077883
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006D158 SetUnhandledExceptionFilter,0_2_0006D158
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006D189 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0006D189
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 1_2_6CB0611B SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6CB0611B
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00079513 _memset,_memset,_memset,_memset,_memset,_memset,InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00079513
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007D116 AllocateAndInitializeSid,CheckTokenMembership,0_2_0007D116
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0006D5E4 cpuid 0_2_0006D5E4
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: \Device\CdRom0\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: \Device\CdRom0\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00050F94 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,0_2_00050F94
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_0007F978 GetSystemTimeAsFileTime,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_0007F978
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00042C05 GetUserNameW,GetLastError,0_2_00042C05
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_000824CF GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_000824CF
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeCode function: 0_2_00041BFB _memset,_memset,CoInitializeEx,GetModuleHandleW,GetVersionExW,GetLastError,CoUninitialize,0_2_00041BFB
      Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Native API      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		OS Credential Dumping12
      System Time Discovery      		Remote Services1
      Archive Collected Data      		2
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts2
      Command and Scripting Interpreter      		1
      Windows Service      		1
      Access Token Manipulation      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory1
      Account Discovery      		Remote Desktop ProtocolData from Removable Media21
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Service Execution      		Logon Script (Windows)1
      Windows Service      		3
      Obfuscated Files or Information      		Security Account Manager1
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
      Process Injection      		12
      Software Packing      		NTDS25
      System Information Discovery      		Distributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets1
      Query Registry      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Virtualization/Sandbox Evasion      		Cached Domain Credentials31
      Security Software Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Access Token Manipulation      		DCSync1
      Virtualization/Sandbox Evasion      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
      Process Injection      		Proc Filesystem1
      Application Window Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
      System Owner/User Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      as-installer-7.0.2594-web.exe0%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.laika42.com/BootstrapperConfiguration.xsd:Pages0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:SqlServerConnection0%Avira URL Cloudsafe
      http://www.xeam-solutions.com/products/visual-installer.html0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:Sequences0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:UpdateInfo0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:FolderValidation0%Avira URL Cloudsafe
      http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Buttons.xamld0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:PasswordVariable0%Avira URL Cloudsafe
      http://Laika42.License.PrivateKeyFile0%Avira URL Cloudsafe
      https://github.cLR0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommand0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsdl0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:UserNameVariable0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeBase0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionLength0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:ShowInstallDirSelection0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LogDir0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:InstallWelcome0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadUrl0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:UpdateAvailable0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersionk:Deactivated0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection//www.laika42.com/BootstrapperConf0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection0%Avira URL Cloudsafe
      http://defaultcontainer/Xeam.Base.UI;component/Styles/Colours.xamld0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseValidation0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchProductEnabled0%Avira URL Cloudsafe
      http://www.microchip.comLR0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:QueryDatabase0%Avira URL Cloudsafe
      http://test.laika42.com/update/testsetup.exe0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:UI0%Avira URL Cloudsafe
      http://foo/bar/styles/controls.baml0%Avira URL Cloudsafe
      http://foo/bar/styles/controls.bamld0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadSize0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper;0%Avira URL Cloudsafe
      https://imr.xeam-solutions.com/receiver.aspx0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseClassWithNamespace0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:TempDirVariable0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommandl0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:InstallMetrics0%Avira URL Cloudsafe
      http://schemas.datacontract.org/2004/07/Laika42.Base.Documents0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:DataDir0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:SendMetricsDefault0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:DatabaseNameVariable0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDirVariable0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:FinishError0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:AccentContrastColor0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Description0%Avira URL Cloudsafe
      http://Laika42.License.LicenseInfoObject0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutWelcome0%Avira URL Cloudsafe
      http://foo/bar/styles/controls.scrollbars.bamld0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:OutlookVersion0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:InstanceNameVariable0%Avira URL Cloudsafe
      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Descri0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd$0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:ShowSendMetrics0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd#Configuration.xml0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:l0%Avira URL Cloudsafe
      http://www.laika42.com/BootstrapperConfiguration.xsd:VisioVersion0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      s3-us-west-2.amazonaws.com
      		52.92.181.152
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.gnu.org/licenses/lgpl.htmlLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x86-7.0.2594.msias-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
            		high
            http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Buttons.xamldas-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.7zXzNas-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.xeam-solutions.com/products/visual-installer.htmlas-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://ww1.microchip.com/downloads/en/DeviceDoc/Getting-Started-with-Atmel-Studio7.pdfas-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://s3-us-west-2.amazonaws.com/atmel-studio/xc8-installer-v2.36-win.x64.exeas-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                  		high
                  http://www.laika42.com/BootstrapperConfiguration.xsd:Sequencesas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:UpdateInfoas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.laika42.com/BootstrapperConfiguration.xsd:PasswordVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://opensource.org/licenses/apache2.0.phpLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.laika42.com/BootstrapperConfiguration.xsd:SqlServerConnectionas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.laika42.com/BootstrapperConfiguration.xsd:Pagesas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.cLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.laika42.com/BootstrapperConfiguration.xsd:FolderValidationas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.opensource.org/licenses/mit-license.phpLicense.rtf.1.drfalse
                      		high
                      https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrtoolchain-7.0.2594.7zas-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                        		high
                        http://Laika42.License.PrivateKeyFileas-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.mdLicense.rtf.1.drfalse
                          		high
                          http://www.laika42.com/BootstrapperConfiguration.xsdlas-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.opensource.org/licenses/UoI-NCSA.phpLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.gnu.org/licenses/lgpl.htmlaas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.gnu.org/licenses/lgpl.htmldas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeBaseas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.laika42.com/BootstrapperConfiguration.xsd:LogDiras-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.msias-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                  		high
                                  http://www.gnu.org/licenses/lgpl.htmloas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://mvvmlight.codeplex.com/licenseLicense.rtf.1.drfalse
                                      		high
                                      http://www.opensource.org/licenses/UoI-NCSA.phpLicense.rtf.1.drfalse
                                        		high
                                        http://www.gnu.org/licenses/lgpl.htmlvas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://mvvmlight.codeplex.com/licenseoas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommandas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.gnu.org/licenses/lgpl.htmltas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.laika42.com/BootstrapperConfiguration.xsd:UserNameVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.opensource.org/licenses/mit-license.phpJas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.laika42.com/BootstrapperConfiguration.xsd:ShowInstallDirSelectionas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/as-installer-7.0.2594-web.exeas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000457F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0Ias-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionLengthas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadUrlas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.laika42.com/BootstrapperConfiguration.xsd:InstallWelcomeas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.laika42.com/BootstrapperConfiguration.xsd:UpdateAvailableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection//www.laika42.com/BootstrapperConfas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.mdLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelectionas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersionk:Deactivatedas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseValidationas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://defaultcontainer/Xeam.Base.UI;component/Styles/Colours.xamldas-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://test.laika42.com/update/testsetup.exeas-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.laika42.com/BootstrapperConfiguration.xsd:QueryDatabaseas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.microchip.comLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.gnu.org/licenses/lgpl.htmlLicense.rtf.1.drfalse
                                                          		high
                                                          http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchProductEnabledas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.laika42.com/BootstrapperConfiguration.xsd:UIas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://foo/bar/styles/controls.bamlas-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://foo/bar/styles/controls.bamldas-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadSizeas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://microchipsupport.force.com/s/article/Atmel-Studio-intallation-error-specified-account-existsas-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drfalse
                                                            		high
                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper;as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseClassWithNamespaceas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://imr.xeam-solutions.com/receiver.aspxXeam.VisualInstaller.dll.1.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommandlas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:TempDirVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/wsdl/as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.laika42.com/BootstrapperConfiguration.xsd:SendMetricsDefaultas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.datacontract.org/2004/07/Laika42.Base.DocumentsXeam.VisualInstaller.dll.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.atmel.com/About/privacy.aspxas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004BC2000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.laika42.com/BootstrapperConfiguration.xsd:InstallMetricsas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.laika42.com/BootstrapperConfiguration.xsd:DataDiras-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.laika42.com/BootstrapperConfiguration.xsd:DatabaseNameVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDirVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.boost.org/users/license.html:as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.laika42.com/BootstrapperConfiguration.xsd:AccentContrastColoras-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapperas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Descriptionas-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://dotnetzip.codeplex.com/licenseLRas-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.microchip.com/mplab/compilers?utm_source=StudioXC8&utm_medium=Install&utm_campaign=Studias-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.drfalse
                                                                      		high
                                                                      https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.7zas-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                                                        		high
                                                                        http://foo/bar/styles/controls.scrollbars.bamldas-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		low
                                                                        http://www.laika42.com/BootstrapperConfiguration.xsd:FinishErroras-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-libusb0-installer-x64-7.0.2594.msias-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                                                          		high
                                                                          http://www.laika42.com/BootstrapperConfiguration.xsd:OutlookVersionas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://s3-us-west-2.amazonaws.com/atmel-studio/visual-studio-isolated-shell-14.0.23107.10.exeas-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                                                            		high
                                                                            http://Laika42.License.LicenseInfoObjectas-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:InstanceNameVariableas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutWelcomeas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Descrias-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.laika42.com/BootstrapperConfiguration.xsd$as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004646000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.laika42.com/BootstrapperConfiguration.xsd:ShowSendMetricsas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.wixtoolset.orgas-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.drfalse
                                                                              		high
                                                                              http://www.laika42.com/BootstrapperConfiguration.xsd:VisioVersionas-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://s3-us-west-2.amazonaws.com/atmel-studio/7as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.laika42.com/BootstrapperConfiguration.xsd#Configuration.xmlas-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:las-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-segger-installer-x64-7.0.2594.msias-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                                                                  		high
                                                                                  http://cs-g2-crl.thawte.com/ThawteCSG2.crl0as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.drfalse
                                                                                      		high
                                                                                      https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.7zas-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.drfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        52.92.181.152
                                                                                        		s3-us-west-2.amazonaws.comUnited States
                                                                                        		16509AMAZON-02USfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                        Analysis ID:1431891
                                                                                        Start date and time:2024-04-25 23:05:33 +02:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 51s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:7
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:as-installer-7.0.2594-web.exe
                                                                                        Detection:SUS
                                                                                        Classification:sus39.troj.evad.winEXE@3/44@1/1
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 99%
                                                                                        • Number of executed functions: 200
                                                                                        • Number of non-executed functions: 263
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • VT rate limit hit for: as-installer-7.0.2594-web.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        No simulations

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        No context

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        s3-us-west-2.amazonaws.comhttp://www.outdooradventuresinc.comGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.212.112
                                                                                        https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38Get hashmaliciousUnknownBrowse
                                                                                        • 52.92.236.128
                                                                                        http://www.malwaredomainlist.com/Get hashmaliciousUnknownBrowse
                                                                                        • 52.92.242.24
                                                                                        http://www.outdooradventuresinc.comGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.137.24
                                                                                        CL-764 qa files update 5.zipGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.160.152
                                                                                        http://z69p5gc0nk570ejit1fq6apix.ndsgfsjgffsnj.homes/4fdVxq8477PoaJ379hnzhvayyao8624EOSKQEYSWPRERBU64SNSB1959860q24Get hashmaliciousPhisherBrowse
                                                                                        • 52.92.236.112
                                                                                        https://363927.ellsworthmail.com/email/click/3/363927/dL9f0fal-X7g5UBlCi5QfJvvHDZHITJrV-Ic3bn2ygQ.2#cl!d=0_pt!l=442!m=55!o=10756Get hashmaliciousPhisherBrowse
                                                                                        • 52.92.226.24
                                                                                        https://www.saltstrong.com/coursesGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.195.200

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        AMAZON-02UShttps://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                        • 18.154.227.62
                                                                                        https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                        • 34.213.75.202
                                                                                        https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                                                        • 3.161.136.95
                                                                                        http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 108.156.152.27
                                                                                        SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                        • 76.76.21.21
                                                                                        SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                        • 76.76.21.21
                                                                                        https://sigtn.com////////utils/emt.cfm?client_id=9195153&campaign_id=73466&link=neoparts%E3%80%82com.br./dayo/fks6/TWFncm8uWXVkZWdvLkphdmllckBkZW1lLWdyb3VwLmNvbQ==$Get hashmaliciousFake Captcha, HTMLPhisherBrowse
                                                                                        • 3.17.89.142
                                                                                        OTpMIf3qBf.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 34.249.145.219
                                                                                        EQYrfnHzXO.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 54.171.230.55
                                                                                        http://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 44.225.38.235

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        54328bd36c14bd82ddaa0c04b25ed9adhttps://docs.google.com/presentation/d/e/2PACX-1vRA7cYu2pjKyfaCRROgTu4J2OpPGWE_raEqtGhCVl21QDvJzZsVPQtIU_FG6khcCjqxbwzOTOoBBBx6/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.181.152
                                                                                        DEKONT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                        • 52.92.181.152
                                                                                        e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 52.92.181.152
                                                                                        SecuriteInfo.com.Win64.TrojanX-gen.11161.10776.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                        • 52.92.181.152
                                                                                        https://docs.google.com/presentation/d/e/2PACX-1vTSXaY7ubI0TsmtDZGhnfi1zhnSxguMyu2LhG-ysNsdY7OPzg5AMGaTqcxwu9_JVEAMwiEcyOI9wHoz/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousUnknownBrowse
                                                                                        • 52.92.181.152
                                                                                        hRsK5gPX8l.exeGet hashmaliciousXehook StealerBrowse
                                                                                        • 52.92.181.152
                                                                                        T1SEuO2fxi.exeGet hashmaliciousXehook StealerBrowse
                                                                                        • 52.92.181.152
                                                                                        T1SEuO2fxi.exeGet hashmaliciousXehook StealerBrowse
                                                                                        • 52.92.181.152
                                                                                        SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                                        • 52.92.181.152
                                                                                        mdWXrbOxsY.exeGet hashmaliciousXehook StealerBrowse
                                                                                        • 52.92.181.152

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dllhttps://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-full.exeGet hashmaliciousUnknownBrowse
                                                                                          https://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-web.exeGet hashmaliciousUnknownBrowse
                                                                                            C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dllhttps://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-full.exeGet hashmaliciousUnknownBrowse
                                                                                              https://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-web.exeGet hashmaliciousUnknownBrowse
                                                                                                C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dllhttps://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-full.exeGet hashmaliciousUnknownBrowse
                                                                                                  https://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-web.exeGet hashmaliciousUnknownBrowse
                                                                                                    C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dllhttps://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-full.exeGet hashmaliciousUnknownBrowse
                                                                                                      https://ww1.microchip.com/downloads/aemDocuments/documents/DEV/ProductDocuments/SoftwareTools/as-installer-7.0.2594-web.exeGet hashmaliciousUnknownBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Temp\AtmelStudio_7.0.2594\AS_20240425230623.log

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                        Category:modified
                                                                                                        Size (bytes):15545
                                                                                                        Entropy (8bit):5.414474179784581
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:b5kkvXKKzq12fJN1uFC6PLDZ7T8ZcdPqPUPe5POI7iIRuEctWGzmMiUXzKiiiiiU:3+SsYmPiENRbvr2
                                                                                                        MD5:FB3F58F9181F2258790D073930271E7C
                                                                                                        SHA1:D4ED20790B62821DAE9410E84458DD5F5EAE0E3F
                                                                                                        SHA-256:3C120820C4DF17B85DAE3C259B4A34891DD6BB9C92E8729D54B7C209D70DA7B8
                                                                                                        SHA-512:118EB92DBD77D000B9EFA35030BEB2E60C10986E55DD486603AC715A9F2C40E2D0EE3420CEAD5B7A4AB460C55FD8B6CF985939C8ED03A36DCD1C55FA51535BDB
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:[1D64:1D68][2024-04-25T23:06:23]i001: Burn v3.9.1006.0, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe, cmdline: '-burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504 '..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing string variable 'INSTALLDIR' to value '[ProgramFilesFolder]Atmel\Studio\'..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing numeric variable 'AVRSELECTED' to value '1'..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing numeric variable 'XC8SELECTED' to value '1'..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing string variable 'XC8COMMAND' to value ''..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing numeric variable 'AVR32SELECTED' to value '1'..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing numeric variable 'SAMSELECTED' to value '1'..[1D64:1D68][2024-04-25T23:06:23]i000: Initializing numeric variable 'ASFSELECTED' to value '1'..[1D64:1D68][2024

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1028\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2167
                                                                                                        Entropy (8bit):6.2095335843460155
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kk0AT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:nSrT2RJhfHP8+VYuTmQUc2mE
                                                                                                        MD5:62A014E7A1A170EDFDE6EB539588CA88
                                                                                                        SHA1:874667A898A911B3200D2D8E1DC539897D326D7C
                                                                                                        SHA-256:106555DD49231FFB9FAB7E74043D3874448894782DC216C3FDD341ABDD050146
                                                                                                        SHA-512:C7A572006592CC98545DEC1A520C355AA2AA15A2AD042798054C13463986A6FEE3E63A0FB79FAAD9F119553232761A008C72A94C6CD23AF23A4912B1B12E5B73
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ...... UI ............ UI ... ........... UI ........../norestart - .............

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1029\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2600
                                                                                                        Entropy (8bit):5.364886431990656
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkcZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:nSqTK23f33AwIViRrRynRuZfiMS
                                                                                                        MD5:919854D3A8415386D0DA32DF164BD5FC
                                                                                                        SHA1:68EE641E22BDB46B7F311C90A65190A15AB466F4
                                                                                                        SHA-256:AE9F8E1A8856B18BACF51A7D9B949AF6AE7BEF4631479709B8AAAC17DD0410B1
                                                                                                        SHA-512:80F0DEC696C460F7F93918963DCE733650EE1224653CC54B45ABE5DACE3CCE77C9C10365C45936AC7CAD36E3A9A85E3249E4B5DD7F6FE432B18B4FEC97956C62
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive | /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1030\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2428
                                                                                                        Entropy (8bit):5.086179508185684
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkNrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:nSpTOkaEOiGd/BwF
                                                                                                        MD5:AA3E13A2DAA064E8DA8CF2F4ACC25900
                                                                                                        SHA1:A3557D6F5610BE69BEA916264DC669CB7C6A72B2
                                                                                                        SHA-256:90680E9500A2014137D92EA0988B92EC34648D6826F18C9646A318E26BD1A511
                                                                                                        SHA-512:8DBF2931DD5FB5C4A41A019BA36FF38964ACBBFB14495E61085840B170AED2B5814ED905637990003FB0758249FA89898BC0A054B77374F7D36AB587E3B9B3F2
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive | /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Bruge

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1031\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2534
                                                                                                        Entropy (8bit):5.1039532850773135
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkXST8Cwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:nSiTcitGeVB97+gyC9BdaSD
                                                                                                        MD5:8F20F95B91954ED6DA50324F870DD5FB
                                                                                                        SHA1:59C1664F9562870C34C896D24F4543A94000A013
                                                                                                        SHA-256:19690C6F750082042121D3D3FD23CAAC94732566A411FA45287AE772A5724064
                                                                                                        SHA-512:09F80FD674A2C43810D7C5B36781787A5C3136932383ACA0E0BA04CCBFB72FD58BDCFDB86F9721600986A56948A078151E20165706A261F011E661265890FD88
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standar

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1032\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3542
                                                                                                        Entropy (8bit):5.32700535434954
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkPjVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:nSP5TCyop5riGzH7xgJit8IqSsBwqk
                                                                                                        MD5:9C21E76357218D33613174538EEA4120
                                                                                                        SHA1:A117893B9732905CB8DE90648CE91DAD20C6BE40
                                                                                                        SHA-256:166801EFF4A826BF1B50CD24C0BE4B51717CC2B00F793FBC8CD8AB4B9AD6730B
                                                                                                        SHA-512:AC115D3323CBDD51DFE0FA0E65CECEF30A0777B8A287A27A7D57AE3234E9940C7BAFC1A86B6034775FE58988060F7888F7D34BC1B0D794D308739047B1792E12
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive | /quiet - ......... ....

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1035\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2377
                                                                                                        Entropy (8bit):5.1612245815823705
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kkf+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:nS2TDkZ7+2IBCht6J8neHs
                                                                                                        MD5:D16DA30005059D92E295C50D145AA066
                                                                                                        SHA1:D0D2C1CF61918CE7FDF180167507A39A0341ECAF
                                                                                                        SHA-256:3DBD6BC3779F577AF30EE5005581F5C0B1C503F859502BE076CE49A15F73DE55
                                                                                                        SHA-512:B26468FE2C5CF7E08CD3721B512FC34CABE63D23EEC46EA261FE48093F61FA28D8DE88D219F62C2BA112B4EC94D1FFA004E61329BF63D47F81958060E024A7E9
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive | /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki keho

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1036\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2448
                                                                                                        Entropy (8bit):5.096785094280087
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KklBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:nSrTK5KHsijmEXY
                                                                                                        MD5:C3B54DF5EC1503888ABF1D4153C0A789
                                                                                                        SHA1:10FF40E981F898401DB1828D9C6879D9F0D1E793
                                                                                                        SHA-256:C5F1D0966EF658437B9C47056C01B479A988339593C7416A4E5A35417D44E7AB
                                                                                                        SHA-512:0FA136BC0C42A657192DD3DDC0C406D6457028F3B44FD2E6F2CFB554E5FC71E391A387DE85FAD78595F0AE8E04D4C3655222A3C016B19DE95F94B8979DD728A8
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive | /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites son

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1038\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2534
                                                                                                        Entropy (8bit):5.311618857760624
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkXzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:nSDT2wpFGbgT3wMN2QRj/y/LKr
                                                                                                        MD5:F40A084C4B41D752A5C518D62ABD12E2
                                                                                                        SHA1:EAD4D83879715B2EB9A00E2196406E0F3459B7D7
                                                                                                        SHA-256:43E00163C060A09C66AE65BDABD5A9943C55BBE8D11F8DDF95BA20008A605075
                                                                                                        SHA-512:D2E8C7D488AD5A7DD51A12C3ABFBC90693B1488EAF72B9B9581D05CBF2E307D114A058A1F66AC4A33C66B22E329F6134F9D3E3B9DA9BC2EDC892A9FA3A47F19B
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive | /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1040\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2446
                                                                                                        Entropy (8bit):5.011171072578484
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kk/yT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:nSqTzLtkfwWKXHZi37MIDp
                                                                                                        MD5:F7ABA1307DA91170E6E130E4F4B7E78C
                                                                                                        SHA1:481EB0BD170BC778F97EC6A96E45722711F3500E
                                                                                                        SHA-256:AD4CF22947472FFD62F5E854BC3C0F6CF3439CC2C321C2BD3A1A2A6E167A53F6
                                                                                                        SHA-512:9D3740C9996309F4A703329D7C992035309E8562E6BC687EEAC738B12A57D13D05F6AA4BA456F99068B5C7AE88DC5FB2B9D2B946BB389DFB8A3896F37B8CA47E
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive | /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visu

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1041\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2687
                                                                                                        Entropy (8bit):5.939804509142772
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkCcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:nSuTccOFw6tnOUjsjpICnlOO934apWz
                                                                                                        MD5:14A1279359281B86936E9BD3921829DF
                                                                                                        SHA1:DD1D1DC599900FBE3AB70B8F5938A285C050AE18
                                                                                                        SHA-256:13635769DB1F48F0E5226721268B0FF2BA3F8B391DA13D877C9CAAE08D4C58C1
                                                                                                        SHA-512:EA47F6CC219110BF7AC47C4D72C5AD5A91BCAC87C1CFE628E7C750FF8AFDD267D5C14AF2A8806B50213C48CCAFD06A8B154CA837A95DB5199482E0177E26120F
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive | /quiet - ... UI ....................UI.. .............. .....UI .

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1042\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2378
                                                                                                        Entropy (8bit):5.9743116260052584
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkIsT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:nSXTXvRFhIzl44wmgko04U5TY
                                                                                                        MD5:4D530FBCD8A7CF63A60D2D2E79C7880E
                                                                                                        SHA1:6309B0DB699139C7AD04ACA96A353D84747A3B0A
                                                                                                        SHA-256:00A5F823904E2D6849BB82F2170E798EB33898317FEC7C39E2AAC2452B900667
                                                                                                        SHA-512:820E15E4AFDDC921B9657A6E9D4BB3453AF788CFA74288C0E2D5669860294F6E35233FC66AE71D23C4566F435A6B5F6EA5CE25B648F40564A133BF900FB36E26
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive | /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - ..

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1043\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2454
                                                                                                        Entropy (8bit):4.990722011619008
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kkx1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:nSHTtpGLFSwJHmPnnKhEBtsl
                                                                                                        MD5:D82150BEE4CC7CEBFFA96CDF3762E320
                                                                                                        SHA1:F93D2D669CCBBC36A8ECEE484282393AEA0B7587
                                                                                                        SHA-256:41D9D9363935702730A09FA9FEDF730CEBC51DB962E05FA4B05841840895C92C
                                                                                                        SHA-512:238BDF14A9F6A6A1177D69D8B3BE2C9630A854668E22F89A880CAE7CD3E481AD58744833E08592BBBC38133C4F9970B4595629CD2D9EC226032CD7D74A28EBC2
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive | /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle pr

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1044\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2313
                                                                                                        Entropy (8bit):5.11065459606256
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkMeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:nSRTec1x8Siule4S
                                                                                                        MD5:DE3ACE5CD8E4CE57B6D3379AE9E66540
                                                                                                        SHA1:3F2CCB5EA047EDAADFA5289ABD70A85D9AA6DC9F
                                                                                                        SHA-256:AE7AA89299F00E43364D2627B46B78DC04F80279D8A0D905A8517C322115D21F
                                                                                                        SHA-512:29161DCD18BE49FFC3552520FBCC9FDD2D3C7B98A4F05F0E89806C1DB639C0FE16DD22911F05C54D61FFA9997B91B068BA98FD51902DD2D8B949DC15BDBF341A
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive | /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og all

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1045\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2510
                                                                                                        Entropy (8bit):5.275991960773597
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkJ4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:nSdTsXgpYr2IyoiiOffpT3L
                                                                                                        MD5:D62430F31CA6B21562591A6CC6EC134F
                                                                                                        SHA1:C8FBF00D1ACADB52B75E6E49A2AA76E8B85C6470
                                                                                                        SHA-256:A64AFBD95664554CCF6EAE2B5A45161CD1B0DA7CDFD0874DF0BD547968E5BC89
                                                                                                        SHA-512:2A5FB202716F20DFDFE750AE2B775F32E44A0BF16F12F3DBEE6D0999B34877DDAFCDE696EFA8E234A7A4900876FDD36336BF95F80D7A9549539A7D4E121CD0AD
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive | /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. w

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1046\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2289
                                                                                                        Entropy (8bit):5.14891471338829
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkloT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:nSuTmBHjs59M8r6
                                                                                                        MD5:F96B3463B3D35F1F169238C737A62897
                                                                                                        SHA1:EE8784B08DE3E4353D3DCD7CE7E87089169D017D
                                                                                                        SHA-256:EBC2BF04A4F378AEA26E5CB9F4AD334F3713DC36A4A98056E8384C87A33CDA4D
                                                                                                        SHA-512:D3E1184D85B5FE423C1C92BDCAB64DD896AE465FBFE10C03A1AA929C0D219CD9A2AF128E2767C135BE9BF99F1736A46F705FEFE3B6C3BDF0075CB1B7EB3DD463
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive | /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentat

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1049\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3022
                                                                                                        Entropy (8bit):5.448527566580076
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkfTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:nS7T8EeHMMJRNi1Ruwi3OwL
                                                                                                        MD5:DE00C27AF7C2A65A128E52BB0C86D996
                                                                                                        SHA1:6CC1D073ECB292190F3E00F5063AAEA43F9E32CB
                                                                                                        SHA-256:D47A140DCD36D438D5C72B5FF1725DBFABE09BD4214F553ED52DF9A4D2BD6C37
                                                                                                        SHA-512:2118B362D0FB720AF1C6A7715F3E5F064502A7D00B7A0767D573CDDA12374EEC0E40B15F643F9EE26CE4300C756FD5739BF909B4D2790657F9361BAA866B6EEC
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive | /quiet - ........... ............ .. ... ........

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1051\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2476
                                                                                                        Entropy (8bit):5.4018530527398605
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkRcT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:nSyTuPdKNzfifFmcatm
                                                                                                        MD5:D4146AC0AE133ACAB276BF9F9B70915F
                                                                                                        SHA1:558A01A85AA292FE47A48C56137CB65C1EAB95B1
                                                                                                        SHA-256:F944FE7D8473ED6A0B0560A52204199A364B0542D25A2A5DCF85DDA66763620A
                                                                                                        SHA-512:95E717A39E25E6F48F61064EF52C3494A2CB7E565D438D7BA4E7A1AFEEE53682E260939BE02C8E23EA52B843D346290D8A063BEEB899A30726D6B01BA6635E2B
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive | /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1053\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2274
                                                                                                        Entropy (8bit):5.145568704806731
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kk4iT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:nSBTAcRnQXFPK0iHMsfb2Ws3M
                                                                                                        MD5:CCD806E21AAD31E3083E8E611D60F672
                                                                                                        SHA1:7AEAFCB5DE18D0DC568F3B60033D5008E43E956C
                                                                                                        SHA-256:A17D2DE5CC82A44C8D69013CEDFFE05A20B24AF1D5E46D30BF54FD5306D7C972
                                                                                                        SHA-512:A551F4BB48527513218B76AE31DA76BE81F1D1523A8524847833FD56B35080B95A9E613071E07EE91AC08A426765159B9849E98EDA6BC95209AE3C5CB33BF4DF
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive | /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga promp

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1055\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2445
                                                                                                        Entropy (8bit):5.2870677184154165
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkgcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:nSgHTE7APaTI9sq6yEbgg
                                                                                                        MD5:B0D8DE284B2C7A37A72C2ACC08A85A18
                                                                                                        SHA1:1C79FF29CCEACAF518992756B6C332B19064616D
                                                                                                        SHA-256:705AE382F2ADBC7CF43AE22330D49BA0AB86BBF5E8A11BA466E37A851DEE7661
                                                                                                        SHA-512:B633EB45CE24CFCD3F1444628C4E9BECAE8EDFE54B53DF6EF1B1DDA3B7571C24C62EDC13DF09F3289816A69F45AADD5795CA10807780DA81C6A91AE719CBF3C6
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive | /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\1060\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2342
                                                                                                        Entropy (8bit):5.169803626034536
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6Kka0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:nSdTLlS9h9hCtsihdxOh+NL
                                                                                                        MD5:FB797985DBD06B555A8AB8E43A0DD8E9
                                                                                                        SHA1:09C2B01128BE23CE247798618E04057F83537D3A
                                                                                                        SHA-256:8E069B1722A4FC499C545A6CC0827D83B017EF6ADFC59B8D06DA501EB0A3BFFE
                                                                                                        SHA-512:F84741B77B16E1C27236759C680970B130E7D77462CC087ABFBF5FE4250D40E549E382AAC5CBFF2C37D925360E2FAFD8463650CF5456D06038DAC8FB935A934D
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive | /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\2052\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2122
                                                                                                        Entropy (8bit):6.167780072157487
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkOQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:nSnTGUGw3V8N3RykV
                                                                                                        MD5:1AA634DDFB2B46C72B9FA7F59CA2F533
                                                                                                        SHA1:9FA8179F80B8DFF0489F23D85BFF25E18C8B330D
                                                                                                        SHA-256:FF8B6C6BA9A5C1806B4540158C01A87A5CD1830359020141AF4E174C55F20B81
                                                                                                        SHA-512:63743DCF0F1355786C66E5DBE5EEF4B70E80BF1EDB82AB28BF0EB748ECB1C049906B64273F6095F3EAE396AE2DA84CF6C2E4A017A894C6B9AF8B12C07196024B
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI .....

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\2070\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2353
                                                                                                        Entropy (8bit):5.1316144008377576
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkIT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:nSITUasJnYdi59som6
                                                                                                        MD5:A71AE7998B25DA159A1423E7B302C2DF
                                                                                                        SHA1:8F319F7D1DF37F2CEDB3D090A808ECDD5A9E07D2
                                                                                                        SHA-256:BE8E22B102A9A21AE392D5E381EEAB13910A2D70F8F0B1FCC3683629B336439C
                                                                                                        SHA-512:D50634F96E1295A8B0A4E26BF86BCE71C28F35FBC1A7F35463CC17D2467F4C2C61BE21AF595BC88DAFC741C4F355FA4444A20392ED87CD3D13215A112E5980E0
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive | /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mens

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\3082\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2542
                                                                                                        Entropy (8bit):5.0134980183319975
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cY6KkwT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:nSwTz+8EPqKqTJiFikUgk8
                                                                                                        MD5:6FCBB73C04BEBBE421824E18B9665609
                                                                                                        SHA1:7CD9123644BB2B47513ADA752B1C4559F25935AB
                                                                                                        SHA-256:BDF44A835BE92644BBCF1E7E3302AB7284CE5508FE614D4B7218B4608EFCA220
                                                                                                        SHA-512:F82EB7A1C4AA6C2C5CB714E108D640ADF914B232E66CA37374DBAF4E0BA371377759C44D46A1FA88D2305A653FA231B2BBB61056B4766CAA0161733F5AC0964F
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. <copyright file="mbapreq.wxl" company="Outercurve Foundation">.. Copyright (c) 2004, Outercurve Foundation... This software is released under Microsoft Reciprocal License (MS-RL)... The license and further copyright text can be found in the file.. LICENSE.TXT at the root directory of the distribution... </copyright>..-->..<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive | /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De man

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperApplicationData.xml

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (606), with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):39080
                                                                                                        Entropy (8bit):3.779599526145866
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:Xju1rzgOOtCfxOd923XG77VdO3QoGA2LRkpyT9YmXJHsqhaN9a6:XKY4f4d923XKdaGAhcRK
                                                                                                        MD5:FAA4F710BEA7DFAC53CE09A64B1D8964
                                                                                                        SHA1:E85CAAADC7126025D13BA6957097E853CB5BB3EF
                                                                                                        SHA-256:336C53E231CF19156F70F6D17FC019C941E1B89CB8542D1483D53ADD15767423
                                                                                                        SHA-512:2776A1C81AD21A660BBCAED0D9B231D010E066653A0A3F3F3960DA9EF101EAF47B8ECAC92DE17088401336904BC3741400F18006EB9124F606DFD55D330C78BC
                                                                                                        Malicious:false
                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.c.h.i.p. .S.t.u.d.i.o.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.d.9.2.d.f.7.b.b.-.b.c.4.3.-.4.2.6.7.-.a.5.f.e.-.1.b.a.3.b.d.f.1.a.8.1.3.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.C.C.6.4.4.8.6.4.-.E.C.C.1.-.4.9.2.5.-.A.8.B.2.-.B.9.A.B.1.1.B.5.9.9.4.3.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.M.b.a.P.r.e.r.e.q.I.n.f.o.r.m.a.t.i.o.n. .P.a.c.k.a.g.e.I.d.=.".p.k.g._.N.e.t.F.r.a.m.e.w.o.r.k.4.0.". .L.i.c.e.n.s.e.U.r.l.=.".h.t.t.p.:././.g.o...m.i.c.r.o.s.o.f.t...c.o.m./.f.w.l.i.n.k./.?.L.i.n.k.I.D.=.1.8.8.9.9.3.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.config

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):664
                                                                                                        Entropy (8bit):4.939000894202186
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:TMHd41Pd7lzc+TXYr+XFy9bWzc+TXYcXII3Vymhsy9g3XmG8AgXwhXTg3uxT:2d67RtYrx9itYhmhg3WGSsU3I
                                                                                                        MD5:13FE3FF7CA328A1EFF202457A92E2C1D
                                                                                                        SHA1:BF73750A37A683349B4F57034616035DBEC9DE3A
                                                                                                        SHA-256:B65D87A885A4E99A56FD6121D084AB1AC46E2E908CCAB03817D4359F7D609D6A
                                                                                                        SHA-512:596E18230FE9164644C9648F19F2BF112909200C1ADA5C760C40D6FF0319A9F18A7FD1DC5F70A75ACBEACDFD8CEFF59706523FDCCF192730F5CAE64A92D9F587
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.. <section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore" />.. </sectionGroup>.. </configSections>.. <startup useLegacyV2RuntimeActivationPolicy="true">... <supportedRuntime version="v4.0" />.. </startup>.. <wix.bootstrapper>.. <host assemblyName="Xeam.VisualInstaller" >.. <supportedFramework version="v4\Client"/>.. </host>.. </wix.bootstrapper>..</configuration>

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):86016
                                                                                                        Entropy (8bit):5.389096215317181
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:Fg/oLTFYA8ULabWmoehGynSSmaCBp74KD0UI4:FgETFYpGaamoehGyqavKD094
                                                                                                        MD5:84959B8EEEB3D5343004BAF4FB823AAB
                                                                                                        SHA1:3FAD40CFA1AD0D9D757498FEEC32589BA6EAB857
                                                                                                        SHA-256:500C1D374CFF855CF85DC54B795384D73B9067E000C6CF91F503179DE738B0C8
                                                                                                        SHA-512:AE83B0BED5F573CD44660DCEC73895731388891FF4D2B4C97AC52C5849126C3A30C2B70251B2A62E539D8E3C5BFDBF141FB14025054987133E6F7CCFA052E8B3
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w.2T...........!..... ... .......9... ...@....... ...............................Y....@..................................8..S....@.......................`.......7............................................... ............... ..H............text...$.... ... .................. ..`.rsrc........@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Configuration.xml

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8477
                                                                                                        Entropy (8bit):5.145622225580525
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:Cq9v9V+o8+ABb2M9xz9m9NeN1junMxj6qsfRes/9lRrGsRaROsms3i7FsRYmi+ae:Cq9vqT+ABb2MXzsmGLQptJ
                                                                                                        MD5:655E73B4A0ECF44AD90F5321DC814D40
                                                                                                        SHA1:9D3F0044FF216DA0F0EC2664FF7B4A7062EE18C6
                                                                                                        SHA-256:F94E311877AEE9054A08183F60AABCC1F84C5F91000F5324C244D59219451197
                                                                                                        SHA-512:7CBADA4EC06DC1D9C8827E7BCB541959E5662064285E979B5CC567EC9BCE997326F8FDE538BB3E1FFE5265F5663620D6F708170FE3B47B3984C8397A35F2D5E7
                                                                                                        Malicious:false
                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Laika42.Wix.Bootstrapper xmlns="http://www.laika42.com/BootstrapperConfiguration.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <License>xeam Visual Installer Platinum....License type: unlimited..License expires: never..Number of users: 1....--------------------------..KXKDYG2HJL9GZFVW6RXEQPVVR5..3OYN56FFDSZP27WAPJ7LE57FFM..45COI5AORKIGMETTKVJA4AWKNS..INAEG2YHV3P5KOLBYYANMQDCTA..--------------------------</License>.. <InstallMetrics>.. <AppSecret/>.. <SendMetricsDefault>false</SendMetricsDefault>.. <ShowSendMetrics>false</ShowSendMetrics>.. <TestModeOn>false</TestModeOn>.. </InstallMetrics>.. <UI>.. <DefaultSystemCulture>InstalledUICulture</DefaultSystemCulture>-->.. <Culture>en-US</Culture>.. <ThemeColor>Red</ThemeColor>.. <ThemeBase>BaseLight</ThemeBase>.. <Transition>Fade</Transition>.. <Pages>.. <InstallWelcome>.. <InstallDirVariable>INSTALLDIR</InstallDirVariable>..

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\License.rtf

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                        Category:dropped
                                                                                                        Size (bytes):94799
                                                                                                        Entropy (8bit):5.191382513436784
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:VJqdV42jtFx5LQljuUObvGeLfZ0PBx3Uisx3HA:Vo3nRZ0Pn31U3g
                                                                                                        MD5:BCFD1A54817A1AB96F73DFD335362976
                                                                                                        SHA1:6B4E8F955038660E711975D6DCD2096E670C2D56
                                                                                                        SHA-256:D2FB474BBCBE9D56ABEF8571CD27A7B722BAE28A08D13B5000D24843CA6DFA51
                                                                                                        SHA-512:DE53881BCE1544684C7BAAF2CBF17A4FBF6F15923108EDC7D490D9C82731E5DC03A809B148E6AB042B60DD8C66B005FFFB5F08A099DD3A74A7F9F4AF41B0CB81
                                                                                                        Malicious:false
                                                                                                        Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch31506\stshfhich31506\stshfbi31506\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f43\fbidi \fswiss\fcharset0\fprq2{\*\panose 00000000000000000000}Segoe UI;}..{\f63\fbidi \fmodern\fcharset0\fprq1{\*\panose 020b0609020204030204}Consolas;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11864
                                                                                                        Entropy (8bit):6.4746985198742655
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:12EjGt8jrW9rkSgSE3SsShPnJfHix8fe+PjPW38LWM1b+Og2DLHTpf:12EjG+grkNz3xGnhCxYPLg81F7df
                                                                                                        MD5:60687EA2973B16BECE31B832CD51F2A9
                                                                                                        SHA1:320D8A2DFA4BEAD920A56EE8574AEB5B56C4D160
                                                                                                        SHA-256:158CBD4E636A51D6D20D739274E1CEAEB4643BD7302254BFB631C78730404454
                                                                                                        SHA-512:0DECF4E2FB831D7605F9EE4FDEA92B68E466A14C27E747B47D7B45E22C5800AEFE7B44B285388F46CB7CD9BC8E92357DFA737993B7C6124DD85F28039CBE075D
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...] lU...........!................N)... ...@....... ..............................%g....`..................................(..W....@..................X....`.......'............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0)......H........ ..<.............................................................r...p(....,..*.r1..p(....,..*.*.r9..p*..(....*BSJB............v4.0.30319......l.......#~..........#Strings........d...#US.........#GUID.......<...#Blob...........G.........%3........................................................e.^.....................1.....N.....m...................................!...../.....H.....x.e.C.....................^...................).:.......P ............q ............x

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):53848
                                                                                                        Entropy (8bit):5.877166538078155
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:MRIBpVLVfuNcW21DMuezIDldSIkPYgCnpb3glGXfhP5ME1F1:MkGChmHkBxeYgG8lOD1F1
                                                                                                        MD5:89C5789AC000579A39CDC3046B245402
                                                                                                        SHA1:8A60846AF5E8BD761E30AE60750EEE1FDBD2A2E4
                                                                                                        SHA-256:28556945531CACAC4B7A05101F8187862985AE9D2C685B3589A0A908F720F455
                                                                                                        SHA-512:1D6F294402CDD42F6DC736B978B8A521296758C91744FC35E4346A9B389E3542402B877D5F5AFF2E5B68BDF332FD8D6BC9EDD47C23EAB41FDD8B0ECA65E98D2C
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N lU...........!..................... ........... ....................... ......T.....@.....................................O.......................X...........T................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........F.....................P ........................................}.:.....~#..o%.."..y..c.....v...........D.......=..aH.'~..`...]?.._@..s.-.K.:7..V.....V.A.YIP..t.n2%..-uF7u...r.....{....*N..}.....r...p(....*..{....*N..}.....r...p(....*..{....*N..}.....r/..p(....*..{....*N..}.....r5..p(....*..{....*N..}.....rI..p(....*..{....*N..}.....rk..p(....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*...

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):52824
                                                                                                        Entropy (8bit):5.710722759642676
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:EF0gK7tD/LqPSWuKfokUCKfcZiS5pz3ZZriSPRHYEF95oxHllpGak8cMHsNGwJh4:C0gK7wPSlH9S5pzYQwEjv/To4TME1Fu
                                                                                                        MD5:BF9E7CEA6891A66DAB03028C1426E6CB
                                                                                                        SHA1:3AC99C01C45C2B4C86D589D2AC9D99C6A0C8A65F
                                                                                                        SHA-256:08E848D604BE1A050E7242656A9BEFBEE3AA9CC4DB211EA24E8EDAAB1E96CCD0
                                                                                                        SHA-512:47A3149CF374F03CBF55038E3FC83917ADF293F4B21BBCBDA91B1C4BD0E21344DB0D2A7A9A09726A9263486BF04E86389563BAF15462F72082FB045861925B98
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b lU...........!................^.... ........... ....................... .......g....@.....................................K.......P...............X............................................................ ............... ..H............text...d.... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B................@.......H........Q...t............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):980568
                                                                                                        Entropy (8bit):7.7093670684696285
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:tplkn4Wb4taDU2FHIhe//flHs2kKdqVfXnLiK8TZ5Jt/KTxa:tpmnFb7w2b/flsR9VO3T7P/KTxa
                                                                                                        MD5:A6EF12F3C295984279F720A97EA94E21
                                                                                                        SHA1:161D4170433B9F8F68DC5534FD09D54ACA7196BC
                                                                                                        SHA-256:04C7EE41263CFA4EA8D36C5522E9132412AB1A7F92D8CDD016EA6C5B43AF1448
                                                                                                        SHA-512:814B3C91E14E45A254DC78591E0A9AEECD3CC416921D884DAE1B3732A71197C549598FF7A609C507BBAB8C0B25D4E40BF9EFF6441B616D556B3B852A404A0F8E
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U lU...........!................>.... ........@.. .......................@.......<....@.....................................K.......................X.... ......X................................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H.......x....8...........]..xX...........................................(Q...*...{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....{....*"..}....*...:..o.....(....*...&*.0..........s........('...(.....(....(....r...p(....-.s....&.s......o....o.......s....(........o....s*...}....r...ps............s.....................(.....=..r...p......{......o.....(....&.(....,.((...&.(......o.......{.....i./7ra..p......{....r...p.(....&.(....,.((...&.(......o.....{...........o..

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):249344
                                                                                                        Entropy (8bit):6.9482630759217745
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:R/kaFnE5d6G3qYNTV9BOgtLrvUz14NM4/:RkaFE5d6GVFjtvUOd
                                                                                                        MD5:4C759DF04B8840BADABE42F76A1511D3
                                                                                                        SHA1:9818B00AFE11EF68D818627CB969629A71CADB27
                                                                                                        SHA-256:12C3E80C61E3B279CD52DE6022AFD4754CF116E7BDFD7BB457BF810A1FE00B2F
                                                                                                        SHA-512:13B21768B3A60B37EA9DD51864C980436A8FA5FA88D4868F66D8D14DBCE770694108B1DDBBABC09A34732C22F97E171CFC17BC42FE1865831739CF252EDB0C89
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.b.........." ..0.............>.... ........... .......................@............@.....................................O.......0.................... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...0...........................@..@.reloc....... ......................@..B................ .......H.......l...P................A..........................................B.(.......(.....*F..(.......(.....*..0.............+..*r....(.....(.....(....(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..*.........{......,..+...}....r...p.s.......(.....*...0.................+...t....}....+...}....*B.(.......(.....*.0...........r]..p.+..*..0.............+..*n...s&...}......{....(.....*..0............{....o.....+..*....0............{....o ....+..*....0.............+..*.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\en-US.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12896
                                                                                                        Entropy (8bit):5.055262246147162
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:T93G3jlN4JAXoB+ATNaGUBtjB0Gm5N0ZOcFcMHF:T9GlN4/NNKI2l
                                                                                                        MD5:49348FE93AF60BA30247AD7AF756E59C
                                                                                                        SHA1:803E0A1F258967AF3D9DE3F3F6944593C64E9AB9
                                                                                                        SHA-256:F7556F547FF09C1FA7E14458ACAA15BAB8BFB0A6972A82A9B5C7C1FB0A38E989
                                                                                                        SHA-512:964381C21D15F23E866BB9617486DF428251EB008D567FF78CB2C28943BF494DA4B94E20D041F6E7209552594CA646689DEE1129CAF7A89ABA95EA4B7A17EA0C
                                                                                                        Malicious:false
                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="en-US" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="FirstOne" Overridable="yes">Hello this is the first string</String>.. <String Id="SecondOne" Overridable="yes">Hello this is the second string</String>.. Welcome Page-->.. <String Id="WelcomePage_WelcomeText" Overridable="yes">Welcome to {0} setup.</String>.. <String Id="WelcomePage_WelcomeAgreeText" Overridable="yes">You must agree the license terms and conditions before you can install {0}.</String>.. <String Id="WelcomePage_AgreeToLicense" Overridable="yes">I agree to the license terms and conditions.</String>.. <String Id="WelcomePage_AgreeToSendFeedback" Overridable="yes">Send information about my installation experience.</String>.. LayoutWelcome Page-->.. <String Id="LayoutWelcomePage_WelcomeText" Overridable="yes">Welcome to layout installation mode of {0}.</String>.. <String Id="LayoutWelcomePage_

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):94208
                                                                                                        Entropy (8bit):6.377335205570994
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:m7nUvMFnNdE3JUzoGiLKAobAhgxbe+7JclBZLsWjcdmPS6aZFmCEKM:14QOs70Ahs8b0mPS6CgnK
                                                                                                        MD5:EA670DB933AAA80F8A45DA04AE1C835D
                                                                                                        SHA1:827FD0F928C3F3EE82593BF6B68E2EA94FAA7809
                                                                                                        SHA-256:D8301BC68B017F3F23CBBF6B31DAF170DEA4D5FA4BEF6F92CACB900B95E2A1A7
                                                                                                        SHA-512:2B97C629E5150D42BCCD233D6078174DE99CAAD49BC304AAFCB2EED2B2F84B830CA3D4345AFF416E0A0739E212594086D19B1A20FDC25D35A6A1E65A82000379
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...W@..W@..W@.@..W@.@..W@.@..W@...@..W@..V@..W@...@..W@...@..W@...@..W@...@..W@...@..W@Rich..W@........PE..L...z.2T...........!................[;....................................................@..........................L.......M..x...............................8.......8............................H..@............................................text............................... ..`.rdata...U.......V..................@..@.data....0...`.......H..............@....rsrc................Z..............@..@.reloc..8............`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):154624
                                                                                                        Entropy (8bit):6.4754252024408485
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:ViUNH/Vi7CCoNvxUKLsUiCnVd/GUL+Nx4UtorC:ViUBVi7peRiCgTz
                                                                                                        MD5:6A89F5A4C7BCDDAE149308454809EC43
                                                                                                        SHA1:80993FDF307A74F83295131C091CDD6165A95E9B
                                                                                                        SHA-256:66A5997E531BFE6C87BC8BEBB80B074CF4C4E84739D1158A16FE746FF082063D
                                                                                                        SHA-512:D6863F73349ABF8A240FFC2ED31B921E2E756C02EE73204AA9A6784F047700BC669E3FF2C6650EBF406CAA89FE7696FDFE89AEE539DFE9D392C3DA7103DF0F72
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..:...:...:...|.......|.7.+...|...O...3.k.>...3.{.'...:......7..."...7.4.;...7.3.;...:...;...7.6.;...Rich:...........................PE..L.....2T...........!......................................................................@.........................P ......<!..........................................8...........................(...@...............0............................text.............................. ..`.rdata..6...........................@..@.data...`3...@.......(..............@....rsrc................<..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.png

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
                                                                                                        Category:dropped
                                                                                                        Size (bytes):797
                                                                                                        Entropy (8bit):7.648767094164769
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
                                                                                                        MD5:A356956FD269567B8F4612A33802637B
                                                                                                        SHA1:75AE41181581FD6376CA9CA88147011E48BF9A30
                                                                                                        SHA-256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
                                                                                                        SHA-512:A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
                                                                                                        Malicious:false
                                                                                                        Preview:.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.thm

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3356
                                                                                                        Entropy (8bit):5.173051697001467
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrT7uhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjQ3PswP
                                                                                                        MD5:8D0FCA899786568009D0C06BD02C9AAB
                                                                                                        SHA1:0704473C256F727ECB781F43AA5537261749E3E2
                                                                                                        SHA-256:2F5346EACC04092FEC722D91F35F35D747404293BCACAC67B9B3DA015C1F8378
                                                                                                        SHA-512:280C0E720F0502A84A73F3BB4EB80EED3397CF8CEBA54CF97B370CF4BB76B88E036563CC3C0F0404046847A38F73D365DF6B93F3169F9D1A8625978D615153AB
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1974
                                                                                                        Entropy (8bit):5.085841512123993
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cyMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsfXQ2BmGA7b1s:MTY1xmmmTerNqAT6
                                                                                                        MD5:AF028088A02CBD4E1CD24639B2D3F513
                                                                                                        SHA1:DF5A7D24AD4A5362C1993720F943BE3612872BC3
                                                                                                        SHA-256:B60169D904BA73A897A1671784B846389DBB3E6F7FEEAEA8DCA4ADF39BB4FAA8
                                                                                                        SHA-512:633C0DCE18AB0C13CED05F3F7EDB51E0B1E8D769AE29AEE8C7ED384F7B1D76044E3AAF3C161DF7530FB448A2919458D48DC3CCCB3297064D939E681E5FAAF5D5
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpCloseButton">&amp;Close</String>.. <String Id="InstallLicenseTerms">Click the "Accept and Install" button to accept the Microsoft .NET Framework &lt;a href="#"&gt;license terms&lt;/a&gt;.</String>.. <Strin

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\notok.png

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                        Category:dropped
                                                                                                        Size (bytes):525
                                                                                                        Entropy (8bit):7.2635320990837835
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:6v/7iQ/AlNjTPsOPXmj5ac0QtS2/RMDZ2Qjusgk3OY6:rN3PsOMNtS2/RMdPak3O5
                                                                                                        MD5:98110208B3F4CC9864950AC2DA0B6B3D
                                                                                                        SHA1:5F9EA29A74F492CAD5EBD1C3FDB87C046CF385B6
                                                                                                        SHA-256:3F46231B490CE3FA137C1962942A8D769937846A66AF4D54489A39DC81A5C6B4
                                                                                                        SHA-512:09F88346F6E25F4ABEECA967C92E98DCDCBB4A8F0F70AD4CB44E1C2A8B2E011B63BC3C5A9F87846290D6AC640AF58FAA4ED15D588575B313127E4A441CD71091
                                                                                                        Malicious:false
                                                                                                        Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.N.A..w.'.M..I].<..Q..G...A p..7@ 0.....8.u.$.:0mi.;n..v.(=.v[._r.......f......v{.D...0^@...R.P*4q..ko)R..A.s."....wh4....drn.%.E..e.r...nA.>. qH...:<.q.Q..@.c...q..QDs.....3.Ty*..>0...1...h....w.......b./.&$...`<..T......Wq....bb.q........W.....a.......nWj...`.>.Em.5a.V+@.CW*[z0..V....q*.c...8....s........I.....-.H.SNE.=`...r2q:d.h.L .Wf7...<.0+.SJ4......z...x......&..`m..\.W....\.x<...~.&..T.......IEND.B`.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\ok.png

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                        Category:dropped
                                                                                                        Size (bytes):673
                                                                                                        Entropy (8bit):7.507994083208613
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:6v/7iQ/QANtaO++iOPQDgB0DM/mYNOmBIIlVFEkRDaph0nu0EkVAfDMg:U/2d0QMBv/dLbNJRDC07KMg
                                                                                                        MD5:3B241D01D79AAA6D23DF74BEE5E2D7A2
                                                                                                        SHA1:6A8DB75D738D91232E87680D07FC92B6B66DB427
                                                                                                        SHA-256:272B5D6B1249AD46697999D247640D51D47286D78C1FBD2E323AA65B0D0BE459
                                                                                                        SHA-512:5210FA7F682B08E9438DBDE7BA51D503F52FC442ED10244CA9FA4898585EB254B37D5CDD4E5454CA447FF597BF40840216E63B57EA4D6D08E30B54626545721F
                                                                                                        Malicious:false
                                                                                                        Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........o.d...6IDATXG.1hSQ.....@.W.Km..D..(HA7..h.......:.:.."..._Z.Ah...(T..H..i..H....I...6.I........%.?..{...9j..[.x.<J.U...Hl.....{k..w.a%......E......d..m.].C2VF.K.9w..g..\.M...X?....]F..dzNrR.$...*L..~..BxK0.s..X.g.....N.....^.Dyn.H...v.|......=RHf.....g*.>....U5......^._.Y.n...x.....w..k...&....@._<.U.a.a...#......H#......-"....;....>...%..M"..NU.T..-<..fI..9....[..<....v..>V.....T....,Y...-.......3"G..ZUC.WB.....\..y.n\.~.....f.g6.*..o.{.?..:....Jj ..v.......{aTU...'.S*..;..P.=g......_........1.bU.C.Hn}R....`.LPaD.".6..1......Z......i.&._.j.J..~T....IEND.B`.

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\systemvalidation_en-US.wxl

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8123
                                                                                                        Entropy (8bit):4.970372284043968
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:dDif/vQZijg0SWo+v5y76cZLYq+eHXJ3xG0AUigqK5:IvQsjraYq+e3m0AUiPu
                                                                                                        MD5:1DD4785517BC7C4D067BAA3BB6380705
                                                                                                        SHA1:6380B916AEDB2D8A3D90CFC959DAA3961A723246
                                                                                                        SHA-256:D2039EF21528CBB12EE1CDB8DCCC60235F7D9646F18A14A3EACC2E3CA46CFE66
                                                                                                        SHA-512:4A4B64202F4CABAD9D265E77206CF65BE8A86DD2F6FAE1CE0C5DA1F81AB90A09D109F5F0E6B0B285F7F1592B2B9BDC1DA5395348ECCCB5101E6950B205E7FA46
                                                                                                        Malicious:false
                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="en-US" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. System reboot validation -->.. <String Id="SystemRebootPending_Text" Overridable="yes">Pending system reboot</String>.. <String Id="SystemRebootPending_Error" Overridable="yes">A system reboot is pending. Please restart your system before you continue with the installation.</String>.. <String Id="SystemRebootPending_Warning" Overridable="yes">A system reboot is pending. It is recommended to restart the system before continuing with the installation.</String>.. <String Id="SystemRebootPending_Ok" Overridable="yes">There is no system reboot pending.</String>.. <String Id="SystemRebootPending_HelpActionButton" Overridable="yes">Reboot system</String>.. <String Id="AnotherInstallationRunning_Text" Overridable="yes">Check for other installations running</String>.. <String Id="AnotherInstallationRunning_Error" Overridable="yes"

                                                                                                        C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\warning.png

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                        Category:dropped
                                                                                                        Size (bytes):622
                                                                                                        Entropy (8bit):7.453324175676305
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:6v/7iQ/WwSIQE2oP23gB3iqWrQMTFXyNtxtkvSUnNUTCw0J/NapMH0GRRcTPtnSR:LwSIW3gAqcfBiNtj+bw09IpMp4PtSR
                                                                                                        MD5:FD7E3F65D9915D7D5C5B904E6B49B0D8
                                                                                                        SHA1:8D16634A8CF826984A0F58B2E5D8C47BA671C318
                                                                                                        SHA-256:A2B0164A13F3DF9FC9C77F81CAB10E5FF8D6442E9B68A59B485549DBAD6CC9BC
                                                                                                        SHA-512:66880DC2CCC08AA7133E6D4ED7967E9F27527673EB0044A723028A7BACD1CAB60A15AA5CCD5D58004BFBEE6E98ED66DC8E9EA8EEE92A611DDA8F7E1166DD035C
                                                                                                        Malicious:false
                                                                                                        Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.KCA...'88tppPtP......C...........].Z._..Ww.... ...z.s...~.+...@.|S...;.0._C.`.tEd_......#....F...~<.O.P.....#B.. .0.........<i{.m.A..j.\......6......b..N..n...Ev.iB......p......$.....13..o..P.....|.`a.Y.3.)).5......(oq$.....mh.K..*.....A4v"S.d...{,....Cs.T#..7.m.5..xV q.A...M.....*..>.2..]..d& _..5.Y.!3.&;.......Go..z94.%.C8.Vw''...d\....t~...'X3...YB=.V....A@mw.EFm.......21..H2..G._.Mg.p"...j..FNN./..c..W)q,c=...Tp#2......Q...".SU{"2$^.Eu.2q..M.y6*...%^.s.<..E..D.\.cQ........1...gGB....IEND.B`.

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):7.706863351959631
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:as-installer-7.0.2594-web.exe
                                                                                                        File size:2'333'360 bytes
                                                                                                        MD5:300f31971ebd5be2cc52e0925b8f8776
                                                                                                        SHA1:84d4858f76728b3809402183670b732fee418410
                                                                                                        SHA256:bd98e452f417b03919ce232385d4d5022e1fcea9f57de86fafe934c53c117c24
                                                                                                        SHA512:a7ccf7aa2239eb3a9c225f6ad4a45fe2f284c0e2a3c265c6b407dfc388a4bc7b5b24e71c31ed8f1e437d7322644fadd552e7bb567cd60cb81bcbb3ef0f97d67e
                                                                                                        SSDEEP:49152:ygq8vNCYT1IgK5KrROyFRMD1I4/HqZvn01VlcrYtgPim:ygq2CRPuFRMxzq+/sYtgP7
                                                                                                        TLSH:33B5BD219B05E263D9A11A3A15DC50F41DB56C081E2B88A5CAB5787BB6FC1DCE3F3837
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.Wx..9+..9+..9+^..+?.9+^..+..9+^..+a.9+...+..9+...+..9+..8+^.9+...+R.9+...+..9+...+..9+...+..9+Rich..9+.......................

                                                                                                        File Icon

                                                                                                        Icon Hash:4d70b36954d069b2

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x429283
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:true
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x5432D975 [Mon Oct 6 18:03:33 2014 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:5
                                                                                                        OS Version Minor:1
                                                                                                        File Version Major:5
                                                                                                        File Version Minor:1
                                                                                                        Subsystem Version Major:5
                                                                                                        Subsystem Version Minor:1
                                                                                                        Import Hash:963226e6bbe29f87aa49b92b4ae9a4f1

                                                                                                        Authenticode Signature

                                                                                                        Signature Valid:true
                                                                                                        Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                        Error Number:0
                                                                                                        Not Before, Not After
                                                                                                        • 01/10/2019 01:00:00 05/10/2022 13:00:00
                                                                                                        Subject Chain
                                                                                                        • CN=Microchip Technology Incorporated, OU=Software Development, O=Microchip Technology Incorporated, L=Chandler, S=Arizona, C=US, SERIALNUMBER=2187388, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                        Version:3
                                                                                                        Thumbprint MD5:AFF1562FDC85A86C068192C969772E80
                                                                                                        Thumbprint SHA-1:13B3A92256755B0547F9950FD2ADC2EB377248FA
                                                                                                        Thumbprint SHA-256:894BBD1555C1C48D8373C259508C73C7399D4A405667B8466C97EB0A70C7785D
                                                                                                        Serial:04E210B46FA54ECDE5E1BF4874069082

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        call 00007F93A887F791h
                                                                                                        jmp 00007F93A887BC14h
                                                                                                        cmp ecx, dword ptr [00462000h]
                                                                                                        jne 00007F93A887BD94h
                                                                                                        rep ret
                                                                                                        jmp 00007F93A887FF1Ah
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        mov edx, dword ptr [esp+0Ch]
                                                                                                        mov ecx, dword ptr [esp+04h]
                                                                                                        test edx, edx
                                                                                                        je 00007F93A887BE11h
                                                                                                        movzx eax, byte ptr [esp+08h]
                                                                                                        bt dword ptr [00463F5Ch], 01h
                                                                                                        jnc 00007F93A887BD9Fh
                                                                                                        mov ecx, dword ptr [esp+0Ch]
                                                                                                        push edi
                                                                                                        mov edi, dword ptr [esp+08h]
                                                                                                        rep stosb
                                                                                                        jmp 00007F93A887BDEFh
                                                                                                        mov edx, dword ptr [esp+0Ch]
                                                                                                        cmp edx, 00000080h
                                                                                                        jl 00007F93A887BDA0h
                                                                                                        bt dword ptr [00462060h], 01h
                                                                                                        jc 00007F93A887FFD0h
                                                                                                        push edi
                                                                                                        mov edi, ecx
                                                                                                        cmp edx, 04h
                                                                                                        jc 00007F93A887BDC3h
                                                                                                        neg ecx
                                                                                                        and ecx, 03h
                                                                                                        je 00007F93A887BD9Eh
                                                                                                        sub edx, ecx
                                                                                                        mov byte ptr [edi], al
                                                                                                        add edi, 01h
                                                                                                        sub ecx, 01h
                                                                                                        jne 00007F93A887BD88h
                                                                                                        mov ecx, eax
                                                                                                        shl eax, 08h
                                                                                                        add eax, ecx
                                                                                                        mov ecx, eax
                                                                                                        shl eax, 10h
                                                                                                        add eax, ecx
                                                                                                        mov ecx, edx
                                                                                                        and edx, 03h
                                                                                                        shr ecx, 02h
                                                                                                        je 00007F93A887BD98h
                                                                                                        rep stosd
                                                                                                        test edx, edx
                                                                                                        je 00007F93A887BD9Ch
                                                                                                        mov byte ptr [edi], al
                                                                                                        add edi, 01h
                                                                                                        sub edx, 01h
                                                                                                        jne 00007F93A887BD88h
                                                                                                        mov eax, dword ptr [esp+08h]
                                                                                                        pop edi
                                                                                                        ret
                                                                                                        mov eax, dword ptr [esp+04h]
                                                                                                        ret
                                                                                                        push edi
                                                                                                        push esi
                                                                                                        mov esi, dword ptr [esp+10h]
                                                                                                        mov ecx, dword ptr [esp+14h]
                                                                                                        mov edi, dword ptr [esp+0Ch]
                                                                                                        mov eax, ecx
                                                                                                        mov edx, ecx
                                                                                                        add eax, esi
                                                                                                        cmp edi, esi
                                                                                                        jbe 00007F93A887BD9Ah
                                                                                                        cmp edi, eax

                                                                                                        Rich Headers

                                                                                                        Programming Language:
                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                        • [C++] VS2013 build 21005
                                                                                                        • [RES] VS2013 build 21005
                                                                                                        • [LNK] VS2013 build 21005

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5fee40x140.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x680000xb0538.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x2371c80x28e8
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x1190000x3b40.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x455000x38.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x5f8280x18.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5f7e00x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x450000x484.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x438980x43a008a332a48d32cc8a2ef03a63dd16a2b31False0.5333800254158965data6.540296920088085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0x450000x1c85a0x1ca00406d893bb153582c03236b74c27fcf37False0.29034183951965065data4.978924484523845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x620000x33c00x14005cdff0159191cd6c1e82dfd591bd5835False0.319140625data3.47280520069637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .wixburn0x660000x380x2008a7fcc0ca1a0652b9e33eca6506a73f5False0.095703125data0.5166818813429501IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .tls0x670000x90x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .rsrc0x680000xb05380xb060049cf9bd65146b84ff985220546a38610False0.3481753299964564data6.815692851988974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x1190000x3b400x3c0090794be6b700278185093370d7a19eebFalse0.7936197916666666data6.751188222077023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        RT_BITMAP0x684c00x772a8Device independent bitmap graphic, 495 x 328 x 24, image size 0, resolution 2835 x 2835 px/mEnglishUnited States0.45710750167996983
                                                                                                        RT_ICON0xdf7680x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.4031791907514451
                                                                                                        RT_ICON0xdfcd00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.6048387096774194
                                                                                                        RT_ICON0xdffb80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5794223826714802
                                                                                                        RT_ICON0xe08600xca8Device independent bitmap graphic, 32 x 64 x 24, image size 0EnglishUnited States0.3253086419753086
                                                                                                        RT_ICON0xe15080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.26852720450281425
                                                                                                        RT_ICON0xe25b00x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.34573170731707314
                                                                                                        RT_ICON0xe2c180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5242537313432836
                                                                                                        RT_ICON0xe3ac00x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 0EnglishUnited States0.2390948745910578
                                                                                                        RT_ICON0xe57680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.1988589211618257
                                                                                                        RT_ICON0xe7d100xa68Device independent bitmap graphic, 64 x 128 x 4, image size 0EnglishUnited States0.31343843843843844
                                                                                                        RT_ICON0xe87780x1628Device independent bitmap graphic, 64 x 128 x 8, image size 0EnglishUnited States0.3795839210155148
                                                                                                        RT_ICON0xe9da00x3228Device independent bitmap graphic, 64 x 128 x 24, image size 0EnglishUnited States0.13598130841121495
                                                                                                        RT_ICON0xecfc80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.11035663675011809
                                                                                                        RT_ICON0xf11f00x2868Device independent bitmap graphic, 128 x 256 x 4, image size 0EnglishUnited States0.12432327919566899
                                                                                                        RT_ICON0xf3a580x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 0EnglishUnited States0.0844788674599918
                                                                                                        RT_ICON0xf86800xc828Device independent bitmap graphic, 128 x 256 x 24, image size 0EnglishUnited States0.03948087431693989
                                                                                                        RT_ICON0x104ea80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.030344256476990416
                                                                                                        RT_MESSAGETABLE0x1156d00x259cdataEnglishUnited States0.28926049023680933
                                                                                                        RT_GROUP_ICON0x117c6c0xf4dataEnglishUnited States0.5573770491803278
                                                                                                        RT_VERSION0x117d600x304dataEnglishUnited States0.45984455958549225
                                                                                                        RT_MANIFEST0x1180640x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        ADVAPI32.dllOpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegCloseKey, RegQueryValueExW, RegDeleteValueW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, QueryServiceConfigW, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, RegOpenKeyExW
                                                                                                        USER32.dllGetMessageW, PeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, TranslateMessage, DefWindowProcW, RegisterClassW, UnregisterClassW, CreateWindowExW, MessageBoxW, GetCursorPos, GetWindowLongW, SetWindowLongW, DispatchMessageW, LoadCursorW, IsDialogMessageW, MonitorFromPoint, GetMonitorInfoW, PostThreadMessageW, MsgWaitForMultipleObjects, LoadBitmapW
                                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantInit, VariantClear
                                                                                                        GDI32.dllSelectObject, DeleteObject, GetObjectW, StretchBlt, CreateCompatibleDC, DeleteDC
                                                                                                        SHELL32.dllShellExecuteExW, SHGetFolderPathW, CommandLineToArgvW
                                                                                                        ole32.dllCoInitializeEx, CoUninitialize, CoInitializeSecurity, CLSIDFromProgID, CoInitialize, CoTaskMemFree, CoCreateInstance, StringFromGUID2
                                                                                                        KERNEL32.dllVerSetConditionMask, FreeLibrary, GetProcAddress, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, lstrlenW, GetModuleHandleExW, GetSystemDirectoryW, GetTempPathW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetComputerNameW, VerifyVersionInfoW, GetVolumePathNameW, CompareStringW, GetDateFormatW, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ExpandEnvironmentStringsW, GetFileAttributesW, ReadFile, SetFilePointerEx, CreateFileW, CreateProcessW, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, LoadLibraryW, lstrlenA, RemoveDirectoryW, CreateEventW, GetCurrentProcessId, ProcessIdToSessionId, LocalFree, OpenProcess, GetProcessId, WaitForSingleObject, WriteFile, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, GetVersionExW, SetFileAttributesW, FindFirstFileW, FindNextFileW, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileA, CompareStringA, SetCurrentDirectoryW, GetCurrentDirectoryW, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, GetModuleHandleW, TlsFree, TlsSetValue, TlsGetValue, GetLastError, GetCurrentThreadId, VirtualFree, VirtualAlloc, MoveFileExW, CopyFileW, DeleteFileW, GetFileSizeEx, GlobalFree, GlobalAlloc, GetModuleHandleA, GetCurrentProcess, HeapSetInformation, GetFullPathNameW, CreateDirectoryW, TlsAlloc, CloseHandle, Sleep, ReleaseMutex, DeleteCriticalSection, FindClose, InitializeCriticalSection, TerminateProcess, InitializeCriticalSectionAndSpinCount, GetTempFileNameW, FormatMessageW, GetLocalTime, SetFilePointer, FlushFileBuffers, WriteConsoleW, SetStdHandle, LCMapStringW, HeapSize, HeapReAlloc, GetConsoleMode, GetConsoleCP, OutputDebugStringW, RtlUnwind, LoadLibraryExW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, HeapFree, RaiseException, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, HeapAlloc, IsProcessorFeaturePresent, IsDebuggerPresent, GetCommandLineW, SetLastError, EncodePointer, DecodePointer, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, GetProcessHeap, GetStdHandle, GetFileType, GetStartupInfoW, GetModuleFileNameW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW
                                                                                                        Cabinet.dll
                                                                                                        CRYPT32.dllCertGetCertificateContextProperty, CryptHashPublicKeyInfo
                                                                                                        msi.dll
                                                                                                        RPCRT4.dllUuidCreate
                                                                                                        WININET.dllInternetErrorDlg, InternetOpenW, InternetConnectW, InternetCloseHandle, InternetReadFile, InternetSetOptionW, HttpOpenRequestW, HttpAddRequestHeadersW, HttpSendRequestW, HttpQueryInfoW, InternetCrackUrlW
                                                                                                        WINTRUST.dllWTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, WinVerifyTrust, CryptCATAdminCalcHashFromFileHandle
                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                        SHLWAPI.dllPathCanonicalizeW

                                                                                                        Possible Origin

                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                        EnglishUnited States

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Apr 25, 2024 23:06:31.773467064 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:31.773504019 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:31.773557901 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:31.788331985 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:31.788352013 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.161848068 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.161928892 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:32.167264938 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:32.167293072 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.167599916 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.215539932 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:32.229557991 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:32.276156902 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.540088892 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.540196896 CEST4434973352.92.181.152192.168.2.4
                                                                                                        Apr 25, 2024 23:06:32.540323019 CEST49733443192.168.2.452.92.181.152
                                                                                                        Apr 25, 2024 23:06:32.552577972 CEST49733443192.168.2.452.92.181.152

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Apr 25, 2024 23:06:31.657493114 CEST6024853192.168.2.41.1.1.1
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST53602481.1.1.1192.168.2.4

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Apr 25, 2024 23:06:31.657493114 CEST192.168.2.41.1.1.10x836dStandard query (0)s3-us-west-2.amazonaws.comA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.181.152A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.147.64A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.218.233.72A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.187.248A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.201.128A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.209.144A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.92.210.16A (IP address)IN (0x0001)false
                                                                                                        Apr 25, 2024 23:06:31.769025087 CEST1.1.1.1192.168.2.40x836dNo error (0)s3-us-west-2.amazonaws.com52.218.230.40A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • s3-us-west-2.amazonaws.com

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.44973352.92.181.1524437524C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-04-25 21:06:32 UTC119OUTGET /atmel-studio/update-info/7.0/update-aws.xml HTTP/1.1
                                                                                                        Host: s3-us-west-2.amazonaws.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-04-25 21:06:32 UTC426INHTTP/1.1 200 OK
                                                                                                        x-amz-id-2: QJjr2Oote8Fk79ejJrt0vrEpxgLh+RFWD5PIXCS6GK9ZUOdkY2Z/Fa2PBWPIoO2B8xTpTLdjb9U=
                                                                                                        x-amz-request-id: MP6A72HEJGFV1FM7
                                                                                                        Date: Thu, 25 Apr 2024 21:06:33 GMT
                                                                                                        Last-Modified: Wed, 22 Jun 2022 12:23:03 GMT
                                                                                                        ETag: "8e0b3426b730b215a58f1c43950c6bef"
                                                                                                        x-amz-version-id: WnSWC0utjbdTF5i9QgdMK3tM0UlXdKTp
                                                                                                        Accept-Ranges: bytes
                                                                                                        Content-Type: text/xml
                                                                                                        Server: AmazonS3
                                                                                                        Content-Length: 680
                                                                                                        Connection: close
                                                                                                        2024-04-25 21:06:32 UTC680INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 56 69 73 75 61 6c 49 6e 73 74 61 6c 6c 65 72 55 70 64 61 74 65 49 6e 66 6f 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 61 69 6b 61 34 32 2e 63 6f 6d 2f 73 63 68 65 6d 61 73 2f 76 69 73 75 61 6c 69 6e 73 74 61 6c 6c 65 72 2f 75 70 64 61 74 65 69 6e 66 6f 2f 31 2e 30 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 0d 0a 3c 56 65 72 73 69 6f 6e 3e 37 2e 30 2e 32 35 39 34 3c 2f 56 65 72 73 69 6f 6e 3e 0d 0a 3c 4e 61 6d 65 3e 4d 69 63 72 6f 63 68 69 70 20 53 74 75 64 69 6f 3c 2f 4e 61 6d 65 3e 0d 0a 3c 44
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><VisualInstallerUpdateInfo xmlns="http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><Version>7.0.2594</Version><Name>Microchip Studio</Name><D


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:23:06:23
                                                                                                        Start date:25/04/2024
                                                                                                        Path:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\as-installer-7.0.2594-web.exe"
                                                                                                        Imagebase:0x40000
                                                                                                        File size:2'333'360 bytes
                                                                                                        MD5 hash:300F31971EBD5BE2CC52E0925B8F8776
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:1
                                                                                                        Start time:23:06:23
                                                                                                        Start date:25/04/2024
                                                                                                        Path:C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504
                                                                                                        Imagebase:0x40000
                                                                                                        File size:2'333'360 bytes
                                                                                                        MD5 hash:300F31971EBD5BE2CC52E0925B8F8776
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:false

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Executed Functions

                                                                                                          Function 00079513 Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 333COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00079553
                                                                                                          • _memset.LIBCMT ref: 00079575
                                                                                                          • _memset.LIBCMT ref: 0007958E
                                                                                                          • _memset.LIBCMT ref: 000795A7
                                                                                                          • _memset.LIBCMT ref: 000795C0
                                                                                                          • _memset.LIBCMT ref: 000795D9
                                                                                                          • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 000795F0
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000795FA
                                                                                                          • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00079643
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00079649
                                                                                                          • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 00079958
                                                                                                          • LocalFree.KERNEL32(?), ref: 0007996E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset$ErrorInitializeLastSecurity$CreateDescriptorFreeKnownLocalWell
                                                                                                          • String ID: srputil.cpp
                                                                                                          • API String ID: 3939938501-4105181634
                                                                                                          • Opcode ID: 4fc833dc551e5de8ba075218f8b8f7844455008b275a9fe48ec18a78faeb1543
                                                                                                          • Instruction ID: d170e6c872ce5fd83a514aca3700a4ae88cb4b5e18415fb164be28ed46294087
                                                                                                          • Opcode Fuzzy Hash: 4fc833dc551e5de8ba075218f8b8f7844455008b275a9fe48ec18a78faeb1543
                                                                                                          • Instruction Fuzzy Hash: A5C14572D4172DAAFB209B698D44BDAB6FCFF09340F014266ED49F6140E7749E808FA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00041BFB Relevance: 44.1, APIs: 7, Strings: 18, Instructions: 314COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 558 41bfb-41c91 call 692a0 * 2 call 410a8 565 41c93-41c98 558->565 566 41c9d-41cc1 call 776c1 call 42083 CoInitializeEx 558->566 567 41e5d-41e6b call 77258 565->567 577 41cc3-41cc8 566->577 578 41ccd-41cf3 GetModuleHandleW call 7750f call 76cd7 566->578 573 41f1d-41f24 567->573 575 41f26-41f2c call 7af5b 573->575 576 41f31-41f33 573->576 575->576 580 41f35-41f3c 576->580 581 41f58-41f76 call 49d02 call 5635a call 565de 576->581 577->567 592 41cf5-41cfa 578->592 593 41cff-41d14 call 78c36 578->593 580->581 583 41f3e-41f53 call 7753a 580->583 598 41fa4-41fb7 call 41a8c 581->598 599 41f78-41f80 581->599 583->581 592->567 600 41d16-41d1b 593->600 601 41d20-41d35 call 7c191 593->601 611 41fbe-41fc5 598->611 612 41fb9 call 7d0ec 598->612 599->598 602 41f82-41f85 599->602 600->567 609 41d37-41d3c 601->609 610 41d41-41d56 call 7cc16 601->610 602->598 605 41f87-41fa2 call 50498 call 4206d 602->605 605->598 609->567 627 41d62-41d87 GetVersionExW 610->627 628 41d58-41d5d 610->628 613 41fc7 call 7c5ae 611->613 614 41fcc-41fd3 611->614 612->611 613->614 619 41fd5 call 79272 614->619 620 41fda-41fe1 614->620 619->620 624 41fe3 call 76de6 620->624 625 41fe8-41fef 620->625 624->625 630 41ff7-41ffe 625->630 631 41ff1 CoUninitialize 625->631 632 41dbe-41e0e call 784db call 4206d 627->632 633 41d89-41db9 GetLastError call 76473 627->633 628->567 635 42000-42002 630->635 636 42033-4203b 630->636 631->630 656 41e10-41e1b call 7af5b 632->656 657 41e21-41e32 call 533e9 632->657 633->567 641 42004-42006 635->641 642 42008 635->642 639 42044-42046 636->639 640 4203d-4203f call 77134 636->640 646 4204d-4204f 639->646 647 42048 call 41248 639->647 640->639 648 4200a-42023 call 4ffa7 call 4206d 641->648 642->648 651 42051-42053 call 7780c 646->651 652 42058-4206a call 6928d 646->652 647->646 648->636 666 42025-42032 call 4206d 648->666 651->652 656->657 667 41e34-41e39 657->667 668 41e3b-41e44 657->668 666->636 667->567 670 41e4a-41e4b 668->670 671 41edb-41efd call 4179c 668->671 674 41e4d-41e4e 670->674 675 41ebb-41ec9 call 41548 670->675 682 41eff-41f04 671->682 683 41f09-41f1b 671->683 678 41e90-41eb2 call 4173f 674->678 679 41e50-41e51 674->679 685 41ece-41ed2 675->685 678->683 690 41eb4-41eb9 678->690 680 41e70-41e83 call 419d9 679->680 681 41e53-41e58 679->681 680->683 691 41e89-41e8e 680->691 681->567 682->567 683->573 685->683 688 41ed4-41ed9 685->688 688->567 690->567 691->567
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00041C59
                                                                                                          • _memset.LIBCMT ref: 00041C79
                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,00000003,00000000), ref: 00041CB7
                                                                                                          • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00041FF1
                                                                                                            • Part of subcall function 000419D9: CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?), ref: 00041A5F
                                                                                                            • Part of subcall function 00041548: ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00041725
                                                                                                            • Part of subcall function 00041548: CloseHandle.KERNEL32(00000000), ref: 0004172E
                                                                                                            • Part of subcall function 0004179C: IsWindow.USER32(?), ref: 000419A6
                                                                                                            • Part of subcall function 0004179C: PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000419B9
                                                                                                            • Part of subcall function 0004179C: CloseHandle.KERNEL32(00000000), ref: 000419C8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$_memset$InitializeMessageMutexPostReleaseUninitializeWindow
                                                                                                          • String ID: 3.9.1006.0$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                          • API String ID: 866263047-4199156002
                                                                                                          • Opcode ID: 06e4325f6f868482efef65caf31c7967a81399a1e1bee5580fb5674b4876b74a
                                                                                                          • Instruction ID: c600bfbe2537477916ab1302f8fe6f849148246490bb9d976a0ce9b1f94d25b4
                                                                                                          • Opcode Fuzzy Hash: 06e4325f6f868482efef65caf31c7967a81399a1e1bee5580fb5674b4876b74a
                                                                                                          • Instruction Fuzzy Hash: CCB191B1D41629ABDB31AB648C45BEE76F9AF08711F4001B5F90CA7242DB359ED0CF98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007C6FF Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 152libraryloadercomCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 902 7c6ff-7c723 GetModuleHandleA 903 7c725-7c753 GetLastError call 76473 902->903 904 7c758-7c769 GetProcAddress 902->904 912 7c876-7c87b 903->912 906 7c7ab 904->906 907 7c76b-7c78f GetProcAddress * 3 904->907 911 7c7ad-7c7ca CoCreateInstance 906->911 909 7c7a7-7c7a9 907->909 910 7c791-7c793 907->910 909->911 910->909 913 7c795-7c797 910->913 914 7c860-7c862 911->914 915 7c7d0-7c7d2 911->915 918 7c883-7c888 912->918 919 7c87d-7c87f 912->919 913->909 920 7c799-7c7a5 913->920 916 7c875 914->916 917 7c864-7c86b 914->917 921 7c7d7-7c7e7 915->921 916->912 917->916 931 7c86d-7c86f ExitProcess 917->931 924 7c890-7c897 918->924 925 7c88a-7c88c 918->925 919->918 920->911 922 7c7f1 921->922 923 7c7e9-7c7ed 921->923 928 7c7f3-7c803 922->928 923->921 926 7c7ef 923->926 925->924 930 7c80b 926->930 932 7c815-7c819 928->932 933 7c805-7c809 928->933 930->932 934 7c844-7c855 932->934 935 7c81b-7c82e call 7c89a 932->935 933->928 933->930 934->914 938 7c857-7c85e 934->938 935->914 940 7c830-7c842 935->940 938->914 940->914 940->934
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000), ref: 0007C719
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0007CDDB,00000000,?), ref: 0007C725
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0007C765
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0007C771
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 0007C77C
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 0007C786
                                                                                                          • CoCreateInstance.OLE32(000A4270,00000000,00000001,00085CD8,?), ref: 0007C7C0
                                                                                                          • ExitProcess.KERNEL32 ref: 0007C86F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                          • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$pB$pB$pB$pB$xmlutil.cpp
                                                                                                          • API String ID: 2124981135-3312943652
                                                                                                          • Opcode ID: 3e2e0fa8ea7b6b186e9db707718b448d253ba69e2483b422bbc873952aba2d4f
                                                                                                          • Instruction ID: af6f81ba5bd46ebd748260fc4f49592f8aee7babc547023351c3edeb2a927091
                                                                                                          • Opcode Fuzzy Hash: 3e2e0fa8ea7b6b186e9db707718b448d253ba69e2483b422bbc873952aba2d4f
                                                                                                          • Instruction Fuzzy Hash: B841BE31E00315ABEB64DBA8CC84FAEB7E4EF45710F11816CE909EB250DB79DD008B99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00077883 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 1357844191-0
                                                                                                          • Opcode ID: 60140d3aba62bb5f2ecb8103dd5299f7150ebf1fe77ff73a8df27358509ea0ac
                                                                                                          • Instruction ID: 803fec5b2a032ecc4585c1a316dc6a67485173da8f1b216d5a4c9a578ebdd745
                                                                                                          • Opcode Fuzzy Hash: 60140d3aba62bb5f2ecb8103dd5299f7150ebf1fe77ff73a8df27358509ea0ac
                                                                                                          • Instruction Fuzzy Hash: CDC012361A0A0CABCB006FF8EC0AC8A7BACBB28643B008400B945C6051CA3CE2108B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004BD80 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 4bd80-4bdb6 call 7d065 3 4bdb8-4bdc5 call 77258 0->3 4 4bdca-4bde3 call 7c9a2 0->4 9 4c2b2-4c2b7 3->9 10 4bde5-4bdea 4->10 11 4bdef-4be04 call 7c9a2 4->11 12 4c2bf-4c2c4 9->12 13 4c2b9-4c2bb 9->13 14 4c2a9-4c2b0 call 77258 10->14 23 4be06-4be0b 11->23 24 4be10-4be1d call 4aea7 11->24 17 4c2c6-4c2c8 12->17 18 4c2cc-4c2d1 12->18 13->12 26 4c2b1 14->26 17->18 21 4c2d3-4c2d5 18->21 22 4c2d9-4c2dd 18->22 21->22 27 4c2e7-4c2ee 22->27 28 4c2df-4c2e2 call 7af5b 22->28 23->14 31 4be1f-4be24 24->31 32 4be29-4be3e call 7c9a2 24->32 26->9 28->27 31->14 35 4be40-4be45 32->35 36 4be4a-4be5c call 7e33a 32->36 35->14 39 4be5e-4be66 36->39 40 4be6b-4be80 call 7c9a2 36->40 41 4c135-4c13e call 77258 39->41 46 4be82-4be87 40->46 47 4be8c-4bea1 call 7c9a2 40->47 41->26 46->14 50 4bea3-4bea8 47->50 51 4bead-4bebf call 7cbb6 47->51 50->14 54 4bec1-4bec6 51->54 55 4becb-4bee1 call 7d065 51->55 54->14 58 4bee7-4bee9 55->58 59 4c190-4c1aa call 4b123 55->59 60 4bef5-4bf0a call 7cbb6 58->60 61 4beeb-4bef0 58->61 66 4c1b6-4c1ce call 7d065 59->66 67 4c1ac-4c1b1 59->67 69 4bf16-4bf2b call 7c9a2 60->69 70 4bf0c-4bf11 60->70 61->14 74 4c1d4-4c1d6 66->74 75 4c298-4c299 call 4b534 66->75 67->14 76 4bf2d-4bf2f 69->76 77 4bf3b-4bf50 call 7c9a2 69->77 70->14 78 4c1e2-4c200 call 7c9a2 74->78 79 4c1d8-4c1dd 74->79 84 4c29e-4c2a2 75->84 76->77 81 4bf31-4bf36 76->81 88 4bf60-4bf75 call 7c9a2 77->88 89 4bf52-4bf54 77->89 90 4c202-4c207 78->90 91 4c20c-4c224 call 7c9a2 78->91 79->14 81->14 84->26 87 4c2a4 84->87 87->14 99 4bf85-4bf9a call 7c9a2 88->99 100 4bf77-4bf79 88->100 89->88 92 4bf56-4bf5b 89->92 90->14 97 4c226-4c228 91->97 98 4c231-4c249 call 7c9a2 91->98 92->14 97->98 102 4c22a-4c22f 97->102 107 4c256-4c26e call 7c9a2 98->107 108 4c24b-4c24d 98->108 109 4bf9c-4bf9e 99->109 110 4bfaa-4bfbf call 7c9a2 99->110 100->99 103 4bf7b-4bf80 100->103 102->14 103->14 117 4c277-4c28f call 7c9a2 107->117 118 4c270-4c275 107->118 108->107 111 4c24f-4c254 108->111 109->110 112 4bfa0-4bfa5 109->112 119 4bfc1-4bfc3 110->119 120 4bfcf-4bfe4 call 7c9a2 110->120 111->14 112->14 117->75 126 4c291-4c296 117->126 118->14 119->120 122 4bfc5-4bfca 119->122 127 4bff4-4c009 call 7c9a2 120->127 128 4bfe6-4bfe8 120->128 122->14 126->14 132 4c019-4c02e call 7c9a2 127->132 133 4c00b-4c00d 127->133 128->127 129 4bfea-4bfef 128->129 129->14 137 4c030-4c032 132->137 138 4c03e-4c056 call 7c9a2 132->138 133->132 134 4c00f-4c014 133->134 134->14 137->138 139 4c034-4c039 137->139 142 4c066-4c07e call 7c9a2 138->142 143 4c058-4c05a 138->143 139->14 147 4c080-4c082 142->147 148 4c08e-4c0a3 call 7c9a2 142->148 143->142 144 4c05c-4c061 143->144 144->14 147->148 149 4c084-4c089 147->149 152 4c143-4c145 148->152 153 4c0a9-4c0c6 CompareStringW 148->153 149->14 154 4c147-4c14e 152->154 155 4c150-4c152 152->155 156 4c0d0-4c0e5 CompareStringW 153->156 157 4c0c8-4c0ce 153->157 154->155 158 4c154-4c159 155->158 159 4c15e-4c176 call 7cbb6 155->159 161 4c0e7-4c0f1 156->161 162 4c0f3-4c108 CompareStringW 156->162 160 4c111-4c116 157->160 158->14 159->59 168 4c178-4c17a 159->168 160->155 161->160 164 4c118-4c130 call 76473 162->164 165 4c10a 162->165 164->41 165->160 170 4c186 168->170 171 4c17c-4c181 168->171 170->59 171->14
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                          • API String ID: 0-2956246334
                                                                                                          • Opcode ID: 681712e7800e6a4a712abd0295049663beb0c21df3bc59e45442e51ecba3fbea
                                                                                                          • Instruction ID: 238eb08666848bd873070f8e2caaddb13997941e6cfbed963f3c5b29bc9ada58
                                                                                                          • Opcode Fuzzy Hash: 681712e7800e6a4a712abd0295049663beb0c21df3bc59e45442e51ecba3fbea
                                                                                                          • Instruction Fuzzy Hash: 47E149B2F41635BBFB61BAE0CD41EFD76647B05710F104232FA94BB251D7A2AD00978A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00047994 Relevance: 98.6, APIs: 28, Strings: 28, Instructions: 576fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 172 47994-47a26 call 692a0 * 2 call 784db 179 47a33-47a56 CreateFileW 172->179 180 47a28 172->180 182 47a9c-47aab SetFilePointerEx 179->182 183 47a58-47a97 GetLastError call 76473 call 77258 179->183 181 47a2d-47a2e 180->181 184 48126-4812c call 77258 181->184 186 47ae2-47afc ReadFile 182->186 187 47aad-47add GetLastError call 76473 182->187 199 4812d-48134 183->199 184->199 188 47b33-47b3a 186->188 189 47afe-47b29 GetLastError call 76473 186->189 187->181 195 47b40-47b49 188->195 196 4810c-48120 call 76473 188->196 189->188 195->196 201 47b4f-47b5f SetFilePointerEx 195->201 212 48125 196->212 204 48136-4813c call 7af5b 199->204 205 48141-48153 call 6928d 199->205 206 47b96-47bae ReadFile 201->206 207 47b61-47b8c GetLastError call 76473 201->207 204->205 213 47be5-47bec 206->213 214 47bb0-47bdb GetLastError call 76473 206->214 207->206 212->184 215 480f1-4810a call 76473 213->215 216 47bf2-47bfc 213->216 214->213 215->212 216->215 221 47c02-47c25 SetFilePointerEx 216->221 223 47c27-47c52 GetLastError call 76473 221->223 224 47c5c-47c74 ReadFile 221->224 223->224 227 47c76-47ca4 GetLastError call 76473 224->227 228 47cae-47cc6 ReadFile 224->228 227->228 231 47d00-47d1b SetFilePointerEx 228->231 232 47cc8-47cf6 GetLastError call 76473 228->232 234 47d55-47d74 ReadFile 231->234 235 47d1d-47d4b GetLastError call 76473 231->235 232->231 239 480b8-480e7 GetLastError call 76473 234->239 240 47d7a-47d7c 234->240 235->234 239->215 243 47d7d-47d84 240->243 245 48090-480ad call 76473 243->245 246 47d8a-47d96 243->246 254 480b2 245->254 247 47da1-47daa 246->247 248 47d98-47d9f 246->248 251 47db0-47dd6 ReadFile 247->251 252 48053-4806a call 76473 247->252 248->247 250 47de4-47deb 248->250 255 47e14-47e2b call 77883 250->255 256 47ded-47e0f call 76473 250->256 251->239 258 47ddc-47de2 251->258 263 4806f-48075 call 77258 252->263 254->239 266 47e2d-47e4a call 76473 255->266 267 47e4f-47e64 SetFilePointerEx 255->267 256->254 258->243 274 4807b-4807c 263->274 266->184 270 47ea4-47ec9 ReadFile 267->270 271 47e66-47e94 GetLastError call 76473 267->271 272 47f00-47f0c 270->272 273 47ecb-47efe GetLastError call 76473 270->273 287 47e99-47e9f call 77258 271->287 278 47f0e-47f2a call 76473 272->278 279 47f2f-47f33 272->279 273->287 280 4807d-4807f 274->280 278->263 284 47f35-47f69 call 76473 call 77258 279->284 285 47f6e-47f80 call 7e0ab 279->285 280->199 286 48085-4808b call 7794a 280->286 284->280 297 47f82-47f87 285->297 298 47f8c-47f96 285->298 286->199 287->274 297->287 300 47fa0-47fa8 298->300 301 47f98-47f9e 298->301 304 47fb4-47fb7 300->304 305 47faa-47fb2 300->305 303 47fb9-48019 call 77883 301->303 308 4803d-48051 call 69ba0 303->308 309 4801b-48037 call 76473 303->309 304->303 305->303 308->280 309->308
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 000479CD
                                                                                                          • _memset.LIBCMT ref: 000479DF
                                                                                                            • Part of subcall function 000784DB: GetModuleFileNameW.KERNEL32(00047A22,?,00000104,?,00000104,?,00000000,?,?,00047A22,?,00000000,?,?,?,?), ref: 000784FC
                                                                                                          • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000,?,?,?,?,76EEC3F0), ref: 00047A4B
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,76EEC3F0), ref: 00047A58
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File_memset$CreateErrorLastModuleName
                                                                                                          • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get path to engine process.$Failed to get total size of bundle.$Failed to open handle to engine process path: %ls$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$burn$section.cpp
                                                                                                          • API String ID: 3151910114-320543069
                                                                                                          • Opcode ID: 171ff2092dfa37335a47bfea8028a64861ca1faa348040a2f424d7f143c66d50
                                                                                                          • Instruction ID: b604c389f1a57e6824960f9a506e368b1fb150ab10853ebb09c064ec2e93ce04
                                                                                                          • Opcode Fuzzy Hash: 171ff2092dfa37335a47bfea8028a64861ca1faa348040a2f424d7f143c66d50
                                                                                                          • Instruction Fuzzy Hash: 3112E7B1E44625ABEB70AA24CC45FEA76F8FF44700F4081A5FD48EB181DB758D40CBA9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000492CA Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 366COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 314 492ca-492f6 call 7cfde 317 492ff-49310 314->317 318 492f8-492fd 314->318 322 49324-49329 317->322 323 49312 317->323 319 49317-4931f call 77258 318->319 325 4965f-49664 319->325 322->325 326 4932f-49336 call 77883 322->326 323->319 327 49666-49668 325->327 328 4966c-49671 325->328 330 4933b-49342 326->330 327->328 331 49673-49675 328->331 332 49679-4967d 328->332 333 49344-49363 call 76473 call 77258 330->333 334 49368-49375 330->334 331->332 335 49687-4968d 332->335 336 4967f-49682 call 7af5b 332->336 346 4965e 333->346 339 4965b 334->339 340 4937b-4937d 334->340 336->335 343 4965d 339->343 342 49380-49396 call 7cf3b 340->342 349 49735 342->349 350 4939c-493ae call 7c9a2 342->350 343->346 346->325 351 4973a-49742 call 77258 349->351 356 493b4-493c9 call 7c9a2 350->356 357 4972e-49733 350->357 351->343 360 49727-4972c 356->360 361 493cf-493e4 call 7c9a2 356->361 357->351 360->351 364 49720-49725 361->364 365 493ea-49405 CompareStringW 361->365 364->351 366 49407-4940e 365->366 367 49410-49425 CompareStringW 365->367 368 4944e-49452 366->368 369 49427-4942a 367->369 370 4942c-49441 CompareStringW 367->370 373 49454-4946d call 7c9a2 368->373 374 49496-494af call 7cbb6 368->374 369->368 371 49705-4970d 370->371 372 49447 370->372 376 49712-4971b call 77258 371->376 372->368 384 49475-49477 373->384 385 4946f-49473 373->385 381 494b1-494b3 374->381 382 494b9-494d2 call 7c9a2 374->382 376->343 381->382 388 496a4-496a9 381->388 393 494d4-494d8 382->393 394 494da-494dc 382->394 386 4947d-49490 call 4875b 384->386 387 4969a-4969f 384->387 385->374 385->384 386->374 395 49690-49698 386->395 387->351 388->351 393->394 396 494e2-494fb call 7c9a2 393->396 394->396 397 496fe-49703 394->397 395->376 400 49503-49505 396->400 401 494fd-49501 396->401 397->351 402 4950b-49524 call 7c9a2 400->402 403 496f7-496fc 400->403 401->400 401->402 406 49546-4955f call 7c9a2 402->406 407 49526-49528 402->407 403->351 414 49561-49563 406->414 415 49583-4959c call 7c9a2 406->415 408 4952e-49540 call 7b317 407->408 409 496b8-496bd 407->409 408->406 417 496ae-496b3 408->417 409->351 418 496c6-496cb 414->418 419 49569-4957d call 7a92e 414->419 422 495c0-495d5 call 7c9a2 415->422 423 4959e-495a0 415->423 417->351 418->351 419->415 428 496bf-496c4 419->428 432 496f0-496f5 422->432 433 495db-495ef call 7a92e 422->433 425 496d4-496d9 423->425 426 495a6-495ba call 7a92e 423->426 425->351 426->422 434 496cd-496d2 426->434 428->351 432->351 437 495f5-4960e call 7c9a2 433->437 438 496e9-496ee 433->438 434->351 441 49610-49612 437->441 442 49631-49636 437->442 438->351 443 496e2-496e7 441->443 444 49618-4962b call 4818d 441->444 445 49642-49655 442->445 446 49638-4963e 442->446 443->351 444->442 450 496db-496e0 444->450 445->339 445->342 446->445 450->351
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,00041ECE,00000000,000865C8,00041EB6,00000000), ref: 00049400
                                                                                                          Strings
                                                                                                          • Failed to get @SourcePath., xrefs: 000496FE
                                                                                                          • external, xrefs: 0004942E
                                                                                                          • Payload, xrefs: 000492E5
                                                                                                          • Failed to get @Packaging., xrefs: 00049720
                                                                                                          • Failed to parse @FileSize., xrefs: 000496AE
                                                                                                          • Container, xrefs: 00049458
                                                                                                          • Failed to get @FileSize., xrefs: 000496B8
                                                                                                          • Invalid value for @Packaging: %ls, xrefs: 0004970D
                                                                                                          • Failed to get @CertificateRootThumbprint., xrefs: 000496D4
                                                                                                          • Failed to get @Catalog., xrefs: 000496E2
                                                                                                          • FilePath, xrefs: 000493B8
                                                                                                          • Failed to select payload nodes., xrefs: 000492F8
                                                                                                          • LayoutOnly, xrefs: 0004949A
                                                                                                          • SourcePath, xrefs: 000494BD
                                                                                                          • CertificateRootPublicKeyIdentifier, xrefs: 0004954A
                                                                                                          • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 000496C6
                                                                                                          • Failed to to find container: %ls, xrefs: 00049693
                                                                                                          • embedded, xrefs: 00049412
                                                                                                          • Packaging, xrefs: 000493D3
                                                                                                          • Failed to get @DownloadUrl., xrefs: 000496F7
                                                                                                          • Failed to find catalog., xrefs: 000496DB
                                                                                                          • Failed to get @LayoutOnly., xrefs: 000496A4
                                                                                                          • Failed to allocate memory for payload structs., xrefs: 00049356
                                                                                                          • CertificateRootThumbprint, xrefs: 00049587
                                                                                                          • Failed to get next node., xrefs: 00049735
                                                                                                          • DownloadUrl, xrefs: 000494E6
                                                                                                          • Failed to get @FilePath., xrefs: 00049727
                                                                                                          • Hash, xrefs: 000495C4
                                                                                                          • payload.cpp, xrefs: 0004934C
                                                                                                          • FileSize, xrefs: 0004950F
                                                                                                          • Catalog, xrefs: 000495F9
                                                                                                          • download, xrefs: 000493F2
                                                                                                          • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 000496BF
                                                                                                          • Failed to get @Id., xrefs: 0004972E
                                                                                                          • Failed to hex decode @CertificateRootThumbprint., xrefs: 000496CD
                                                                                                          • Failed to get payload node count., xrefs: 00049312
                                                                                                          • Failed to get @Hash., xrefs: 000496F0
                                                                                                          • Failed to get @Container., xrefs: 0004969A
                                                                                                          • Failed to hex decode the Payload/@Hash., xrefs: 000496E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateCompareProcessString
                                                                                                          • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                                                          • API String ID: 1171520630-3127305756
                                                                                                          • Opcode ID: 74773303e2da18b75d6a67c75d03c1e2ad9ed65b121faf754b59364dfe11c2ba
                                                                                                          • Instruction ID: 21b16679919623ba391ddb0ea273496c361858ec7e478e258438c4cf96d3b793
                                                                                                          • Opcode Fuzzy Hash: 74773303e2da18b75d6a67c75d03c1e2ad9ed65b121faf754b59364dfe11c2ba
                                                                                                          • Instruction Fuzzy Hash: D6C102B1D54629BBCB21BEA0CC46EEFB7A4BB00720F158274FA45BB181D7359E10D798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C3E0 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 451 5c3e0-5c3f9 SetEvent 452 5c433-5c43f WaitForSingleObject 451->452 453 5c3fb-5c42e GetLastError call 76473 451->453 455 5c441-5c474 GetLastError call 76473 452->455 456 5c479-5c484 ResetEvent 452->456 463 5c784-5c785 call 77258 453->463 455->463 459 5c486-5c4b9 GetLastError call 76473 456->459 460 5c4be-5c4c2 456->460 459->463 461 5c4c4-5c4c7 460->461 462 5c4fd-5c516 call 7aaac 460->462 466 5c4f3-5c4f8 461->466 467 5c4c9-5c4ee call 76473 call 77258 461->467 477 5c531-5c53c SetEvent 462->477 478 5c518-5c52c call 77258 462->478 473 5c78a-5c78b 463->473 472 5c78c-5c78e 466->472 467->473 476 5c78f-5c79f 472->476 473->472 481 5c567-5c573 WaitForSingleObject 477->481 482 5c53e-5c55d GetLastError 477->482 478->472 483 5c575-5c594 GetLastError 481->483 484 5c59e-5c5a9 ResetEvent 481->484 482->481 483->484 487 5c5d4-5c5d9 484->487 488 5c5ab-5c5ca GetLastError 484->488 489 5c642-5c664 CreateFileW 487->489 490 5c5db-5c5dc 487->490 488->487 491 5c666-5c697 GetLastError call 76473 489->491 492 5c6a1-5c6b6 SetFilePointerEx 489->492 493 5c5ff-5c606 call 77883 490->493 494 5c5de-5c5df 490->494 491->492 498 5c6f0-5c6fb SetEndOfFile 492->498 499 5c6b8-5c6eb GetLastError call 76473 492->499 501 5c60b-5c610 493->501 496 5c5e1-5c5e2 494->496 497 5c5f8-5c5fa 494->497 496->466 503 5c5e8-5c5ee 496->503 497->476 505 5c732-5c74f SetFilePointerEx 498->505 506 5c6fd-5c730 GetLastError call 76473 498->506 499->463 508 5c631-5c63d 501->508 509 5c612-5c62c call 76473 501->509 503->497 505->472 510 5c751-5c77f GetLastError call 76473 505->510 506->463 508->472 509->463 510->463
                                                                                                          APIs
                                                                                                          • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,0005BF98,?,?), ref: 0005C3EE
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0005BF98,?,?), ref: 0005C3FB
                                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,0005BF98,?,?), ref: 0005C437
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,0005BF98,?,?), ref: 0005C441
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$EventObjectSingleWait
                                                                                                          • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                          • API String ID: 3600396749-2104912459
                                                                                                          • Opcode ID: b021db94a3bd0334d3ec88cdaca059d3fbb9d1b2396d2f4d0f427543525c5481
                                                                                                          • Instruction ID: 6e3f22ed328ec036e9164614bd8944b11f45f60bab0e229517eddee8ebe17ad4
                                                                                                          • Opcode Fuzzy Hash: b021db94a3bd0334d3ec88cdaca059d3fbb9d1b2396d2f4d0f427543525c5481
                                                                                                          • Instruction Fuzzy Hash: B1911232A80B21BFFB216A758D09F6B79D4FF08752F014225FE05FA590E7A5DC109AE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C7A2 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 210COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 797 5c7a2-5c7ce CoInitializeEx 798 5c7d0-5c7dd call 77258 797->798 799 5c7e2-5c82d #20 797->799 807 5ca36-5ca48 call 6928d 798->807 801 5c857-5c879 #22 799->801 802 5c82f-5c852 call 76473 call 77258 799->802 805 5c932-5c93d SetEvent 801->805 806 5c87f-5c887 801->806 817 5ca2f-5ca30 CoUninitialize 802->817 808 5c972-5c980 WaitForSingleObject 805->808 809 5c93f-5c96d GetLastError call 76473 805->809 811 5ca27-5ca2a #23 806->811 812 5c88d-5c893 806->812 814 5c9b2-5c9bd ResetEvent 808->814 815 5c982-5c9b0 GetLastError call 76473 808->815 829 5ca14-5ca1c call 77258 809->829 811->817 812->811 819 5c899-5c8a1 812->819 823 5c9ef-5c9f3 814->823 824 5c9bf-5c9ed GetLastError call 76473 814->824 815->829 817->807 826 5c8a3-5c8a5 819->826 827 5c91a-5c92d call 77258 819->827 834 5c9f5-5c9f8 823->834 835 5ca22 823->835 824->829 832 5c8b7-5c8ba 826->832 833 5c8a7-5c8b5 826->833 827->811 829->811 836 5c914 832->836 837 5c8bc 832->837 843 5c916-5c918 833->843 838 5ca1e-5ca20 834->838 839 5c9fa-5ca0f call 76473 834->839 835->811 836->843 844 5c8f4-5c8f9 837->844 845 5c8e6-5c8eb 837->845 846 5c8d1-5c8d6 837->846 847 5c910-5c912 837->847 848 5c8c3-5c8c8 837->848 849 5c902-5c907 837->849 850 5c8ed-5c8f2 837->850 851 5c8df-5c8e4 837->851 852 5c909-5c90e 837->852 853 5c8d8-5c8dd 837->853 854 5c8fb-5c900 837->854 855 5c8ca-5c8cf 837->855 838->811 839->829 843->805 843->827 844->827 845->827 846->827 847->827 848->827 849->827 850->827 851->827 852->827 853->827 854->827 855->827
                                                                                                          APIs
                                                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 0005C7C4
                                                                                                          • #20.CABINET(0005BEF9,0005BF4E,0005BF9E,0005C0C5,0005C263,0005BF08,0005C15B,000000FF,?), ref: 0005C820
                                                                                                          • CoUninitialize.OLE32 ref: 0005CA30
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeUninitialize
                                                                                                          • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                          • API String ID: 3442037557-1168358783
                                                                                                          • Opcode ID: adfc74b4c550bea53cadfdf1bdf7b5fc26dceb6e0110f0f5a01650245cdbe633
                                                                                                          • Instruction ID: f3fb09946b430b598d2b3736258d525fbbde6395404c41239c80ee6981242b26
                                                                                                          • Opcode Fuzzy Hash: adfc74b4c550bea53cadfdf1bdf7b5fc26dceb6e0110f0f5a01650245cdbe633
                                                                                                          • Instruction Fuzzy Hash: B951D032D84722EFFB305A648C0AE6B79A4EB40752B158225FD06FF1C1DB298D04D6E6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005079E Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 181fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 859 5079e-507da GetCurrentProcessId ReadFile 860 50814-5081e 859->860 861 507dc-5080f GetLastError call 76473 859->861 863 50820-50837 call 76473 860->863 864 50842-50851 call 7a803 860->864 869 50982 861->869 874 5083c-5083d 863->874 871 50853-50858 864->871 872 5085d-5086e ReadFile 864->872 873 50983-50989 call 77258 869->873 871->869 875 50870-508a3 GetLastError call 76473 872->875 876 508a8-508bf CompareStringW 872->876 884 5098a-5098e 873->884 874->873 875->869 879 508c1-508dd call 76473 876->879 880 508e2-508f3 ReadFile 876->880 879->874 885 508f5-50928 GetLastError call 76473 880->885 886 5092a-50931 880->886 890 50990-50993 call 7af5b 884->890 891 50998-509a0 884->891 885->869 887 509a3-509a6 886->887 888 50933-50936 886->888 893 50938-5094d WriteFile 887->893 895 509a8-509bf call 76473 887->895 888->893 890->891 893->884 897 5094f-5097d GetLastError call 76473 893->897 897->869
                                                                                                          APIs
                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,8000FFFF,00000008,?,00050CB5,?,?,00000008), ref: 000507B5
                                                                                                          • ReadFile.KERNELBASE(00000008,00000008,00000004,?,00000000,?,00050CB5,?,?,00000008), ref: 000507D6
                                                                                                          • GetLastError.KERNEL32(?,00050CB5,?,?,00000008), ref: 000507DC
                                                                                                          • WriteFile.KERNEL32(00000008,?,00000004,00050CB5,00000000,?,00050CB5,?,?,00000008), ref: 00050945
                                                                                                          • GetLastError.KERNEL32(?,00050CB5,?,?,00000008), ref: 0005094F
                                                                                                          Strings
                                                                                                          • Verification secret from parent is too big., xrefs: 00050837
                                                                                                          • Failed to allocate buffer for verification secret., xrefs: 00050853
                                                                                                          • Failed to read verification secret from parent pipe., xrefs: 0005089E
                                                                                                          • Failed to read size of verification secret from parent pipe., xrefs: 0005080A
                                                                                                          • Failed to read verification process id from parent pipe., xrefs: 00050923
                                                                                                          • Verification secret from parent does not match., xrefs: 000508D8
                                                                                                          • pipe.cpp, xrefs: 00050800, 0005082B, 00050894, 000508CC, 00050919, 00050973, 000509B3
                                                                                                          • Verification process id from parent does not match., xrefs: 000509BF
                                                                                                          • Failed to inform parent process that child is running., xrefs: 0005097D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLast$CurrentProcessReadWrite
                                                                                                          • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$pipe.cpp
                                                                                                          • API String ID: 3008747291-826945260
                                                                                                          • Opcode ID: f861e6be6ad294df58aade48392cf5cf2d10976b6ec6cd1ae4e5f0c7ad52d8ee
                                                                                                          • Instruction ID: 49324da706172cbf3c8cb9aae00870f68d2f9f4b8d18fa0671f27e705a251bc9
                                                                                                          • Opcode Fuzzy Hash: f861e6be6ad294df58aade48392cf5cf2d10976b6ec6cd1ae4e5f0c7ad52d8ee
                                                                                                          • Instruction Fuzzy Hash: 9351B432E80725BBFB21AAA48C45FBFB6A8BF45711F114126FE84FB191D6748D0087E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043FDE Relevance: 30.3, APIs: 1, Strings: 19, Instructions: 308COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 942 43fde-446f5 InitializeCriticalSection 943 446f8-44712 call 4208e 942->943 946 44714-4471b 943->946 947 4471f-4472d call 77258 943->947 946->943 948 4471d 946->948 950 44730-44742 call 6928d 947->950 948->950
                                                                                                          APIs
                                                                                                          • InitializeCriticalSection.KERNEL32(0004230A,00041E2E,00000000,00041EB6), ref: 00043FFE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalInitializeSection
                                                                                                          • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleManufacturer$WixBundleProviderKey$WixBundleTag$WixBundleVersion
                                                                                                          • API String ID: 32694325-3992539607
                                                                                                          • Opcode ID: 8027df0b965d580eeea7d107a1254b6933c47fdbad0bed22037364c48c061aff
                                                                                                          • Instruction ID: f9c7aed6855b693389b5aaf7581bf8258ab955befb18b296e6131a31a2292b7c
                                                                                                          • Opcode Fuzzy Hash: 8027df0b965d580eeea7d107a1254b6933c47fdbad0bed22037364c48c061aff
                                                                                                          • Instruction Fuzzy Hash: 40126AB0D157698FDB61DF49C9887CDBAB8BB49704F5081EAE14CAA211C7B50B88CF84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A106 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 133registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 954 5a106-5a13e 955 5a160-5a181 RegisterClassW 954->955 956 5a140-5a154 TlsSetValue 954->956 958 5a183-5a1b6 GetLastError call 76473 955->958 959 5a1bb-5a1f2 CreateWindowExW 955->959 956->955 957 5a156-5a15b 956->957 960 5a28a-5a2a0 UnregisterClassW 957->960 969 5a282-5a289 call 77258 958->969 962 5a1f4-5a227 GetLastError call 76473 959->962 963 5a229-5a23d SetEvent 959->963 962->969 964 5a269-5a274 KiUserCallbackDispatcher 963->964 967 5a276 964->967 968 5a23f-5a242 964->968 967->960 971 5a244-5a253 IsDialogMessageW 968->971 972 5a278-5a27d 968->972 969->960 971->964 974 5a255-5a263 TranslateMessage DispatchMessageW 971->974 972->969 974->964
                                                                                                          APIs
                                                                                                          • TlsSetValue.KERNEL32(?,?), ref: 0005A14C
                                                                                                          • RegisterClassW.USER32(?), ref: 0005A178
                                                                                                          • GetLastError.KERNEL32 ref: 0005A183
                                                                                                          • CreateWindowExW.USER32(00000080,0009330C,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 0005A1EA
                                                                                                          • GetLastError.KERNEL32 ref: 0005A1F4
                                                                                                          • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 0005A292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                          • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                          • API String ID: 213125376-288575659
                                                                                                          • Opcode ID: 84c878f2a443a9b2abb0e3b608dad3edfbea3ddf1042eec95e1c08628f3a0ea1
                                                                                                          • Instruction ID: 2dcfc1d156b115e6128e0af8f497b2647b66b73c9eaf2422d44b93864b58a0a2
                                                                                                          • Opcode Fuzzy Hash: 84c878f2a443a9b2abb0e3b608dad3edfbea3ddf1042eec95e1c08628f3a0ea1
                                                                                                          • Instruction Fuzzy Hash: FD41B472A00615ABEB109FA4DC49ADBBFF8FF09351F108225FD04EA150DB759A04CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00050BEA Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 155sleepfileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 976 50bea-50c0e call 7a845 979 50c10-50c1d call 77258 976->979 980 50c22-50c28 976->980 988 50dad-50db1 979->988 982 50c2a-50c30 980->982 984 50c85-50c87 982->984 985 50c32-50c50 CreateFileW 982->985 986 50ca6-50cb9 call 5079e 984->986 987 50c89-50c8a 984->987 989 50c52-50c7c GetLastError Sleep 985->989 990 50c7e 985->990 1000 50cc8-50ccc 986->1000 1001 50cbb-50cc3 986->1001 991 50c8f-50ca1 call 76473 987->991 993 50db3-50db6 call 7af5b 988->993 994 50dbb-50dc2 988->994 995 50c80-50c83 989->995 990->995 1002 50da3-50da9 call 77258 991->1002 993->994 995->982 995->984 1003 50cd2-50ce9 call 7a845 1000->1003 1004 50d58-50d6c OpenProcess 1000->1004 1001->1002 1005 50dac 1002->1005 1013 50cfd-50d19 CreateFileW 1003->1013 1014 50ceb-50cf8 call 77258 1003->1014 1004->1005 1006 50d6e-50d9e GetLastError call 76473 1004->1006 1005->988 1006->1002 1015 50d44-50d49 call 5079e 1013->1015 1016 50d1b-50d3f GetLastError 1013->1016 1014->1005 1020 50d4e-50d52 1015->1020 1016->991 1020->1001 1020->1004
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00050C44
                                                                                                          • GetLastError.KERNEL32 ref: 00050C52
                                                                                                          • Sleep.KERNELBASE(00000064), ref: 00050C76
                                                                                                          Strings
                                                                                                          • \\.\pipe\%ls, xrefs: 00050BFC
                                                                                                          • Failed to verify parent pipe: %ls, xrefs: 00050CBE
                                                                                                          • Failed to allocate name of parent pipe., xrefs: 00050C10
                                                                                                          • \\.\pipe\%ls.Cache, xrefs: 00050CD7
                                                                                                          • Failed to open companion process with PID: %u, xrefs: 00050D9E
                                                                                                          • Failed to allocate name of parent cache pipe., xrefs: 00050CEB
                                                                                                          • Failed to open parent pipe: %ls, xrefs: 00050C9C
                                                                                                          • pipe.cpp, xrefs: 00050C8F, 00050D92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateErrorFileLastSleep
                                                                                                          • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                          • API String ID: 408151869-645222887
                                                                                                          • Opcode ID: 02801c04bbf7185171781ec0b0200334f3ed9e23b2bcf3859046d761e205870b
                                                                                                          • Instruction ID: 7629c805d805a86896681cea2b0f8a8ad612720f3b749323e123169d2a457fef
                                                                                                          • Opcode Fuzzy Hash: 02801c04bbf7185171781ec0b0200334f3ed9e23b2bcf3859046d761e205870b
                                                                                                          • Instruction Fuzzy Hash: DD414732E80721BBEB216BA48D06B9F7AA8BF00722F114321FD44FA1D0DB695D1497E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007C191 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1021 7c191-7c1b1 call 7648a 1024 7c1b7-7c1c5 call 7e112 1021->1024 1025 7c2d0-7c2d4 1021->1025 1029 7c1ca-7c2cf GetProcAddress * 7 1024->1029 1027 7c2d6-7c2d9 call 7af5b 1025->1027 1028 7c2de-7c2e4 1025->1028 1027->1028 1029->1025
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007648A: _memset.LIBCMT ref: 000764B4
                                                                                                            • Part of subcall function 0007648A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 000764C9
                                                                                                            • Part of subcall function 0007648A: LoadLibraryW.KERNELBASE(?,?,00000104,00000000), ref: 0007651C
                                                                                                            • Part of subcall function 0007648A: GetLastError.KERNEL32 ref: 00076528
                                                                                                            • Part of subcall function 0007E112: GetFileVersionInfoSizeW.VERSION(00000100,00000000,00000100,00000000,00000000,000000B8,00000100,00000000,000002C0,00000100,00000000), ref: 0007E12F
                                                                                                            • Part of subcall function 0007E112: GetLastError.KERNEL32(00000100,00000000,00000100,00000000,00000000,000000B8,00000100,00000000,000002C0,00000100,00000000), ref: 0007E13A
                                                                                                          • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 0007C1DB
                                                                                                          • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 0007C1FE
                                                                                                          • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 0007C221
                                                                                                          • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 0007C244
                                                                                                          • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 0007C267
                                                                                                          • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 0007C28A
                                                                                                          • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 0007C2AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$ErrorLast$DirectoryFileInfoLibraryLoadSizeSystemVersion_memset
                                                                                                          • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                          • API String ID: 2837107038-1735120554
                                                                                                          • Opcode ID: a8d6349591ea442a32039bd52009cb5439f3dd2637cf106f2f97229a378302c1
                                                                                                          • Instruction ID: de2e1775643088ea64bf1c4e330c38c1e8f4a37235e0f0abe4cacccae041162b
                                                                                                          • Opcode Fuzzy Hash: a8d6349591ea442a32039bd52009cb5439f3dd2637cf106f2f97229a378302c1
                                                                                                          • Instruction Fuzzy Hash: 24310678A41A04AEFB48DF65ED52B693BB5E7CA7007D0442EB506D7270E7FDA800AB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000533E9 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 202COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1031 533e9-5347a call 692a0 call 51dad 1036 53486-53496 call 43fde 1031->1036 1037 5347c-53481 1031->1037 1043 534a2-534a9 1036->1043 1044 53498-5349d 1036->1044 1038 535f4-535fb call 77258 1037->1038 1045 535fc-53601 1038->1045 1046 534b2-534bd 1043->1046 1047 534ab-534b0 1043->1047 1044->1038 1048 53603-53604 call 7af5b 1045->1048 1049 53609-53616 call 48709 1045->1049 1050 534c0-534d3 call 44986 1046->1050 1047->1050 1048->1049 1056 53620-53624 1049->1056 1057 53618-5361b call 7af5b 1049->1057 1058 534d5-534e8 call 77258 1050->1058 1059 534ed-534fe call 4894c 1050->1059 1061 53626-53629 call 7794a 1056->1061 1062 5362e-53636 1056->1062 1057->1056 1058->1045 1068 53500-53505 1059->1068 1069 5350a-5351b call 487ba 1059->1069 1061->1062 1068->1038 1072 53527-5353c call 48a0b 1069->1072 1073 5351d-53522 1069->1073 1076 5353e-53543 1072->1076 1077 53548-5354f call 67099 1072->1077 1073->1038 1076->1038 1079 53554-53558 1077->1079 1080 53564-53569 1079->1080 1081 5355a-5355f 1079->1081 1082 53586-5358f 1080->1082 1083 5356b-5357d call 449c8 1080->1083 1081->1038 1085 53596-535ac call 49a9a 1082->1085 1086 53591-53594 1082->1086 1083->1082 1089 5357f-53584 1083->1089 1091 535b5-535cd call 490b0 1085->1091 1092 535ae-535b3 1085->1092 1086->1045 1086->1085 1089->1038 1095 535d6-535ed call 48dce 1091->1095 1096 535cf-535d4 1091->1096 1092->1038 1095->1045 1099 535ef 1095->1099 1096->1038 1099->1038
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • WixBundleOriginalSource, xrefs: 0005356E
                                                                                                          • Failed to overwrite the %ls built-in variable., xrefs: 000534DA
                                                                                                          • Failed to get unique temporary folder for bootstrapper application., xrefs: 000535AE
                                                                                                          • Failed to extract bootstrapper application payloads., xrefs: 000535CF
                                                                                                          • Failed to open attached UX container., xrefs: 00053500
                                                                                                          • Failed to initialize variables., xrefs: 00053498
                                                                                                          • Failed to set original source variable., xrefs: 0005357F
                                                                                                          • WixBundleElevated, xrefs: 000534C4, 000534D5
                                                                                                          • Failed to get manifest stream from container., xrefs: 0005353E
                                                                                                          • Failed to load catalog files., xrefs: 000535EF
                                                                                                          • Failed to load manifest., xrefs: 0005355A
                                                                                                          • Failed to open manifest stream., xrefs: 0005351D
                                                                                                          • Failed to parse command line., xrefs: 0005347C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$WixBundleElevated$WixBundleOriginalSource
                                                                                                          • API String ID: 2102423945-1257586656
                                                                                                          • Opcode ID: 865b081c690a76462db34818e2c62410098984bd26d71830e45c527563987d4d
                                                                                                          • Instruction ID: 2ad07f120a2b5d86de7fd4ec0232f2bcd7f4f32d5a2553343349dae9123b6223
                                                                                                          • Opcode Fuzzy Hash: 865b081c690a76462db34818e2c62410098984bd26d71830e45c527563987d4d
                                                                                                          • Instruction Fuzzy Hash: 106188B2E4091ABAC716DAA4CC41EEFB76CBB04351F144226FA15E7141FB31EB188BD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00041548 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 150synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00041725
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0004172E
                                                                                                            • Part of subcall function 00050E4D: UuidCreate.RPCRT4(?), ref: 00050E80
                                                                                                            • Part of subcall function 00050E4D: StringFromGUID2.OLE32(?,?,00000027), ref: 00050E9D
                                                                                                          Strings
                                                                                                          • Failed to connect to unelevated process., xrefs: 000415C4
                                                                                                          • Failed to set elevated pipe into thread local storage for logging., xrefs: 00041656
                                                                                                          • Failed to allocate thread local storage for logging., xrefs: 0004160D
                                                                                                          • Failed to pump messages from parent process., xrefs: 000416F5
                                                                                                          • Failed to create the message window., xrefs: 0004166F
                                                                                                          • Failed to launch unelevated process., xrefs: 000415A6
                                                                                                          • engine.cpp, xrefs: 00041603, 0004164C
                                                                                                          • Failed to create implicit elevated connection name and secret., xrefs: 0004157D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateFromHandleMutexReleaseStringUuid
                                                                                                          • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create implicit elevated connection name and secret.$Failed to create the message window.$Failed to launch unelevated process.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$engine.cpp
                                                                                                          • API String ID: 3991521885-93479633
                                                                                                          • Opcode ID: c911f96d13969667f88344e30e2514dba7f477f4de6ecf9a5c2de3fc939313bc
                                                                                                          • Instruction ID: 6901efd908a78911a3e92383a28d03378c43949eb10cf2913a0227573b79e18a
                                                                                                          • Opcode Fuzzy Hash: c911f96d13969667f88344e30e2514dba7f477f4de6ecf9a5c2de3fc939313bc
                                                                                                          • Instruction Fuzzy Hash: A051F8B2A40A15FBDB11ABA0CC45FDBB7ACFF04711F010322FA19E6091DB74A95487E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00076CD7 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 74libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 00076CFF
                                                                                                          • GetProcAddress.KERNEL32(SystemFunction041), ref: 00076D11
                                                                                                          • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 00076D54
                                                                                                          • GetLastError.KERNEL32 ref: 00076D68
                                                                                                          • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 00076D96
                                                                                                          • GetLastError.KERNEL32 ref: 00076DAA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$ErrorLast
                                                                                                          • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$`+?s$cryputil.cpp
                                                                                                          • API String ID: 4214558900-776468437
                                                                                                          • Opcode ID: 359f92eaf15d3356e2e4aaeaaef1bf907d6edbbe85c5f7b87d23d445c8219ef3
                                                                                                          • Instruction ID: 85331ece7861ff525cf07ef61f259ee1122cd5d69632be580ad4a96a10f3d8e8
                                                                                                          • Opcode Fuzzy Hash: 359f92eaf15d3356e2e4aaeaaef1bf907d6edbbe85c5f7b87d23d445c8219ef3
                                                                                                          • Instruction Fuzzy Hash: 8D21D735F91F21ABF7316B65ED0571639D0BBA1780F128131EE0AAB161E7EE8C40DA94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000487D9 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 128fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,0004230A,00000000,00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE), ref: 00048820
                                                                                                          • GetLastError.KERNEL32(?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 00048831
                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,0004230A,00000000,00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A), ref: 00048874
                                                                                                          • GetCurrentProcess.KERNEL32(000000FF,00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 0004887A
                                                                                                          • DuplicateHandle.KERNELBASE(00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 0004887D
                                                                                                          • GetLastError.KERNEL32(?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 00048887
                                                                                                          • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 000488E2
                                                                                                          • GetLastError.KERNEL32(?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 000488EC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                          • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
                                                                                                          • API String ID: 2619879409-2168299741
                                                                                                          • Opcode ID: bf1ca17fcaf587c5344b5ece579c1d77a6acae797c963414de0620d0e7adebef
                                                                                                          • Instruction ID: 809c5dc4c2be0f0bfffc4c42b48705fb2ae8e1890d94771d7597d9154d0794b3
                                                                                                          • Opcode Fuzzy Hash: bf1ca17fcaf587c5344b5ece579c1d77a6acae797c963414de0620d0e7adebef
                                                                                                          • Instruction Fuzzy Hash: 6941C371240600ABEB20AF29DC44F6B3BE9FBC4760F118029FE48DB291DE75D811DB65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005CDE2 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,0004222A,00000000,00000000,00000000,?,?,00048930,?,00000000,?,000489C4), ref: 0005CE19
                                                                                                          • GetLastError.KERNEL32(?,00048930,?,00000000,?,000489C4,00041F6E,00041EB6,0004230A,00041FEE,00041FEE,00000000,0004230A,00000000), ref: 0005CE22
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateErrorEventLast
                                                                                                          • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
                                                                                                          • API String ID: 545576003-1680384675
                                                                                                          • Opcode ID: c42ae52b797b66ec04d8ce07b9711f17c8441ca036573ae8d4934d3a7f990f3a
                                                                                                          • Instruction ID: 943bf8d5a96aba0b1d74e9c00f5232569e21369339b4402d1eb26231aee79ce6
                                                                                                          • Opcode Fuzzy Hash: c42ae52b797b66ec04d8ce07b9711f17c8441ca036573ae8d4934d3a7f990f3a
                                                                                                          • Instruction Fuzzy Hash: AC21D572A80B267FFB2156798C46F6769DCFF047A1B014226BD06FB181EB95DC005AF4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005BF9E Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 0005BFCE
                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0005BFE6
                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 0005BFEB
                                                                                                          • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 0005BFEE
                                                                                                          • GetLastError.KERNEL32(?,?), ref: 0005BFF8
                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 0005C067
                                                                                                          • GetLastError.KERNEL32(?,?), ref: 0005C074
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005C01C, 0005C098
                                                                                                          • Failed to open cabinet file: %hs, xrefs: 0005C0A5
                                                                                                          • Failed to duplicate handle to cab container., xrefs: 0005C026
                                                                                                          • <the>.cab, xrefs: 0005BFC7
                                                                                                          • Failed to add virtual file pointer for cab container., xrefs: 0005C045
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                          • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                          • API String ID: 3030546534-3446344238
                                                                                                          • Opcode ID: 14d805960499df5f3f112ad4234fe6fb5a97b48730c2cf074e217ad581ddff3a
                                                                                                          • Instruction ID: 8a1e9551ab6486da069c89f90b3b291d7eb978fe537eb99ad2a03bed31960bbc
                                                                                                          • Opcode Fuzzy Hash: 14d805960499df5f3f112ad4234fe6fb5a97b48730c2cf074e217ad581ddff3a
                                                                                                          • Instruction Fuzzy Hash: 24312372940A25FFEB209B64DC49F9B7AACFF04761F114111FE08E7190DB659D018BE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000435E1 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 141COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove_memset
                                                                                                          • String ID: Failed to allocate room for more variables.$Failed to allocate room for variables.$Failed to copy variable name.$Overflow while calculating size of variable array buffer$Overflow while dealing with variable array buffer allocation$Overflow while growing variable array size$variable.cpp
                                                                                                          • API String ID: 3555123492-2816863117
                                                                                                          • Opcode ID: 6b4b11654a6f659fa659096f127677e794e0f5dbcd89b871b1d4809417c07437
                                                                                                          • Instruction ID: b2d3c019a0259ee5cad175e4f11a81102c06782fede7f24f6bec678569993c6d
                                                                                                          • Opcode Fuzzy Hash: 6b4b11654a6f659fa659096f127677e794e0f5dbcd89b871b1d4809417c07437
                                                                                                          • Instruction Fuzzy Hash: EE4157B2F80616BBD7246A60CC43F567B6CBB50750F108226F548EE2C2DB76EA00879C
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A3C4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 0005A3E4
                                                                                                          • GetLastError.KERNEL32 ref: 0005A3F1
                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_0001A106,?,00000000,00000000), ref: 0005A43F
                                                                                                          • GetLastError.KERNEL32 ref: 0005A44C
                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FF), ref: 0005A492
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0005A4B1
                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0005A4BE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
                                                                                                          • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                          • API String ID: 1372344712-3599963359
                                                                                                          • Opcode ID: fbee23f3d099cb88f24c561d122e1996fa88e47b4470aae167c8e08b127db0dc
                                                                                                          • Instruction ID: 75862ac3b31c7c7bcb6d96bdcbc255bf6da90f404e1783bf7656d9ed269fe52b
                                                                                                          • Opcode Fuzzy Hash: fbee23f3d099cb88f24c561d122e1996fa88e47b4470aae167c8e08b127db0dc
                                                                                                          • Instruction Fuzzy Hash: 23317075E40619BFEB109FA98D84AAFB7F8FB49351F114126BD08F7180D6749E008BA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E112 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000100,00000000,00000100,00000000,00000000,000000B8,00000100,00000000,000002C0,00000100,00000000), ref: 0007E12F
                                                                                                          • GetLastError.KERNEL32(00000100,00000000,00000100,00000000,00000000,000000B8,00000100,00000000,000002C0,00000100,00000000), ref: 0007E13A
                                                                                                          • GlobalAlloc.KERNEL32(00000000,00000000,00000100,00000000,00000100,00000000,00000000,000000B8,00000100,00000000,000002C0,00000100,00000000), ref: 0007E169
                                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 0007E18A
                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 0007E193
                                                                                                          • VerQueryValueW.VERSION(00000000,0009E388,?,?,?,?,00000000,00000000), ref: 0007E1C1
                                                                                                          • GetLastError.KERNEL32(00000000,0009E388,?,?,?,?,00000000,00000000), ref: 0007E1CA
                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0007E208
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$FileGlobalInfoVersion$AllocFreeQuerySizeValue
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 2342464106-2967768451
                                                                                                          • Opcode ID: 25ea4cae70d309560b29d9be18a653500fa059ad4483638cb564085ffa17aecf
                                                                                                          • Instruction ID: 6c38d000853aa7ede09c4f15e19eec87365e18de095033ed8bbcceaaf0592837
                                                                                                          • Opcode Fuzzy Hash: 25ea4cae70d309560b29d9be18a653500fa059ad4483638cb564085ffa17aecf
                                                                                                          • Instruction Fuzzy Hash: F721E375D41665ABE711AAA5CC05EAFBBA8FF88360F0081A1FC04E7240DB38CD0096E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00058C23 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00058C35
                                                                                                          • _memset.LIBCMT ref: 00058C41
                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_000167B0,?,00000000,00000000), ref: 00058CC1
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00058CCD
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,?,000581C5,?,00000000,?,?,?,?,00000000), ref: 00058D4E
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 00058CF1
                                                                                                          • Failed to pump messages in child process., xrefs: 00058D25
                                                                                                          • Failed to create elevated cache thread., xrefs: 00058CFB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset$CloseCreateErrorHandleLastThread
                                                                                                          • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                                                          • API String ID: 3765773613-4134175193
                                                                                                          • Opcode ID: b17629be34d21da8e0f0a1a8df12064d000d7d6b83570d7675e1c3d3eb1978e3
                                                                                                          • Instruction ID: 5e9d32f639714726fbc7f6c0321cc52fe6e233a8ffbe890352138850be63eec3
                                                                                                          • Opcode Fuzzy Hash: b17629be34d21da8e0f0a1a8df12064d000d7d6b83570d7675e1c3d3eb1978e3
                                                                                                          • Instruction Fuzzy Hash: 7541E8B5D41219AFDB00DFA9D8859EEBBF8FF48350F50412AFD18E7241E77499018BA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000509F1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadFile.KERNELBASE(00000000,?,00000008,?,00000000,?,00000000,00000000,?,00000000), ref: 00050A1C
                                                                                                          • GetLastError.KERNEL32 ref: 00050A29
                                                                                                          • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,00000000), ref: 00050ACA
                                                                                                          • GetLastError.KERNEL32 ref: 00050AD4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastRead
                                                                                                          • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                          • API String ID: 1948546556-3912962418
                                                                                                          • Opcode ID: 34577226979c44f1ac81320f07067df84a9ff24870b36800a3a8b26fcd5ff953
                                                                                                          • Instruction ID: 5d448676ab5c69940faabe5486d3e92b92a583f86187c35b1bf2ea71e87f9048
                                                                                                          • Opcode Fuzzy Hash: 34577226979c44f1ac81320f07067df84a9ff24870b36800a3a8b26fcd5ff953
                                                                                                          • Instruction Fuzzy Hash: 0131F432E40729BBEB20AE65CC49BAFB7A8FB04756F108126FD44E6181E7749D04C7E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078792 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 000787A7
                                                                                                          • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000512D9,?,?,?,?,00000000,00000000), ref: 000787FE
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00078808
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00078851
                                                                                                          • CloseHandle.KERNEL32(000512D9,?,?,?,?,00000000,00000000,00000000), ref: 0007885E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$CreateErrorLastProcess_memset
                                                                                                          • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                          • API String ID: 1393943095-2732225242
                                                                                                          • Opcode ID: bec75a25a7f72311ba3dc2a471a57141986acf496d52cc57a89b13a4d7993f54
                                                                                                          • Instruction ID: ac3e5f57c7fdaa3f04229262a0bad4ad5fa67ea7875aee933cbf93a58925aff4
                                                                                                          • Opcode Fuzzy Hash: bec75a25a7f72311ba3dc2a471a57141986acf496d52cc57a89b13a4d7993f54
                                                                                                          • Instruction Fuzzy Hash: 9B214D72D40219EFDB50DFE4CD449EEBBB9FF44351F10412AEA08B6251DB745E009BA6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000567B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • TlsSetValue.KERNEL32(?,?), ref: 000567C7
                                                                                                          • GetLastError.KERNEL32 ref: 000567D1
                                                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 00056810
                                                                                                          • CoUninitialize.OLE32(?,00058121,?,?), ref: 0005684D
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 000567F5
                                                                                                          • Failed to pump messages in child process., xrefs: 0005683B
                                                                                                          • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 000567FF
                                                                                                          • Failed to initialize COM., xrefs: 0005681C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorInitializeLastUninitializeValue
                                                                                                          • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                          • API String ID: 876858697-113251691
                                                                                                          • Opcode ID: 8b518d93c121d5c9acd844f47ca829f4a0bf071278ecc6df13ce23f2faa7c543
                                                                                                          • Instruction ID: a53593147e38995c76ae06ebdf67bb1a730a6f5bad859b3edfde0dc6ea81fcfd
                                                                                                          • Opcode Fuzzy Hash: 8b518d93c121d5c9acd844f47ca829f4a0bf071278ecc6df13ce23f2faa7c543
                                                                                                          • Instruction Fuzzy Hash: 3D112332A41A25BBEB212B549C099AFBF98EF057627414226FD04A7111DF669C0083E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005125F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,?), ref: 00051273
                                                                                                            • Part of subcall function 000784DB: GetModuleFileNameW.KERNEL32(00047A22,?,00000104,?,00000104,?,00000000,?,?,00047A22,?,00000000,?,?,?,?), ref: 000784FC
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,00000000,00000000), ref: 000512F8
                                                                                                            • Part of subcall function 00078792: _memset.LIBCMT ref: 000787A7
                                                                                                            • Part of subcall function 00078792: CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000512D9,?,?,?,?,00000000,00000000), ref: 000787FE
                                                                                                            • Part of subcall function 00078792: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00078808
                                                                                                            • Part of subcall function 00078792: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00078851
                                                                                                            • Part of subcall function 00078792: CloseHandle.KERNEL32(000512D9,?,?,?,?,00000000,00000000,00000000), ref: 0007885E
                                                                                                          Strings
                                                                                                          • -%ls %ls %ls %u %ls, xrefs: 000512A4
                                                                                                          • Failed to allocate parameters for unelevated process., xrefs: 000512B8
                                                                                                          • burn.unelevated, xrefs: 0005129F
                                                                                                          • Failed to get current process path., xrefs: 0005128B
                                                                                                          • Failed to launch parent process with unelevate disabled: %ls, xrefs: 000512E2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$Process$CreateCurrentErrorFileLastModuleName_memset
                                                                                                          • String ID: -%ls %ls %ls %u %ls$Failed to allocate parameters for unelevated process.$Failed to get current process path.$Failed to launch parent process with unelevate disabled: %ls$burn.unelevated
                                                                                                          • API String ID: 1951228193-2884383172
                                                                                                          • Opcode ID: 7103853a67751b1c987e0788620b07afe5fcb7e892edce0c61240bfc13eab585
                                                                                                          • Instruction ID: e3fb7bcdc3e77c7140eb8676f056d691ef162c538fc1e7b97ea5773045d8c01d
                                                                                                          • Opcode Fuzzy Hash: 7103853a67751b1c987e0788620b07afe5fcb7e892edce0c61240bfc13eab585
                                                                                                          • Instruction Fuzzy Hash: CD216D72D4021DFBCF11AFD0CD419DEBBB9BF04312F1081A6FE04A6112DA758E259B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007CC16 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CoInitialize.OLE32(00000000), ref: 0007CC25
                                                                                                          • InterlockedIncrement.KERNEL32(000A4280), ref: 0007CC42
                                                                                                          • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,000A4270), ref: 0007CC5D
                                                                                                          • CLSIDFromProgID.OLE32(MSXML.DOMDocument,000A4270), ref: 0007CC69
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                          • String ID: MSXML.DOMDocument$Msxml2.DOMDocument$pB
                                                                                                          • API String ID: 2109125048-162748805
                                                                                                          • Opcode ID: 50f09a9078e3b33db08942d71bdccbbf79a18040092fdee1946cfc05cba517b4
                                                                                                          • Instruction ID: 054da2d32288c569d594ef74a87d6d371d753dd087e25bb8a2c1bb5baedf5122
                                                                                                          • Opcode Fuzzy Hash: 50f09a9078e3b33db08942d71bdccbbf79a18040092fdee1946cfc05cba517b4
                                                                                                          • Instruction Fuzzy Hash: 30F02034B0026092F7A213A1AD08F0B2F98E7C3F52F108019F98CD5020C3AC88818BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000786D1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • OpenProcessToken.ADVAPI32(?,00000008,00000000,?,76EEC3F0), ref: 000786EF
                                                                                                          • GetLastError.KERNEL32 ref: 000786F9
                                                                                                          • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,?), ref: 0007872B
                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00078782
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                                                          • String ID: procutil.cpp
                                                                                                          • API String ID: 2387526074-1178289305
                                                                                                          • Opcode ID: df198faa9fef0a3ed0b50be271ac4e3da133bfedca0365a5d45a524c042a17fa
                                                                                                          • Instruction ID: 33a38accfbb46be27857681540385214d64c3dd39b1f873dc61d56b305679e3b
                                                                                                          • Opcode Fuzzy Hash: df198faa9fef0a3ed0b50be271ac4e3da133bfedca0365a5d45a524c042a17fa
                                                                                                          • Instruction Fuzzy Hash: BC218471E80614EBEB209BA58C49B9EBBE8FF54711F21C166ED0AE7150DA348D00DBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A2A3 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DefWindowProcW.USER32(?,00000082,?,?), ref: 0005A2CE
                                                                                                          • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0005A2DD
                                                                                                          • SetWindowLongW.USER32(?,000000EB,?), ref: 0005A2F1
                                                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 0005A301
                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0005A31B
                                                                                                          • PostQuitMessage.USER32(00000000), ref: 0005A378
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                          • String ID:
                                                                                                          • API String ID: 3812958022-0
                                                                                                          • Opcode ID: d385e094321e4a8b7c892775f7b5e794b228566a01b6618a5c1bbb20f2499e62
                                                                                                          • Instruction ID: efd0b78d6b8dcbd6d5b9df29ccadcc05c2e7b80400a185ec2cb848f48af25913
                                                                                                          • Opcode Fuzzy Hash: d385e094321e4a8b7c892775f7b5e794b228566a01b6618a5c1bbb20f2499e62
                                                                                                          • Instruction Fuzzy Hash: 8321BA72204209BFEB119F64DC09EBF3BA9FF4A356F104224F9499A1A1C7719E20DB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C15B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 0005C1FD
                                                                                                          • GetLastError.KERNEL32(?,?,?), ref: 0005C207
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005C22B
                                                                                                          • Failed to move file pointer 0x%x bytes., xrefs: 0005C238
                                                                                                          • Invalid seek type., xrefs: 0005C193
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                          • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                          • API String ID: 2976181284-417918914
                                                                                                          • Opcode ID: c55c31b9a47177ab82bde1c5442aaf52b79d9e433ec1206b72b4e9aa851e2a9c
                                                                                                          • Instruction ID: bbf45aef5c13706a7dfde712b4e91f5c98fb2776393d3b07cb02aadb4226bd89
                                                                                                          • Opcode Fuzzy Hash: c55c31b9a47177ab82bde1c5442aaf52b79d9e433ec1206b72b4e9aa851e2a9c
                                                                                                          • Instruction Fuzzy Hash: 6031A171A40A19AFEF14CFA8CC81DAAB7A9FF08311B008215FD18D7251D774AD148B94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00079ABF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 00079AEA
                                                                                                          • GetLastError.KERNEL32(?,00041680,00000001,00000000,?), ref: 00079AF9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressErrorLastProc
                                                                                                          • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                          • API String ID: 199729137-398595594
                                                                                                          • Opcode ID: cc0bdb5d39b95b5c0e09376db08462e085cd10a81642a79506f53a5e13297e59
                                                                                                          • Instruction ID: 784e399e385140f4170e010e933cda4a52e5da9facc131cc7ce6e90bbe6dd94c
                                                                                                          • Opcode Fuzzy Hash: cc0bdb5d39b95b5c0e09376db08462e085cd10a81642a79506f53a5e13297e59
                                                                                                          • Instruction Fuzzy Hash: 5DF04932E80E7293EB216264BD0579675D0EB04791F018021FD08AA261D7ED8C0093DD
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004210F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNELBASE(0000007F,00001000,00000100,000000FF,?,000000FF,00000000,00000000,00000000,?,?,?,000427EC,00000000,00000100,00000000), ref: 0004214B
                                                                                                          • GetLastError.KERNEL32(?,?,?,000427EC,00000000,00000100,00000000,00000000,00000000,?,?,00043D08,00000000,00000100,00000000), ref: 00042174
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareErrorLastString
                                                                                                          • String ID: Failed to compare strings.$variable.cpp
                                                                                                          • API String ID: 1733990998-1686915864
                                                                                                          • Opcode ID: a00a119056f0cc273cc5b62b0b6c3cd55c1af9c0a595fef10803b1a50f18fc21
                                                                                                          • Instruction ID: f5ed960a1eba1c466f64205f698e2eb0a0e7d87b3f166983f926c8ffc9b6b7a7
                                                                                                          • Opcode Fuzzy Hash: a00a119056f0cc273cc5b62b0b6c3cd55c1af9c0a595fef10803b1a50f18fc21
                                                                                                          • Instruction Fuzzy Hash: AD210872754614ABDB148F58CC40A5ABBE4FF597A0F610329FA15EB2E0DA31AD0187A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004894C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to open attached container., xrefs: 000489CA
                                                                                                          • Failed to get container information for UX container., xrefs: 00048995
                                                                                                          • Failed to get path for executing module., xrefs: 000489AC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to get container information for UX container.$Failed to get path for executing module.$Failed to open attached container.
                                                                                                          • API String ID: 2102423945-4200699271
                                                                                                          • Opcode ID: e7904e81825629561c787fb592d45e05677798ec350f213e709ae22d79fb5873
                                                                                                          • Instruction ID: 3793840f1e9c75af72ba8b9aa7581e749f92e098e5b72f20fb2fb4c46560a8e0
                                                                                                          • Opcode Fuzzy Hash: e7904e81825629561c787fb592d45e05677798ec350f213e709ae22d79fb5873
                                                                                                          • Instruction Fuzzy Hash: AD117FB2D0451DBB9B12EED4D846CFFBBBCEF00710B14817BF905A6201EA71AE059795
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C0C5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0005CAA6: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0005C0F4,?,?,?), ref: 0005CACE
                                                                                                            • Part of subcall function 0005CAA6: GetLastError.KERNEL32(?,0005C0F4,?,?,?), ref: 0005CAD8
                                                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 0005C102
                                                                                                          • GetLastError.KERNEL32 ref: 0005C10C
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005C130
                                                                                                          • Failed to read during cabinet extraction., xrefs: 0005C13A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLast$PointerRead
                                                                                                          • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                          • API String ID: 2170121939-2426083571
                                                                                                          • Opcode ID: 72ed11c7c6f5df4c0d22e2bf940c81a270a9d5a9fd3ec923ee9cc88313833884
                                                                                                          • Instruction ID: 6898dcb7299e5967252708e4b5b8ab8c4801fced994bf896a72e165eea2e3e82
                                                                                                          • Opcode Fuzzy Hash: 72ed11c7c6f5df4c0d22e2bf940c81a270a9d5a9fd3ec923ee9cc88313833884
                                                                                                          • Instruction Fuzzy Hash: 1001C432A40629BFDB219FA8DC05E9B7BA8FF09761F014129FE08D7150D7359A11DBD4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005CAA6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0005C0F4,?,?,?), ref: 0005CACE
                                                                                                          • GetLastError.KERNEL32(?,0005C0F4,?,?,?), ref: 0005CAD8
                                                                                                          Strings
                                                                                                          • Failed to move to virtual file pointer., xrefs: 0005CB06
                                                                                                          • cabextract.cpp, xrefs: 0005CAFC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                          • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                          • API String ID: 2976181284-3005670968
                                                                                                          • Opcode ID: eac3cece48978a42451a1f004a2c070539928eaecf65108847ec26be5e84143f
                                                                                                          • Instruction ID: 21974695499706237cadcdc93b4717396310d9d3a48a72e8f286f31150a85946
                                                                                                          • Opcode Fuzzy Hash: eac3cece48978a42451a1f004a2c070539928eaecf65108847ec26be5e84143f
                                                                                                          • Instruction Fuzzy Hash: 5B01F232600725BFEB211A668C09E87BF98FF007A1B00C126FD1C9A111DB269C20DBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007648A Relevance: 6.1, APIs: 4, Instructions: 79libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 000764B4
                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 000764C9
                                                                                                          • LoadLibraryW.KERNELBASE(?,?,00000104,00000000), ref: 0007651C
                                                                                                          • GetLastError.KERNEL32 ref: 00076528
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryErrorLastLibraryLoadSystem_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1376650706-0
                                                                                                          • Opcode ID: f00340efedbc9954901e09da698855dcabf42496cf450b788908778f42845ed8
                                                                                                          • Instruction ID: 5520588fe4f60684c1876b36ef807fd267b2d605f1dfba1903bc7d6b6e46e367
                                                                                                          • Opcode Fuzzy Hash: f00340efedbc9954901e09da698855dcabf42496cf450b788908778f42845ed8
                                                                                                          • Instruction Fuzzy Hash: 34210AB2D01B2967DB209B649C59FDB77ADEF00710F048161BD1AE7142EA39DD448BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007794A Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00077AE2,00000000,?,00079D35,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00079C7C), ref: 00077954
                                                                                                          • RtlFreeHeap.NTDLL(00000000,?,00077AE2,00000000,?,00079D35,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00079C7C,?,00000100), ref: 0007795B
                                                                                                          • GetLastError.KERNEL32(?,00077AE2,00000000,?,00079D35,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00079C7C,?,00000100,?), ref: 00077965
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$ErrorFreeLastProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 406640338-0
                                                                                                          • Opcode ID: 4a5dc978327eb5c456108286d691d7b912f3acdf95b2cbabbfce5c6cefeef317
                                                                                                          • Instruction ID: 05dc72ccb152381598ee92697de972c2ce58567e7d6b84af7de32c56e2457678
                                                                                                          • Opcode Fuzzy Hash: 4a5dc978327eb5c456108286d691d7b912f3acdf95b2cbabbfce5c6cefeef317
                                                                                                          • Instruction Fuzzy Hash: 69D01276A40A3457D7102BF65C0CA9BBE9CFF056E2B014121FE49D6110DA29891097F4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078DA4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 71445658-955085611
                                                                                                          • Opcode ID: 23c8e519d8f27f3cf4f154cd404b3f41346ded0385f349263f0f0159e1ceea6d
                                                                                                          • Instruction ID: de038bb9dedb37e385a7b8f0a32e5702b0906b20efac3aed14c065ebad03de48
                                                                                                          • Opcode Fuzzy Hash: 23c8e519d8f27f3cf4f154cd404b3f41346ded0385f349263f0f0159e1ceea6d
                                                                                                          • Instruction Fuzzy Hash: 24F02732B41235BBEF3449569C04BAB3EC2EF547A0F00C025FE0EDA190D22ACC10A3D8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007CC74 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 0007CCA9
                                                                                                            • Part of subcall function 0007C6FF: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000), ref: 0007C719
                                                                                                            • Part of subcall function 0007C6FF: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0007CDDB,00000000,?), ref: 0007C725
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHandleInitLastModuleVariant
                                                                                                          • String ID:
                                                                                                          • API String ID: 52713655-0
                                                                                                          • Opcode ID: b8e351f53e47e609d07123c71fb0a292748b3a07add776edaad8d60dd3bd0317
                                                                                                          • Instruction ID: b70f08166f92cd27894a68e26b63bf89039057295e05adffe6f98969cdfb2da2
                                                                                                          • Opcode Fuzzy Hash: b8e351f53e47e609d07123c71fb0a292748b3a07add776edaad8d60dd3bd0317
                                                                                                          • Instruction Fuzzy Hash: 0A310B72E006299BDB11DFA8C884ADEFBF8EF48710F01856AED15FB311D6759D048BA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F513 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,000A3290,00000000,00000000,00E295B0,?,00054563,WiX\Burn,PackageCache,00000000,000A3290,00000000,00000000,00000000), ref: 0007F56D
                                                                                                            • Part of subcall function 00078ED3: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00078F49
                                                                                                            • Part of subcall function 00078ED3: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00078F84
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue$Close
                                                                                                          • String ID:
                                                                                                          • API String ID: 1979452859-0
                                                                                                          • Opcode ID: cbf005a3055f90f372a0fa3a855444a444175a559b05024bf63e7a50e3efc104
                                                                                                          • Instruction ID: 006e8210e069a0fb71937e6ce646397aece5b07411c212de79b744257a0ada72
                                                                                                          • Opcode Fuzzy Hash: cbf005a3055f90f372a0fa3a855444a444175a559b05024bf63e7a50e3efc104
                                                                                                          • Instruction Fuzzy Hash: AA11E376C0052BEBCF21AEA4C8455BEB7A8DB04720B14C139EE2967111C2391E50D7D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00041070 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 0004107C
                                                                                                            • Part of subcall function 00041BFB: _memset.LIBCMT ref: 00041C59
                                                                                                            • Part of subcall function 00041BFB: _memset.LIBCMT ref: 00041C79
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset$HeapInformation
                                                                                                          • String ID:
                                                                                                          • API String ID: 4110859151-0
                                                                                                          • Opcode ID: d575d3021583379712462cbf31bce2435e4ad32f0a7513fe1e2217c2d8da4b81
                                                                                                          • Instruction ID: 57ae06fe770e1cbdbba79fcc0fa929210f947559b37626d4d318d4a0eb3b6b51
                                                                                                          • Opcode Fuzzy Hash: d575d3021583379712462cbf31bce2435e4ad32f0a7513fe1e2217c2d8da4b81
                                                                                                          • Instruction Fuzzy Hash: 18E01A3160112CBBDF24DE95DD45EEF7FADEF05760F000059F80992150D6729E21A7E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000785C9 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0005461C,0000001C,00000000,00000000,00000000,00000000), ref: 000785E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FolderPath
                                                                                                          • String ID:
                                                                                                          • API String ID: 1514166925-0
                                                                                                          • Opcode ID: d6b6648b4cf595b606beafe8aa9fd4befb3f9290e0a30be8785992c7a4e6d766
                                                                                                          • Instruction ID: d5d4f30e1630738bb580ee5d2e7457e1a1a3715e730c60af4edadb1fe6b62fb7
                                                                                                          • Opcode Fuzzy Hash: d6b6648b4cf595b606beafe8aa9fd4befb3f9290e0a30be8785992c7a4e6d766
                                                                                                          • Instruction Fuzzy Hash: 13E01276741A297BE6012AA19C05DEB7B5CEF157A0B00C411BF48D6002DB79D65057FE
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005BF08 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindCloseChangeNotification.KERNELBASE(000000FF,?,?), ref: 0005BF44
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                          • String ID:
                                                                                                          • API String ID: 2591292051-0
                                                                                                          • Opcode ID: ba5fb2b1a2cff9fd3d876a1ee21de18c620e65fcd0d8517f6db424979bca9c31
                                                                                                          • Instruction ID: 39cebc28583c31ff98fd651658b5bbbd91b02de0c31b68210e5c7a66f855e3ab
                                                                                                          • Opcode Fuzzy Hash: ba5fb2b1a2cff9fd3d876a1ee21de18c620e65fcd0d8517f6db424979bca9c31
                                                                                                          • Instruction Fuzzy Hash: AFF015311106049FDB109F68CC48B567BE4BB05776F068264E9598A2A2D734E914CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00079D75 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,?,0007ABF9,?,?,?,00000001,?,0005B8DB,?,?,00000000), ref: 00079DA5
                                                                                                            • Part of subcall function 00077AFF: GetProcessHeap.KERNEL32(00000000,?,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B07
                                                                                                            • Part of subcall function 00077AFF: HeapSize.KERNEL32(00000000,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B0E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$ProcessSizelstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3492610842-0
                                                                                                          • Opcode ID: 700d7c9402b803d41d3cce3490158a174b41e38ee01f0a5e9c044a74890e6158
                                                                                                          • Instruction ID: 9593cc0d56bd32c4dc54cb172450b537520b6df8c9424ed89d7383de2f6752e9
                                                                                                          • Opcode Fuzzy Hash: 700d7c9402b803d41d3cce3490158a174b41e38ee01f0a5e9c044a74890e6158
                                                                                                          • Instruction Fuzzy Hash: F6012832A402247BCF312E24CC45FDA769AEF45770F20C325FD2D9B191D669AC1087A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 00051DAD Relevance: 198.7, APIs: 53, Strings: 60, Instructions: 950stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CommandLineToArgvW.SHELL32(0004230A,00041FEE,0004230A,0004230A,00000000,0004230A,ignored ,00000000,00041E2E,00000000,00000000,0004222E,00041F6E,0004230A,00041FEE,?), ref: 00051E22
                                                                                                          • GetLastError.KERNEL32 ref: 00051E31
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,000422C8,000000FF,0008F254,000000FF,00041E2E,00000000,00000000,0004222E,00041F6E), ref: 00051EA9
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,log,000000FF), ref: 00051ECC
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0008F298,000000FF), ref: 00051EEF
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0008F29C,000000FF), ref: 00051F12
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,help,000000FF), ref: 00051F35
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0008F2AC,000000FF), ref: 00051F58
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,quiet,000000FF), ref: 00051F7B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0008F2BC,000000FF), ref: 00051F9E
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,silent,000000FF), ref: 00051FC1
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,passive,000000FF), ref: 00051FE4
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,norestart,000000FF), ref: 0005201F
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,forcerestart,000000FF), ref: 0005204D
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,promptrestart,000000FF), ref: 0005207B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,layout,000000FF), ref: 000520A9
                                                                                                          • lstrlenW.KERNEL32(-00000002), ref: 000526ED
                                                                                                          • lstrlenW.KERNEL32(burn.), ref: 000526FA
                                                                                                          • lstrlenW.KERNEL32(burn.), ref: 0005270F
                                                                                                          • lstrlenW.KERNEL32(burn.,burn.,00000000), ref: 00052719
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 0005272A
                                                                                                          • LocalFree.KERNEL32(00041F6E,00041E2E,00000000,00000000,0004222E,00041F6E,0004230A,00041FEE,?,00000000,00000000), ref: 00052946
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString$lstrlen$ArgvCommandErrorFreeLastLineLocal
                                                                                                          • String ID: -$Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to copy append log file path.$Failed to copy command line.$Failed to copy last used source.$Failed to copy log file path.$Failed to copy parent.$Failed to copy path for layout directory.$Failed to get command line.$Failed to initialize command line.$Failed to initialize parent to none.$Failed to parse elevated connection.$Failed to parse embedded connection.$Failed to parse unelevated connection.$Missing required parameter for switch: %ls$Must specify a path for append log.$Must specify a path for log.$Must specify a path for original source.$Must specify a value for parent.$Must specify the elevated name, token and parent process id.$Must specify the embedded name, token and parent process id.$Must specify the unelevated name, token and parent process id.$burn.$burn.ancestors$burn.disable.unelevate$burn.elevated$burn.embedded$burn.ignoredependencies$burn.log.append$burn.passthrough$burn.related.addon$burn.related.detect$burn.related.patch$burn.related.update$burn.related.upgrade$burn.runonce$burn.unelevated$core.cpp$disablesystemrestore$forcerestart$help$ignored $keepaupaused$layout$log$modify$noaupause$norestart$originalsource$package$parent$parent:none$passive$promptrestart$quiet$repair$silent$uninstall$update
                                                                                                          • API String ID: 1440157973-298147234
                                                                                                          • Opcode ID: 33379e82f1e116b3a82f6f3846c6d7e7dbab5ba2196ff6011bcdb95273b496c2
                                                                                                          • Instruction ID: 222f547e78a1622e00e711dc196b0759778d32aa2b68f0118c97d89e05600033
                                                                                                          • Opcode Fuzzy Hash: 33379e82f1e116b3a82f6f3846c6d7e7dbab5ba2196ff6011bcdb95273b496c2
                                                                                                          • Instruction Fuzzy Hash: 5662E031644605BBDB219F58CC86F7B36A6FF16732F604310FAA5AE2E1D6B4AD40CB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046FAF Relevance: 158.2, APIs: 29, Strings: 61, Instructions: 688COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 000477DA
                                                                                                            • Part of subcall function 0007C9A2: VariantInit.OLEAUT32(?), ref: 0007C9B8
                                                                                                            • Part of subcall function 0007C9A2: SysAllocString.OLEAUT32(?), ref: 0007C9D4
                                                                                                            • Part of subcall function 0007C9A2: VariantClear.OLEAUT32(?), ref: 0007CA5B
                                                                                                            • Part of subcall function 0007C9A2: SysFreeString.OLEAUT32(00000000), ref: 0007CA66
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,000865C8,000000FF,DirectorySearch,000000FF,000865C8,Condition,?,000865C8,Variable,?,000865C8,000865C8,?,?), ref: 000470E7
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,?), ref: 0004713C
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 00047158
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 0004717C
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,?), ref: 000471CF
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 000471E9
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 00047211
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 0004724F
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 0004726E
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,?,?,Type,?,?,Value,?,?), ref: 0004734B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 00047365
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,?), ref: 000473C4
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 000473E6
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00047406
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,MsiComponentSearch,000000FF), ref: 0004742C
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,keyPath,000000FF,?,Type,?,?,ComponentId,?,?,ProductCode,?), ref: 000474A8
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,state,000000FF), ref: 000474C2
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 000474DE
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,MsiProductSearch,000000FF), ref: 00047504
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 000476BC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$Compare$Free$Variant$AllocClearInit
                                                                                                          • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$directory$exists$keyPath$language$numeric$path$search.cpp$state$string$value$version
                                                                                                          • API String ID: 4257278641-206066974
                                                                                                          • Opcode ID: 3dcb5c941b6c3d2dcde792e47b2ea24eec7437f100b7b09e18374c47702792fa
                                                                                                          • Instruction ID: c76f0d7578315009d21848bd6b4dabc9b2c7779fe723168ba25301cc728e66d3
                                                                                                          • Opcode Fuzzy Hash: 3dcb5c941b6c3d2dcde792e47b2ea24eec7437f100b7b09e18374c47702792fa
                                                                                                          • Instruction Fuzzy Hash: F222F6B0D4C626BADB206A648D46EAE7A65BF04730F314370FA7CBA2D1C7719D40D798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E632 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 308fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0007E697
                                                                                                          • _memset.LIBCMT ref: 0007E6A5
                                                                                                          • GetFileAttributesW.KERNEL32(?,?,?,?,00000000,?), ref: 0007E6AE
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E6C1
                                                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000000,?), ref: 0007E70D
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E717
                                                                                                          • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000000,?), ref: 0007E764
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E76E
                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,?,00000000,?), ref: 0007E7BC
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E7CF
                                                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000000,?), ref: 0007E8A9
                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00000000,?), ref: 0007E8BD
                                                                                                          • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000000,?), ref: 0007E8E8
                                                                                                          • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000000,?), ref: 0007E90B
                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?), ref: 0007E924
                                                                                                          • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,?), ref: 0007E92E
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E93C
                                                                                                          • RemoveDirectoryW.KERNEL32(?,?,?,?,00000000,?), ref: 0007E950
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E95E
                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?), ref: 0007E984
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E9AD
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E9CF
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E9F1
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007EA13
                                                                                                          • FindClose.KERNEL32(000000FF,?,?,?,00000000,?), ref: 0007EA49
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLast$AttributesFindMove$Temp_memset$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                          • String ID: *.*$DEL$dirutil.cpp
                                                                                                          • API String ID: 4152325254-1252831301
                                                                                                          • Opcode ID: 1d944c245aaa396046fa4805ba396d1fc9e3b54663a3f22b0c2413a9d1c4d504
                                                                                                          • Instruction ID: 0181d72896652c914fba1e359d626640a2d303fd37955c0d37c1b8c02e2125f4
                                                                                                          • Opcode Fuzzy Hash: 1d944c245aaa396046fa4805ba396d1fc9e3b54663a3f22b0c2413a9d1c4d504
                                                                                                          • Instruction Fuzzy Hash: 97B1FC72D02274AAEB709A74CC44BEA76E9FF48750F0142E5EE0CF7191DA399D40CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00061273 Relevance: 38.8, APIs: 1, Strings: 21, Instructions: 331COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to get cached path for MSP package: %ls, xrefs: 000613F4
                                                                                                          • PATCH=", xrefs: 00061537
                                                                                                          • Failed to semi-colon delimit patches., xrefs: 00061404
                                                                                                          • Failed to add the list of dependencies to ignore to the properties., xrefs: 00061606
                                                                                                          • Failed to install MSP package., xrefs: 000615B9
                                                                                                          • Failed to enable logging for package: %ls to: %ls, xrefs: 00061474
                                                                                                          • IGNOREDEPENDENCIES, xrefs: 000615E1
                                                                                                          • WixBundleExecutePackageCacheFolder, xrefs: 00061350, 000616D9
                                                                                                          • Failed to add properties to argument string., xrefs: 000614B1
                                                                                                          • Failed to uninstall MSP package., xrefs: 0006162E
                                                                                                          • Failed to add properties to obfuscated argument string., xrefs: 000614E2
                                                                                                          • Failed to add reboot suppression property on install., xrefs: 0006158D
                                                                                                          • Failed to add patches to PATCH property on install., xrefs: 0006156B
                                                                                                          • Failed to build MSP path., xrefs: 000613E0
                                                                                                          • Failed to initialize external UI handler., xrefs: 0006143E
                                                                                                          • Failed to add reboot suppression property on uninstall., xrefs: 000615DA
                                                                                                          • Failed to add PATCH property on install., xrefs: 00061548
                                                                                                          • Failed to append patch., xrefs: 00061445
                                                                                                          • " REBOOT=ReallySuppress, xrefs: 00061576
                                                                                                          • REBOOT=ReallySuppress, xrefs: 000615C9
                                                                                                          • %ls %ls=ALL, xrefs: 000615F2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: PATCH="$ REBOOT=ReallySuppress$" REBOOT=ReallySuppress$%ls %ls=ALL$Failed to add PATCH property on install.$Failed to add patches to PATCH property on install.$Failed to add properties to argument string.$Failed to add properties to obfuscated argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add the list of dependencies to ignore to the properties.$Failed to append patch.$Failed to build MSP path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for MSP package: %ls$Failed to initialize external UI handler.$Failed to install MSP package.$Failed to semi-colon delimit patches.$Failed to uninstall MSP package.$IGNOREDEPENDENCIES$WixBundleExecutePackageCacheFolder
                                                                                                          • API String ID: 2102423945-526026953
                                                                                                          • Opcode ID: 566e77964d0a8f770f1c278f4447d13691ccb3979419ec69a015cf619b15eea1
                                                                                                          • Instruction ID: 4c72392c0a8c425b49e1c380a1c64d60ce5ada2a6677d193749b3e30a9089bc0
                                                                                                          • Opcode Fuzzy Hash: 566e77964d0a8f770f1c278f4447d13691ccb3979419ec69a015cf619b15eea1
                                                                                                          • Instruction Fuzzy Hash: 40C15D71E00629ABDF219F54CC81FEDB7B6AF44710F0841A5F909A7252DA729EA0DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000456A4 Relevance: 37.2, APIs: 8, Strings: 13, Instructions: 440COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStringTypeW.KERNEL32(00000001,EB000876,00000001,?,00046039,000002C0,00000100,00000000), ref: 000456E9
                                                                                                          Strings
                                                                                                          • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 0004579F
                                                                                                          • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 00045938
                                                                                                          • -, xrefs: 0004581A
                                                                                                          • @, xrefs: 000456EF
                                                                                                          • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 00045AE8
                                                                                                          • Failed to set symbol value., xrefs: 00045A1F
                                                                                                          • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 00045AA5
                                                                                                          • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 00045B22
                                                                                                          • condition.cpp, xrefs: 0004578C, 0004584F, 000458CA, 00045925, 00045A92, 00045AD5, 00045B0F
                                                                                                          • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 000458DD
                                                                                                          • AND, xrefs: 000459B9
                                                                                                          • NOT, xrefs: 000459D9
                                                                                                          • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 00045862
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: StringType
                                                                                                          • String ID: -$@$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                          • API String ID: 4177115715-3640792234
                                                                                                          • Opcode ID: 844b06a815940beb41b12a90c9abe73aa11168d11e6f3b74a30c3779049638a9
                                                                                                          • Instruction ID: 6cf81c01d6ccd9a477f623c1c6b497d004ada5a53746ac4902bb0198cf17a137
                                                                                                          • Opcode Fuzzy Hash: 844b06a815940beb41b12a90c9abe73aa11168d11e6f3b74a30c3779049638a9
                                                                                                          • Instruction Fuzzy Hash: ABE102F1504A04EBDB218F54CC89BBA7BA5FB04712F2440A5F9499E187DBB5CD81CBE8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000673CA Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 364COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00067456
                                                                                                          • -%ls, xrefs: 000673E4
                                                                                                          • Failed to copy local source path for pseudo bundle., xrefs: 000674D3
                                                                                                          • Failed to copy version for pseudo bundle., xrefs: 000677A0
                                                                                                          • Failed to copy install arguments for related bundle package, xrefs: 0006761C
                                                                                                          • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 000676DC
                                                                                                          • Failed to copy filename for pseudo bundle., xrefs: 000674AF
                                                                                                          • Failed to copy repair arguments for related bundle package, xrefs: 00067668
                                                                                                          • Failed to append relation type to repair arguments for related bundle package, xrefs: 00067689
                                                                                                          • Failed to allocate memory for pseudo bundle payload hash., xrefs: 00067545
                                                                                                          • Failed to allocate memory for dependency providers., xrefs: 00067751
                                                                                                          • pseudobundle.cpp, xrefs: 00067411, 0006744A, 00067539, 00067745
                                                                                                          • Failed to copy key for pseudo bundle., xrefs: 000675DA
                                                                                                          • Failed to append relation type to install arguments for related bundle package, xrefs: 00067641
                                                                                                          • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 0006741D
                                                                                                          • Failed to copy download source for pseudo bundle., xrefs: 00067501
                                                                                                          • Failed to copy display name for pseudo bundle., xrefs: 000677C2
                                                                                                          • Failed to copy key for pseudo bundle payload., xrefs: 0006748B
                                                                                                          • Failed to copy cache id for pseudo bundle., xrefs: 000675F7
                                                                                                          • Failed to copy uninstall arguments for related bundle package, xrefs: 000676BB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateProcess
                                                                                                          • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                          • API String ID: 1357844191-2832335422
                                                                                                          • Opcode ID: 90dd375a4eceddb8ec4d6c5f45870d51945b11873f4fdfa36bf47b66489cd826
                                                                                                          • Instruction ID: 2234a1134693db5e299d3eacc51960568441c693058b898de521b5e6e92780cf
                                                                                                          • Opcode Fuzzy Hash: 90dd375a4eceddb8ec4d6c5f45870d51945b11873f4fdfa36bf47b66489cd826
                                                                                                          • Instruction Fuzzy Hash: 36C1C371B08A16BFDB668E24CC41E6A77EABF09708B008169F91DDB341DB71EC109BD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054DE0 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 223encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00054E07
                                                                                                          • CryptCATAdminCalcHashFromFileHandle.WINTRUST(?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00054E75
                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00054E80
                                                                                                          • CryptCATAdminCalcHashFromFileHandle.WINTRUST(?,?,00000000,00000000,?,00000001), ref: 00054E9B
                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00000000,?,00000001), ref: 00054EA4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AdminCalcCryptErrorFileFromHandleHashLast$_memset
                                                                                                          • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                          • API String ID: 2305452438-4263581490
                                                                                                          • Opcode ID: 160cf4e1b1f178f1bdc50957f1556cd741a8d765a6e9328493cd7ebc4eb2b227
                                                                                                          • Instruction ID: 314539855cb3b808e088e3bdd75c6f39b1a46955861b3924e4e8d8ac358686ef
                                                                                                          • Opcode Fuzzy Hash: 160cf4e1b1f178f1bdc50957f1556cd741a8d765a6e9328493cd7ebc4eb2b227
                                                                                                          • Instruction Fuzzy Hash: 4C717F72D00629AADB21DBA8CC41BEFB7F8BF08351F114126ED14FB281E7759944CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00041248 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 137COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(00000020,?), ref: 00041271
                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00041278
                                                                                                          • GetLastError.KERNEL32 ref: 00041282
                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 000412D2
                                                                                                          • GetLastError.KERNEL32 ref: 000412DC
                                                                                                          • CloseHandle.KERNEL32(?), ref: 000413D6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                                                          • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                          • API String ID: 4232854991-1583736410
                                                                                                          • Opcode ID: 10d25ab03310689349078649d3ff1670eb92a308ac6cec329f1acfba6daff87b
                                                                                                          • Instruction ID: 3192468484144f17248af97cde8241b644c89f9d86faf7e5541e96ad1ee0d0cd
                                                                                                          • Opcode Fuzzy Hash: 10d25ab03310689349078649d3ff1670eb92a308ac6cec329f1acfba6daff87b
                                                                                                          • Instruction Fuzzy Hash: B741C472A80B25AFF7106EB59C49BEF76E8FB04742F010135FE45FA191EA684D4087E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00076A8B Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 167encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00076AD7
                                                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000000,F0000040,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00076AF0
                                                                                                          • GetLastError.KERNEL32 ref: 00076AFA
                                                                                                          • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 00076B37
                                                                                                          • GetLastError.KERNEL32 ref: 00076B41
                                                                                                          • CryptDestroyHash.ADVAPI32(00000000), ref: 00076BF3
                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00076C0A
                                                                                                          • GetLastError.KERNEL32 ref: 00076C25
                                                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 00076C5D
                                                                                                          • GetLastError.KERNEL32 ref: 00076C67
                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 00076CA0
                                                                                                          • GetLastError.KERNEL32 ref: 00076CAE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease_memset
                                                                                                          • String ID: cryputil.cpp
                                                                                                          • API String ID: 3585916483-2185294990
                                                                                                          • Opcode ID: 83789060eb85cda3b4b9f86b81d1b884e4ddb7fef748b7fd39c290280b264132
                                                                                                          • Instruction ID: b0a591229ca67a03b2da65ec04317867e9bcb782344807f0bbe296d2cab0cb3f
                                                                                                          • Opcode Fuzzy Hash: 83789060eb85cda3b4b9f86b81d1b884e4ddb7fef748b7fd39c290280b264132
                                                                                                          • Instruction Fuzzy Hash: 8151B532E40664ABFB319B658D04BEB7AE8FF08742F014165FE4DE6150D7798D809BE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00050F94 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 161pipeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00050FC2
                                                                                                          • GetLastError.KERNEL32(?,00000000,?), ref: 00050FCB
                                                                                                          • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?), ref: 0005106C
                                                                                                          • GetLastError.KERNEL32 ref: 00051079
                                                                                                          • CloseHandle.KERNEL32(00000000,pipe.cpp,0000013D,00000000), ref: 0005113F
                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0005116D
                                                                                                          Strings
                                                                                                          • \\.\pipe\%ls, xrefs: 00051023
                                                                                                          • Failed to allocate full name of cache pipe: %ls, xrefs: 000510D6
                                                                                                          • Failed to allocate full name of pipe: %ls, xrefs: 00051039
                                                                                                          • Failed to create pipe: %ls, xrefs: 000510AA, 00051130
                                                                                                          • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 00050FBD
                                                                                                          • \\.\pipe\%ls.Cache, xrefs: 000510C0
                                                                                                          • pipe.cpp, xrefs: 00050FEF, 0005109D, 00051123
                                                                                                          • Failed to create the security descriptor for the connection event and pipe., xrefs: 00050FF9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                                                          • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                          • API String ID: 3065245045-3253666091
                                                                                                          • Opcode ID: 57fd02bb593288f17d7e7e1a786725515f16bba8f610399cf18bad7644131421
                                                                                                          • Instruction ID: 7e189c353579a5d57dd8085c95b7ff0b49c0db4198cfb44407bee9da61fe0050
                                                                                                          • Opcode Fuzzy Hash: 57fd02bb593288f17d7e7e1a786725515f16bba8f610399cf18bad7644131421
                                                                                                          • Instruction Fuzzy Hash: 9351E071E40614FBEB11AAA49C46BDEBBB4FF04721F110222FE04AA1D0D7B94E40CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000559EA Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to transfer working path to unverified path for payload: %ls., xrefs: 00055AF0
                                                                                                          • Failed to concat complete cached path., xrefs: 00055A40
                                                                                                          • copying, xrefs: 00055B78
                                                                                                          • Failed to reset permissions on unverified cached payload: %ls, xrefs: 00055B3D
                                                                                                          • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 00055B17
                                                                                                          • Failed to move verified file to complete payload path: %ls, xrefs: 00055BB9
                                                                                                          • Failed to create unverified path., xrefs: 00055ABA
                                                                                                          • Failed to get cached path for package with cache id: %ls, xrefs: 00055A14
                                                                                                          • moving, xrefs: 00055B7D, 00055B85
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                          • API String ID: 0-1289240508
                                                                                                          • Opcode ID: 18d9e892adfd923954003fa943c344c03c54b9f9299d7bdd4e530f1167381e90
                                                                                                          • Instruction ID: 3da9d8c2e9d1fc60e6b39bc97fce0b2a4efbd023c61aa62fa3841177276772a7
                                                                                                          • Opcode Fuzzy Hash: 18d9e892adfd923954003fa943c344c03c54b9f9299d7bdd4e530f1167381e90
                                                                                                          • Instruction Fuzzy Hash: 5F51B131D40519FBEF236B90CC56FEE7A76AF04702F204161FE0479162E7768E64AB86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00076EEC Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130threadtimeCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(000A41BC,00000000,?), ref: 00076F1A
                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 00076F2A
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00076F33
                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00076F49
                                                                                                          • LeaveCriticalSection.KERNEL32(000A41BC,?,00000000,00000000,0000FDE9), ref: 0007703C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                          • String ID: $$$%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$(
                                                                                                          • API String ID: 296830338-3051742235
                                                                                                          • Opcode ID: 6fab6de302278bdcbfe6b05b046054dcba580cc726d6db8d54978daf5f052f15
                                                                                                          • Instruction ID: 3108373278f2482a820fc0a8a3d1dd34f6df0e021448c851b4bafd0cc80f8f38
                                                                                                          • Opcode Fuzzy Hash: 6fab6de302278bdcbfe6b05b046054dcba580cc726d6db8d54978daf5f052f15
                                                                                                          • Instruction Fuzzy Hash: 7F41AF76E00619EBDF208BE4DC44BBEB7F8AB49741F008025F909E6190E73D9D81DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054C6D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptHashPublicKeyInfo.CRYPT32(00000000,00008004,00000000,00000001,?,00000000,00000014), ref: 00054CDD
                                                                                                          • _memcmp.LIBCMT ref: 00054CFB
                                                                                                            • Part of subcall function 0007F372: CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 0007F387
                                                                                                            • Part of subcall function 0007F372: GetLastError.KERNEL32(?,?,00054D20,?,00000003,00000000,00000000), ref: 0007F391
                                                                                                          • _memcmp.LIBCMT ref: 00054D35
                                                                                                          • GetLastError.KERNEL32 ref: 00054DAB
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 00054DCF
                                                                                                          • Failed to find expected public key in certificate chain., xrefs: 00054D70
                                                                                                          • Failed to read certificate thumbprint., xrefs: 00054DA3
                                                                                                          • Failed to get certificate public key identifier., xrefs: 00054DD9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast_memcmp$CertCertificateContextCryptHashInfoPropertyPublic
                                                                                                          • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                          • API String ID: 2634596274-3408201827
                                                                                                          • Opcode ID: 575c29bece3ad4e4585d4c0cbc9d589b85fcb02153cbe9df9607a4ef30978973
                                                                                                          • Instruction ID: 10130c88bba416978706545bbb6bcfbc78be072014c51e49fb81575c28b0bb7b
                                                                                                          • Opcode Fuzzy Hash: 575c29bece3ad4e4585d4c0cbc9d589b85fcb02153cbe9df9607a4ef30978973
                                                                                                          • Instruction Fuzzy Hash: 76417F71E00205ABDB50DFA9C881AEBB7F9FB08355F118169EE08EB251D635DC45CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005568E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109filestringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 000556C6
                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,?,.unverified,?,?,?,?), ref: 0005573E
                                                                                                          • lstrlenW.KERNEL32(?,?,?,?), ref: 00055765
                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,?,?,?), ref: 000557C5
                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 000557D0
                                                                                                            • Part of subcall function 0007E632: _memset.LIBCMT ref: 0007E697
                                                                                                            • Part of subcall function 0007E632: _memset.LIBCMT ref: 0007E6A5
                                                                                                            • Part of subcall function 0007E632: GetFileAttributesW.KERNEL32(?,?,?,?,00000000,?), ref: 0007E6AE
                                                                                                            • Part of subcall function 0007E632: GetLastError.KERNEL32(?,?,?,00000000,?), ref: 0007E6C1
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileFind_memset$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                          • String ID: *.*$.unverified
                                                                                                          • API String ID: 2873512992-2528915496
                                                                                                          • Opcode ID: a316e67ff61791afc95fcdfc10348297d69b46dc9e5ebe1e58f86ad46b6b886f
                                                                                                          • Instruction ID: 8726bbaca515b85cb5501e653735d44afe04198794c1204445bfbe3dab760790
                                                                                                          • Opcode Fuzzy Hash: a316e67ff61791afc95fcdfc10348297d69b46dc9e5ebe1e58f86ad46b6b886f
                                                                                                          • Instruction Fuzzy Hash: 2841843090592CAEDF61AB60EC59BEE77B8AF48313F5041A1E808E5091EB758EC88F14
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007FFA3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128filenetworkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007DFB3: SetFilePointerEx.KERNEL32(?,?,00000001,?,?,00000000,?,?,?,0007FFC2,?,00000001,?,00000000,00000000,00000001), ref: 0007DFCB
                                                                                                            • Part of subcall function 0007DFB3: GetLastError.KERNEL32(?,0007FFC2,?,00000001,?,00000000,00000000,00000001,00000000,?,?,?,0007F885,?,?,?), ref: 0007DFD5
                                                                                                          • InternetReadFile.WININET(?,?,00000001,00000000), ref: 0007FFDA
                                                                                                          • WriteFile.KERNEL32(?,?,00000000,00000001,00000000,?,0007F885,?,?,?,?,?,?,?,00010000,?), ref: 0008000C
                                                                                                          • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,0007F885,?,?,?,?), ref: 0008005E
                                                                                                          • GetLastError.KERNEL32(?,0007F885,?,?,?,?,?,?,?,00010000,?,?,00000001,GET,?,?), ref: 000800A4
                                                                                                          • GetLastError.KERNEL32(?,0007F885,?,?,?,?,?,?,?,00010000,?,?,00000001,GET,?,?), ref: 000800CA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$ErrorLast$Write$InternetPointerRead
                                                                                                          • String ID: dlutil.cpp
                                                                                                          • API String ID: 755641697-2067379296
                                                                                                          • Opcode ID: 700f2a8d697cf63b9675f3c689143f810b8d519a7efa28df601f4e1a7196a03f
                                                                                                          • Instruction ID: 8b16ed44860c92203df021adfaff4cc8fc0e0010456bbae8f7661a026a36f7e7
                                                                                                          • Opcode Fuzzy Hash: 700f2a8d697cf63b9675f3c689143f810b8d519a7efa28df601f4e1a7196a03f
                                                                                                          • Instruction Fuzzy Hash: F741CF72A4061ABFEB619EA8CC44BEA7BE8FF04350F104225FD44E6190D775DD24DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042C05 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastNameUser
                                                                                                          • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 2054405381-1522884404
                                                                                                          • Opcode ID: b81cf8368c729a7de41d100fadc37fa3f37ddd03a881df46f6212bad1bb05624
                                                                                                          • Instruction ID: e269c13afb84ae4477b62aebc4ea165cdbbc9d99c771034163cdd569f29e22a7
                                                                                                          • Opcode Fuzzy Hash: b81cf8368c729a7de41d100fadc37fa3f37ddd03a881df46f6212bad1bb05624
                                                                                                          • Instruction Fuzzy Hash: AC01D671F40728A7D710AB649D49BDF77ACBB00710F104266FC44E7242EE759D048BE9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000824CF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000208,?), ref: 00082524
                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 00082536
                                                                                                          Strings
                                                                                                          • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 0008250D
                                                                                                          • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 0008257F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                          • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ
                                                                                                          • API String ID: 1772835396-395410266
                                                                                                          • Opcode ID: c16124e4ba6f01249ed331f9bab10ba679bfc6f06b823c52afb439a29ae8b40a
                                                                                                          • Instruction ID: b5a875dba61d71d746af33e17880bab079a12576e6fe2342af99a9a9f16f02e5
                                                                                                          • Opcode Fuzzy Hash: c16124e4ba6f01249ed331f9bab10ba679bfc6f06b823c52afb439a29ae8b40a
                                                                                                          • Instruction Fuzzy Hash: 90212CA6900119AEEB649F959C05FBFB3FCEB48B11F00455AF945D6080E6789D80D771
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67networktimeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007FB38: InternetCloseHandle.WININET(?), ref: 0007FB60
                                                                                                            • Part of subcall function 0007FB38: InternetCloseHandle.WININET(00000000), ref: 0007FB70
                                                                                                            • Part of subcall function 0007FB38: InternetConnectW.WININET(00000000,000801FA,00000000,?,?,00000003,00000000,00000000), ref: 0007FBCE
                                                                                                            • Part of subcall function 0007FB38: lstrlenW.KERNEL32(?), ref: 0007FBF6
                                                                                                            • Part of subcall function 0007FB38: InternetSetOptionW.WININET(00000000,0000002B,?,00000000), ref: 0007FC07
                                                                                                            • Part of subcall function 0007FB38: lstrlenW.KERNEL32(?), ref: 0007FC0E
                                                                                                            • Part of subcall function 0007FB38: InternetSetOptionW.WININET(00000000,0000002C,?,00000000), ref: 0007FC19
                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000,?,00000000,?,000801FA,?,00000000,HEAD,00000000,00000000,000801FA,00000000,?,?,00000000,00000000), ref: 0007F9F6
                                                                                                          • InternetCloseHandle.WININET(?), ref: 0007FA09
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007FA14
                                                                                                            • Part of subcall function 0008265A: HttpQueryInfoW.WININET(00000000,20000005,00000000,00000004,00000000), ref: 0008267A
                                                                                                            • Part of subcall function 0008265A: GetLastError.KERNEL32(?,?,?,0007F9CA,?,000801FA,?,00000000,HEAD,00000000,00000000,000801FA,00000000,?,?,00000000), ref: 00082684
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Internet$CloseHandle$OptionTimelstrlen$ConnectErrorFileHttpInfoLastQuerySystem
                                                                                                          • String ID: HEAD
                                                                                                          • API String ID: 2322489961-2439387944
                                                                                                          • Opcode ID: 63982592d11fb3fe3650cbfad089fbdcf71e4187f40afac041b6beefa712934d
                                                                                                          • Instruction ID: f6c8fe0a4e92719d7b25089a1c728507b3e27dff27806e5b22c4fb7e5734ae0a
                                                                                                          • Opcode Fuzzy Hash: 63982592d11fb3fe3650cbfad089fbdcf71e4187f40afac041b6beefa712934d
                                                                                                          • Instruction Fuzzy Hash: C7218176D0020EBBCB02DFA4CD809EEBBB9FF49354B204125F904A3211D735DE519BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007A89B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FormatMessageW.KERNEL32(000011FF,?,?,00000000,000000FF,00000000,?,?,80070642,80070642,?,00049D44,?,?,00000000,?), ref: 0007A8CD
                                                                                                          • GetLastError.KERNEL32(?,00049D44,?,?,00000000,?,80070642,?,?,00058EB7,?,00000000,00000000,80070642,00000000,00000015), ref: 0007A8DA
                                                                                                          • LocalFree.KERNEL32(00000000,?,000000FF,00000000,?,00049D44,?,?,00000000,?,80070642,?,?,00058EB7,?,00000000), ref: 0007A921
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                          • String ID: strutil.cpp
                                                                                                          • API String ID: 1365068426-3612885251
                                                                                                          • Opcode ID: 7eed88ece6b69fb255f091da8bec04d26091111bc3c2c387ebbe3d027c5b677c
                                                                                                          • Instruction ID: becfd83d3ab58b99d896aaa6116fdbfa2e5f5e9f804bebae928000e356e980ba
                                                                                                          • Opcode Fuzzy Hash: 7eed88ece6b69fb255f091da8bec04d26091111bc3c2c387ebbe3d027c5b677c
                                                                                                          • Instruction Fuzzy Hash: 6F118E76E00229FFEF159FA4CD09AEE7AA8FB09341F004269BD05A6150D6754E10DBE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00055C08 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed create working folder., xrefs: 00055C3B
                                                                                                          • Failed to copy working folder., xrefs: 00055C63
                                                                                                          • Failed to calculate working folder to ensure it exists., xrefs: 00055C25
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastPathTemp_memset
                                                                                                          • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                          • API String ID: 623060366-2072961686
                                                                                                          • Opcode ID: 0968d9ad0a8ed889ddec48d33e26ff3a73b0729fec2e0f8707c3c4043fa85594
                                                                                                          • Instruction ID: 31b2083e191fe821790cc9364454bc1d9dd22f5cd9335beded896d901198ff26
                                                                                                          • Opcode Fuzzy Hash: 0968d9ad0a8ed889ddec48d33e26ff3a73b0729fec2e0f8707c3c4043fa85594
                                                                                                          • Instruction Fuzzy Hash: 67012D31D40729FE8B12A664CD15C9F7FB4EF807237204165FC0879111D6315E14EB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00061C75 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00061C1A,00000000,00000003), ref: 00061C8C
                                                                                                          • GetLastError.KERNEL32(?,00061C1A,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,0006200E,?), ref: 00061C96
                                                                                                          Strings
                                                                                                          • Failed to set service start type., xrefs: 00061CC4
                                                                                                          • msuengine.cpp, xrefs: 00061CBA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ChangeConfigErrorLastService
                                                                                                          • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                          • API String ID: 1456623077-1628545019
                                                                                                          • Opcode ID: 42288f0dba4cb3c28853210d211a775d270be9f4dc26795e57937a5bc8a91965
                                                                                                          • Instruction ID: 2fd2f89ccd48733ba727111e4502dd9c59d3e33843eace6f01261aba264c8477
                                                                                                          • Opcode Fuzzy Hash: 42288f0dba4cb3c28853210d211a775d270be9f4dc26795e57937a5bc8a91965
                                                                                                          • Instruction Fuzzy Hash: 30F0EC32A4463437EB1026AAAC05EC77ED8EF057B1B114321FD2CE91D1D915880092E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007DAF5 Relevance: 4.5, APIs: 3, Instructions: 44fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0007DB20
                                                                                                          • FindFirstFileW.KERNEL32(00000003,?,00000000,00000000,00000000), ref: 0007DB30
                                                                                                          • FindClose.KERNEL32(00000000), ref: 0007DB3C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Find$CloseFileFirst_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 3141757445-0
                                                                                                          • Opcode ID: af464a31b9e1a72dca7736b51822e0500f46da9575e87cdae55988ec4b6203bb
                                                                                                          • Instruction ID: 376931b01869473a4f56fd470a06b62d8db3c5b6fe713bf2c6cd92d61fd27199
                                                                                                          • Opcode Fuzzy Hash: af464a31b9e1a72dca7736b51822e0500f46da9575e87cdae55988ec4b6203bb
                                                                                                          • Instruction Fuzzy Hash: 6001F932A00608ABEB10EFA9ED89EAAB3FDEFC5316F004066F919C7141D7385D59C754
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D116 Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007D2A4: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,0007D145,?), ref: 0007D315
                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0007D169
                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0007D17A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                          • String ID:
                                                                                                          • API String ID: 2114926846-0
                                                                                                          • Opcode ID: 78a7f77512f22e603425ec9a2b422a3d9d733bde725d6bd0669a77d83fef97da
                                                                                                          • Instruction ID: b7051a36e61b18b951dc78c491d07ba6e2b3c60a5f1efa061b1c4130d4cb2f9e
                                                                                                          • Opcode Fuzzy Hash: 78a7f77512f22e603425ec9a2b422a3d9d733bde725d6bd0669a77d83fef97da
                                                                                                          • Instruction Fuzzy Hash: 28115B71D0020ABBEB10DFA4CC85BAFB7F8FF08300F50842EE559A6142E7789A44CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006D189 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,0009FC18,0006D85B,0009F8F0,?,?,00000000), ref: 0006D18E
                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 0006D197
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                          • String ID:
                                                                                                          • API String ID: 3192549508-0
                                                                                                          • Opcode ID: 5ca603f3b28f061535ee678f3d26d74b8f699264e33d24ea13a8e3e841ada94e
                                                                                                          • Instruction ID: dc82dc6666ae619c83026b401d411e42b34d44749bdf88220b9a2b4bcd47984c
                                                                                                          • Opcode Fuzzy Hash: 5ca603f3b28f061535ee678f3d26d74b8f699264e33d24ea13a8e3e841ada94e
                                                                                                          • Instruction Fuzzy Hash: 6BB09231045608EBEB402B91EC09B4C3F28FB06763F404010F64D440618F6658108B92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006D158 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(?,?,0006BCD3,0006BC88), ref: 0006D15E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                          • String ID:
                                                                                                          • API String ID: 3192549508-0
                                                                                                          • Opcode ID: 8d0ce0b38c41ad42e5a9c6e7ce224fb3e485e68bf59ffbafc45b35fb840db370
                                                                                                          • Instruction ID: d2e7499c00e74160fd342940a6d5590a805cbef7249f86d6be0da896cbbdd5ad
                                                                                                          • Opcode Fuzzy Hash: 8d0ce0b38c41ad42e5a9c6e7ce224fb3e485e68bf59ffbafc45b35fb840db370
                                                                                                          • Instruction Fuzzy Hash: 4BA0113000220CEBCA002B82EC08888BF2CEB022A2B008020F80C000228B32A8208A82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006AFEC Relevance: .3, Instructions: 345COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                          • Instruction ID: 8c72e6f1dcc46be157e3c49ef870c0006b6783d519ccd7a376deffc48ccc1a62
                                                                                                          • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                          • Instruction Fuzzy Hash: 77C171722050930ADBAD563A847507EBBE39FA27B131A176DD4B3CB1D5FF20C5A4DA20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006B421 Relevance: .3, Instructions: 341COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                          • Instruction ID: 1f4a211a1fbce742455221d32b4cee1bb7d1d613a25fc02b1d06958dcc2fd66e
                                                                                                          • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                          • Instruction Fuzzy Hash: 0BC1A0722191A309DBAD563AC43517EBAE39FA27B131A176DD4B3CB0C5FF20C564DA20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006ABB7 Relevance: .3, Instructions: 331COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                          • Instruction ID: f1f027161837700428b4ad78863a2a4c8dcbc9eb79b896e9ebd4376d7c946aeb
                                                                                                          • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                          • Instruction Fuzzy Hash: AAC18E323051930ADFAD663A847507EBAE39FA37B131A176DD4B3DB1C5FE20C5249A21
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006A79F Relevance: .3, Instructions: 323COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                          • Instruction ID: 9e5ef4567a9e6efd74d0b5eff408a9b299ecfd9e8c6595309762dff5f0fda62a
                                                                                                          • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                          • Instruction Fuzzy Hash: F0C18E3230519309DBAD6639843517EBAE39FA37B131A276ED4B2DB0C5FF20C564DA21
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004C338 Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 457registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,00000001,00000000,?,?,00020006,00000000,?,00000000), ref: 0004C8F3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Close
                                                                                                          • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.9.1006.0$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString
                                                                                                          • API String ID: 3535843008-348728146
                                                                                                          • Opcode ID: ca281784dfd79a5492490034386e434ba05e7c9e1ba095b9f716b066bf7f0314
                                                                                                          • Instruction ID: b5f0d38c2df2ef923c0a61db15bc47aa2a4daedd51b0498062ef2366f3cb2b1d
                                                                                                          • Opcode Fuzzy Hash: ca281784dfd79a5492490034386e434ba05e7c9e1ba095b9f716b066bf7f0314
                                                                                                          • Instruction Fuzzy Hash: C1E106B1F82622B7FFA23A50CD42DBC76A07B00710B154176FA44B9651DB76AD20A7CD
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005D81F Relevance: 68.6, APIs: 7, Strings: 32, Instructions: 308COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: StringVariant$AllocClearFreeInit
                                                                                                          • String ID: Code$DetectCondition$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @Type.$Failed to get @UninstallArguments.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$InstallArguments$Invalid exit code type: %ls$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$Type$UninstallArguments$burn$error$exeengine.cpp$forceReboot$netfx4$none$scheduleReboot$success
                                                                                                          • API String ID: 760788290-2414772874
                                                                                                          • Opcode ID: d7ae6ca1e7fe31e542fe9e9d0298f7819c5fc865faa685f3ee374f98f78555f4
                                                                                                          • Instruction ID: 17a037860f679c6ef156f633893333d632c3e108f1f079c261424f5eebae4db2
                                                                                                          • Opcode Fuzzy Hash: d7ae6ca1e7fe31e542fe9e9d0298f7819c5fc865faa685f3ee374f98f78555f4
                                                                                                          • Instruction Fuzzy Hash: 8EA1D171A44625FBEF319BA08C41FAFB7A5AB00B22F214357FE24AE2C1D77099059781
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005D0F7 Relevance: 65.2, APIs: 11, Strings: 26, Instructions: 453COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0005D14C
                                                                                                          • _memset.LIBCMT ref: 0005D185
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 0005D748
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 0005D765
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle_memset
                                                                                                          • String ID: "%ls"$"%ls" %s$%ls -%ls=%ls$2$Bootstrapper application aborted during EXE progress.$D$Failed to CreateProcess on path: %ls$Failed to append the list of ancestors to the command line.$Failed to append the list of ancestors to the obfuscated command line.$Failed to append the list of dependencies to ignore to the command line.$Failed to append the list of dependencies to ignore to the obfuscated command line.$Failed to build executable path.$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get action arguments for executable package.$Failed to get cached path for package: %ls$Failed to run bundle as embedded from path: %ls$Failed to run netfx chainer: %ls$Failed to wait for executable to complete: %ls$Process returned error: 0x%x$WixBundleExecutePackageCacheFolder$burn.ancestors$burn.ignoredependencies$exeengine.cpp
                                                                                                          • API String ID: 900656945-3044166610
                                                                                                          • Opcode ID: 9e1c80eab46a6c409adbb94dfc15b3db8e4cbb5ab80c1d14ac76ce2505148865
                                                                                                          • Instruction ID: 9675c1a010930787692e2963ec3f811f4f8fc19b5c30a6577f540d5da7a0c13a
                                                                                                          • Opcode Fuzzy Hash: 9e1c80eab46a6c409adbb94dfc15b3db8e4cbb5ab80c1d14ac76ce2505148865
                                                                                                          • Instruction Fuzzy Hash: 5102A471A40219AFDF71AF90CC89FDEB7B5BB14305F0040E6EA08A6162DB759E85DF11
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00061DB5 Relevance: 59.9, APIs: 8, Strings: 26, Instructions: 377COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00061DE5
                                                                                                          • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,00057801,00000007,?,?,?,Function_0001685D,?,?), ref: 00061E09
                                                                                                            • Part of subcall function 0007891F: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,000428DA,00000000), ref: 00078933
                                                                                                            • Part of subcall function 0007891F: GetProcAddress.KERNEL32(00000000), ref: 0007893A
                                                                                                            • Part of subcall function 0007891F: GetLastError.KERNEL32(?,?,?,000428DA,00000000), ref: 00078951
                                                                                                          • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 000621F4
                                                                                                          • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00062208
                                                                                                          Strings
                                                                                                          • Failed to get process exit code., xrefs: 00062112
                                                                                                          • D, xrefs: 00062021
                                                                                                          • Failed to get cached path for package: %ls, xrefs: 00061EE2
                                                                                                          • Failed to format MSU install command., xrefs: 00061F42
                                                                                                          • Failed to format MSU uninstall command., xrefs: 00061F6F
                                                                                                          • Failed to ensure WU service was enabled to install MSU package., xrefs: 00062014
                                                                                                          • /log:, xrefs: 00061F88
                                                                                                          • 2, xrefs: 00062099
                                                                                                          • Failed to append SysNative directory., xrefs: 00061E61
                                                                                                          • Failed to determine WOW64 status., xrefs: 00061E1B
                                                                                                          • Failed to find Windows directory., xrefs: 00061E40
                                                                                                          • Failed to build MSU path., xrefs: 00061F1B
                                                                                                          • "%ls" "%ls" /quiet /norestart, xrefs: 00061F2E
                                                                                                          • WixBundleExecutePackageCacheFolder, xrefs: 00061EF1, 00062220
                                                                                                          • Failed to wait for executable to complete: %ls, xrefs: 00062183
                                                                                                          • Failed to CreateProcess on path: %ls, xrefs: 00062080
                                                                                                          • msuengine.cpp, xrefs: 00062073, 00062108, 00062135
                                                                                                          • Bootstrapper application aborted during MSU progress., xrefs: 0006213F
                                                                                                          • Failed to append log switch to MSU command-line., xrefs: 00061F9C
                                                                                                          • Failed to find System32 directory., xrefs: 00061E7C
                                                                                                          • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 00061F5B
                                                                                                          • wusa.exe, xrefs: 00061E8A
                                                                                                          • Failed to get action arguments for MSU package., xrefs: 00061EBC
                                                                                                          • Failed to append log path to MSU command-line., xrefs: 00061FBA
                                                                                                          • Failed to allocate WUSA.exe path., xrefs: 00061E9D
                                                                                                          • SysNative\, xrefs: 00061E4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess_memset
                                                                                                          • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                          • API String ID: 3976248788-4261965642
                                                                                                          • Opcode ID: ff5a159139785fbd6503f15d4056069f01f5554be92af185bd4ea896632955a3
                                                                                                          • Instruction ID: ded2f5c33f70a37c2f951f2fb9c367235193b45729937f01328f6c705b80ca6a
                                                                                                          • Opcode Fuzzy Hash: ff5a159139785fbd6503f15d4056069f01f5554be92af185bd4ea896632955a3
                                                                                                          • Instruction Fuzzy Hash: 6ED1A170A4470ABBDF119FE4CC85FEE7ABAAF18700F104025FB04AA192D7B59D51DB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00044B98 Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 332COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00041EB6,?,00000000,80070490,?,?,?,?,?,?,00067257,?,00041EB6,?,00041EB6,00041EB6), ref: 00044BC8
                                                                                                          • LeaveCriticalSection.KERNEL32(00041EB6,?,?,?,?,?,?,00067257,?,00041EB6,?,00041EB6,00041EB6,Chain,00041E2E,00041E2E), ref: 00044F25
                                                                                                          Strings
                                                                                                          • Initializing string variable '%ls' to value '%ls', xrefs: 00044D3B
                                                                                                          • Failed to set value of variable: %ls, xrefs: 00044EBF
                                                                                                          • version, xrefs: 00044D4D
                                                                                                          • variable.cpp, xrefs: 00044EDA
                                                                                                          • Failed to change variant type., xrefs: 00044EFB
                                                                                                          • Hidden, xrefs: 00044C50
                                                                                                          • Failed to get variable node count., xrefs: 00044C02
                                                                                                          • Variable, xrefs: 00044BD2
                                                                                                          • Type, xrefs: 00044CC4
                                                                                                          • Value, xrefs: 00044C86
                                                                                                          • Attempt to set built-in variable value: %ls, xrefs: 00044EE9
                                                                                                          • Initializing numeric variable '%ls' to value '%ls', xrefs: 00044D03
                                                                                                          • Failed to get @Value., xrefs: 00044EAE
                                                                                                          • Failed to set variant encryption, xrefs: 00044EB5
                                                                                                          • Failed to get next node., xrefs: 00044F17
                                                                                                          • Failed to get @Hidden., xrefs: 00044F09
                                                                                                          • Persisted, xrefs: 00044C6B
                                                                                                          • numeric, xrefs: 00044CDD
                                                                                                          • Initializing hidden variable '%ls', xrefs: 00044D92
                                                                                                          • string, xrefs: 00044D18
                                                                                                          • Initializing version variable '%ls' to value '%ls', xrefs: 00044D74
                                                                                                          • Failed to insert variable '%ls'., xrefs: 00044DE7
                                                                                                          • Failed to get @Type., xrefs: 00044EA0
                                                                                                          • Failed to find variable value '%ls'., xrefs: 00044EF4
                                                                                                          • Failed to get @Id., xrefs: 00044F10
                                                                                                          • Failed to set variant value., xrefs: 00044EA7
                                                                                                          • Invalid value for @Type: %ls, xrefs: 00044E99
                                                                                                          • Failed to select variable nodes., xrefs: 00044BE5
                                                                                                          • Failed to get @Persisted., xrefs: 00044F02
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                          • API String ID: 3168844106-1614826165
                                                                                                          • Opcode ID: 9c47b0ba0d9d04ee1c9970d8de5eecbdc37188380e68bd33456e1f6c6f1277b3
                                                                                                          • Instruction ID: ee7fc8c1c8ded8f39912594e6424c0c2a5028ccf4ffb5999532146e9cbd6bd88
                                                                                                          • Opcode Fuzzy Hash: 9c47b0ba0d9d04ee1c9970d8de5eecbdc37188380e68bd33456e1f6c6f1277b3
                                                                                                          • Instruction Fuzzy Hash: 84B1C5B1D04625FBCF11AB94CC45FAEBBB4BF04710F110274FA54BA292D7769E009B98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005F3B8 Relevance: 54.7, APIs: 1, Strings: 30, Instructions: 486COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0005F416
                                                                                                            • Part of subcall function 0007C2E5: _memset.LIBCMT ref: 0007C30E
                                                                                                          Strings
                                                                                                          • Failed to add patch properties to argument string., xrefs: 0005F699
                                                                                                          • Failed to enable logging for package: %ls to: %ls, xrefs: 0005F5C9
                                                                                                          • IGNOREDEPENDENCIES, xrefs: 0005F84F, 0005F91F
                                                                                                          • REINSTALL=ALL, xrefs: 0005F771, 0005F800
                                                                                                          • Failed to add properties to argument string., xrefs: 0005F607
                                                                                                          • Failed to get cached path for package: %ls, xrefs: 0005F516
                                                                                                          • Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 0005F845
                                                                                                          • ACTION=ADMIN, xrefs: 0005F8AD
                                                                                                          • %ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 0005F831
                                                                                                          • Failed to perform minor upgrade of MSI package., xrefs: 0005F7D2
                                                                                                          • Failed to add feature action properties to obfuscated argument string., xrefs: 0005F67A
                                                                                                          • Failed to add obfuscated properties to argument string., xrefs: 0005F63C
                                                                                                          • Failed to run maintanance mode for MSI package., xrefs: 0005F8A0
                                                                                                          • Failed to initialize external UI handler., xrefs: 0005F596
                                                                                                          • Failed to add reboot suppression property on uninstall., xrefs: 0005F918
                                                                                                          • Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 0005F7AA
                                                                                                          • REBOOT=ReallySuppress, xrefs: 0005F73E, 0005F907
                                                                                                          • %ls %ls=ALL, xrefs: 0005F860, 0005F930
                                                                                                          • Failed to add ADMIN property on admin install., xrefs: 0005F8C8
                                                                                                          • Failed to add the list of dependencies to ignore to the properties., xrefs: 0005F874
                                                                                                          • Failed to add feature action properties to argument string., xrefs: 0005F65B
                                                                                                          • Failed to uninstall MSI package., xrefs: 0005F98A
                                                                                                          • Failed to build MSI path., xrefs: 0005F564
                                                                                                          • WixBundleExecutePackageCacheFolder, xrefs: 0005F531, 0005FA3D
                                                                                                          • Failed to add reinstall all property on minor upgrade., xrefs: 0005F788
                                                                                                          • Failed to add reboot suppression property on install., xrefs: 0005F759
                                                                                                          • Failed to install MSI package., xrefs: 0005F8F4
                                                                                                          • REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 0005F793
                                                                                                          • VersionString, xrefs: 0005F45D, 0005F4B6
                                                                                                          • Failed to add patch properties to obfuscated argument string., xrefs: 0005F6B8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString$WixBundleExecutePackageCacheFolder
                                                                                                          • API String ID: 2102423945-2609321914
                                                                                                          • Opcode ID: 78e594d07fe0b483724ec4d1df3b9bcd5f87233e37b0144a9229f87279a7fc71
                                                                                                          • Instruction ID: 1a105c2fef4ec6f5b045506586ad09fc1a8c6d6af254d3e360549ee5b181d161
                                                                                                          • Opcode Fuzzy Hash: 78e594d07fe0b483724ec4d1df3b9bcd5f87233e37b0144a9229f87279a7fc71
                                                                                                          • Instruction Fuzzy Hash: 6D029471A01A2AAFDF219F50CC41FBAB7A6AF44311F0041B5F908A7152DB769EA4DFC1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000421D0 Relevance: 53.0, APIs: 11, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000100,00000000,00000100,00000100,00000000,00000000,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 000421F5
                                                                                                          • lstrlenW.KERNEL32(000002C0,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 000421FF
                                                                                                          • _wcschr.LIBCMT ref: 000423FD
                                                                                                          • #17.MSI(00000000,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 00042434
                                                                                                          • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 000426A1
                                                                                                          • #8.MSI(?,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 000426EF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                          • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                          • API String ID: 1026845265-2050445661
                                                                                                          • Opcode ID: 4711fef9cb2353b41be4ccb98e37bdab4c59527c2e5f77b5914ad82998558dd4
                                                                                                          • Instruction ID: b143bb0cfe1e1d550a202f543f0bee5e7de8f3c79887aaf889e850b5b659bd16
                                                                                                          • Opcode Fuzzy Hash: 4711fef9cb2353b41be4ccb98e37bdab4c59527c2e5f77b5914ad82998558dd4
                                                                                                          • Instruction Fuzzy Hash: 7CF1C3B1E00615ABDF21EFA4C941AAF7BB8EF44750F418139FD09AB241D7759E01CBA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008109B Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 000811AE
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081377
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081414
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                          • String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                          • API String ID: 1555028553-2592408802
                                                                                                          • Opcode ID: 0c34791be6fcc42cf67f7e3155a85c2c9ab279b12994c9a9ff8f593d614d49c3
                                                                                                          • Instruction ID: 43a37643c5fa87ab4b9c1b44bab384ffc53ed6c481465a311e54b5f3ffa49ec8
                                                                                                          • Opcode Fuzzy Hash: 0c34791be6fcc42cf67f7e3155a85c2c9ab279b12994c9a9ff8f593d614d49c3
                                                                                                          • Instruction Fuzzy Hash: 3CB17D31944616BBDF61EAA4CC41FEEB7A8BF04720F200354F661AA5D1DB70EE52DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068504 Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 276COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00068564
                                                                                                          • UuidCreate.RPCRT4(?), ref: 0006857F
                                                                                                          • StringFromGUID2.OLE32(?,?,00000027), ref: 000685A0
                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 00068736
                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00068760
                                                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0006876E
                                                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 000687A6
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,NetFxChainer.cpp,000001AB,00000000,?,?,?,?), ref: 0006885B
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,NetFxChainer.cpp,000001AB,00000000,?,?,?,?), ref: 00068873
                                                                                                          Strings
                                                                                                          • NetFxSection.%ls, xrefs: 000685D0
                                                                                                          • NetFxEvent.%ls, xrefs: 000685F5
                                                                                                          • Failed to allocate event name., xrefs: 00068609
                                                                                                          • %ls /pipe %ls, xrefs: 0006863B
                                                                                                          • Failed to wait for netfx chainer process to complete, xrefs: 000687D4
                                                                                                          • Failed to CreateProcess on path: %ls, xrefs: 000686C5
                                                                                                          • D, xrefs: 00068671
                                                                                                          • Failed to create netfx chainer guid., xrefs: 0006858C
                                                                                                          • Failed to convert netfx chainer guid into string., xrefs: 000685BF
                                                                                                          • NetFxChainer.cpp, xrefs: 000685B5, 000686BA, 00068792, 000687CA
                                                                                                          • Failed to create netfx chainer., xrefs: 00068628
                                                                                                          • Failed to allocate netfx chainer arguments., xrefs: 0006864F
                                                                                                          • Failed to process netfx chainer message., xrefs: 00068712
                                                                                                          • Failed to allocate section name., xrefs: 000685E4
                                                                                                          • Failed to get netfx return code., xrefs: 0006879C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseErrorHandleLast$CodeCreateExitFromMultipleObjectsProcessStringUuidWait_memset
                                                                                                          • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                          • API String ID: 2385649247-1825855094
                                                                                                          • Opcode ID: c6bbb4b16f686873b7e35f5d350c81808a9974442f4c37c8514bfb00787326bc
                                                                                                          • Instruction ID: 4ee252aaee35d8bc1e6e8e66777c39c018285be91392b047b200836cbff19461
                                                                                                          • Opcode Fuzzy Hash: c6bbb4b16f686873b7e35f5d350c81808a9974442f4c37c8514bfb00787326bc
                                                                                                          • Instruction Fuzzy Hash: B4A19271D40728AFEF219BA8CC45BDEB7B9AF04310F108169F908F7152DA759D449F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046AF2 Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 302registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00046B36
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00046B5C
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,00000000,?,?), ref: 00046E44
                                                                                                          Strings
                                                                                                          • Failed to open registry key., xrefs: 00046BCB
                                                                                                          • Failed to set variable., xrefs: 00046E07
                                                                                                          • Failed to allocate string buffer., xrefs: 00046D41
                                                                                                          • Failed to query registry key value size., xrefs: 00046C36
                                                                                                          • Failed to allocate memory registry value., xrefs: 00046C69
                                                                                                          • Failed to change value type., xrefs: 00046DE9
                                                                                                          • Failed to get expand environment string., xrefs: 00046DB7
                                                                                                          • Unsupported registry key value type. Type = '%u', xrefs: 00046CE2
                                                                                                          • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 00046E1C
                                                                                                          • Registry key not found. Key = '%ls', xrefs: 00046B90
                                                                                                          • search.cpp, xrefs: 00046C2C, 00046C5F, 00046CB0, 00046DAD
                                                                                                          • Failed to format value string., xrefs: 00046B67
                                                                                                          • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00046BFA
                                                                                                          • Failed to query registry key value., xrefs: 00046CBA
                                                                                                          • Failed to read registry value., xrefs: 00046DD0
                                                                                                          • Failed to clear variable., xrefs: 00046BB6
                                                                                                          • Failed to format key string., xrefs: 00046B41
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16$Close
                                                                                                          • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                          • API String ID: 2348241696-3124384294
                                                                                                          • Opcode ID: bf5ed161610c8439666dfc95b08c8a246aefe915777b68e58de42060bc07de81
                                                                                                          • Instruction ID: 6a50439696bce36a6c450ec47017534cc99ae5e10087c2c6a48243732b16e05d
                                                                                                          • Opcode Fuzzy Hash: bf5ed161610c8439666dfc95b08c8a246aefe915777b68e58de42060bc07de81
                                                                                                          • Instruction Fuzzy Hash: 20A1EAB2D40625BBDF21AAA1CD41AEE76F8FF05700F108171FA04BA151EB779E1097DA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00051662 Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 222filepipesleepCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenW.KERNEL32(000000FF,?,00000000,?), ref: 00051683
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0005168E
                                                                                                          • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000), ref: 000516C5
                                                                                                          • ConnectNamedPipe.KERNEL32(?,00000000), ref: 000516DA
                                                                                                          • GetLastError.KERNEL32 ref: 000516E4
                                                                                                          • Sleep.KERNEL32(00000064), ref: 00051715
                                                                                                          • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000), ref: 00051738
                                                                                                          • WriteFile.KERNEL32(?,?,00000004,00000000,00000000), ref: 00051753
                                                                                                          • WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 0005176E
                                                                                                          • WriteFile.KERNEL32(?,?,00000004,00000000,00000000), ref: 00051789
                                                                                                          • ReadFile.KERNEL32(?,?,00000004,00000000,00000000), ref: 000517A4
                                                                                                          • GetLastError.KERNEL32 ref: 000517FC
                                                                                                          • GetLastError.KERNEL32 ref: 00051830
                                                                                                          • GetLastError.KERNEL32 ref: 00051864
                                                                                                          • GetLastError.KERNEL32 ref: 000518FA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                          • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$pipe.cpp
                                                                                                          • API String ID: 2944378912-2009266399
                                                                                                          • Opcode ID: 86b827c63fe382bbf748245d7b2df5f6c3655d7fb8d2fe98a4cdc819548ca40c
                                                                                                          • Instruction ID: c0db13d6250348ddc1b031f480b0fbb69a2a0165f7f0fd5ba99241c14b22e86c
                                                                                                          • Opcode Fuzzy Hash: 86b827c63fe382bbf748245d7b2df5f6c3655d7fb8d2fe98a4cdc819548ca40c
                                                                                                          • Instruction Fuzzy Hash: A861B476E40728BAEB20AAB98C45BEB76ECAF04751F114126FE45FB1D0D6788D0087E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00067EF7 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 235synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,00068622,?,?,?), ref: 00067F3D
                                                                                                          • GetLastError.KERNEL32(?,?,00068622,?,?,?), ref: 00067F4A
                                                                                                          • ReleaseMutex.KERNEL32(?), ref: 000681B2
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                          • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                          • API String ID: 3944734951-2991465304
                                                                                                          • Opcode ID: 575e9dc03658f10269ef81be9dbe55ae5bb4d1c6202c24d725b6ddf7c6f8031a
                                                                                                          • Instruction ID: 0f652939122a81b5ec78dbc81e21e51fefc637ea8449d8c6d5b680c7c1c4e848
                                                                                                          • Opcode Fuzzy Hash: 575e9dc03658f10269ef81be9dbe55ae5bb4d1c6202c24d725b6ddf7c6f8031a
                                                                                                          • Instruction Fuzzy Hash: 7A71D471A80B11BFEB219F698C49F9A7AE8FF05350F018625FE08AB251DB749C40D7E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00080D5E Relevance: 37.0, APIs: 11, Strings: 10, Instructions: 298COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,0009D128,000000FF,?,?,?), ref: 00080E25
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 00080E4A
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00080E6A
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00080E86
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 00080EAE
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00080ECA
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 00080F03
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 00080F3C
                                                                                                            • Part of subcall function 0008099F: SysFreeString.OLEAUT32(00000000), ref: 00080AD8
                                                                                                            • Part of subcall function 0008099F: SysFreeString.OLEAUT32(00000000), ref: 00080B1A
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080FC0
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081070
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$Compare$Free
                                                                                                          • String ID: ($atomutil.cpp$author$category$content$link$published$summary$title$updated
                                                                                                          • API String ID: 318886736-195222573
                                                                                                          • Opcode ID: 8af3c8185d8d046dc2ed44ffafc93c9b6efdb81cbeb8342bd4582d64c60c6c42
                                                                                                          • Instruction ID: fc618b9666e6c34a25294cc866c9329430c33cd1a9a35ca152e8069e8406bfce
                                                                                                          • Opcode Fuzzy Hash: 8af3c8185d8d046dc2ed44ffafc93c9b6efdb81cbeb8342bd4582d64c60c6c42
                                                                                                          • Instruction Fuzzy Hash: 7BA1C131904216FBDB60EB94CC41FAE77A8BF04720F204365F661AA1D2CBB1ED90DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004AEA7 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 231COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007C9A2: VariantInit.OLEAUT32(?), ref: 0007C9B8
                                                                                                            • Part of subcall function 0007C9A2: SysAllocString.OLEAUT32(?), ref: 0007C9D4
                                                                                                            • Part of subcall function 0007C9A2: VariantClear.OLEAUT32(?), ref: 0007CA5B
                                                                                                            • Part of subcall function 0007C9A2: SysFreeString.OLEAUT32(00000000), ref: 0007CA66
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,000865C8,?,?,Action,?,?,?,00000000,00041EB6), ref: 0004AF78
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0004AFC2
                                                                                                          Strings
                                                                                                          • RelatedBundle, xrefs: 0004AEB5
                                                                                                          • Invalid value for @Action: %ls, xrefs: 0004B0B7
                                                                                                          • Failed to get @Action., xrefs: 0004B0CE
                                                                                                          • Failed to get RelatedBundle element count., xrefs: 0004AEF1
                                                                                                          • Failed to resize Detect code array in registration, xrefs: 0004B093
                                                                                                          • Failed to resize Addon code array in registration, xrefs: 0004B0A1
                                                                                                          • Failed to get RelatedBundle nodes, xrefs: 0004AED7
                                                                                                          • Failed to get next RelatedBundle element., xrefs: 0004B0D5
                                                                                                          • Action, xrefs: 0004AF35
                                                                                                          • Failed to get @Id., xrefs: 0004B0C7
                                                                                                          • Addon, xrefs: 0004AFFF
                                                                                                          • Patch, xrefs: 0004B042
                                                                                                          • Detect, xrefs: 0004AF69
                                                                                                          • Upgrade, xrefs: 0004AFB5
                                                                                                          • Failed to resize Upgrade code array in registration, xrefs: 0004B09A
                                                                                                          • Failed to resize Patch code array in registration, xrefs: 0004B0A8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                          • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade
                                                                                                          • API String ID: 702752599-3660206225
                                                                                                          • Opcode ID: 6bdbe40474c75bb7e1a444f1eda450260b983363a30c709f839466931b62d7e1
                                                                                                          • Instruction ID: 35c38c6396df7d25e520b3fe5bdd8e27466f25d64df48d337d84c6bdb9f13589
                                                                                                          • Opcode Fuzzy Hash: 6bdbe40474c75bb7e1a444f1eda450260b983363a30c709f839466931b62d7e1
                                                                                                          • Instruction Fuzzy Hash: 5B71B3B0E44616FBCB209EA4C841EAEB7B4FF04721F204264F925AB6C1CB75ED51CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00081D97 Relevance: 33.6, APIs: 10, Strings: 9, Instructions: 309COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,00000000), ref: 00081DC4
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 00081DDF
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 00081E82
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF,00000018,00000000,00000000), ref: 00081EC1
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 00081F14
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,true,000000FF), ref: 00081F32
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00081F6A
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 000820AE
                                                                                                          • _memset.LIBCMT ref: 00082117
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString$_memset
                                                                                                          • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                          • API String ID: 2104537286-3037633208
                                                                                                          • Opcode ID: 655cf2188fefe808c83c89c71a307bef97a8148afa1b7095d5d7e71e90c8c214
                                                                                                          • Instruction ID: 07b01c2f0e938514a51635226aa009e1e4de6c48f4c4e0f26a9c1e6b4e927b2d
                                                                                                          • Opcode Fuzzy Hash: 655cf2188fefe808c83c89c71a307bef97a8148afa1b7095d5d7e71e90c8c214
                                                                                                          • Instruction Fuzzy Hash: A7B1A231904606ABDF61EF54CC85F9A77F6BF44720F208654FAA59B2D2DB74E841CB04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B5EC Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 166registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007D1A8: _memset.LIBCMT ref: 0007D1D3
                                                                                                            • Part of subcall function 0007D1A8: GetVersionExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,000623E1,00000001,?,?,?,?), ref: 0007D1F5
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00000001,00020006,00000002,?,00020006,00000000,?,00000000,00020006), ref: 0004B7ED
                                                                                                            • Part of subcall function 0007929F: RegSetValueExW.ADVAPI32(?,00000000,00000000,00000004,00020006,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0004B63C,00000005,Resume,?,?,00020006,00000000,?), ref: 000792B4
                                                                                                          Strings
                                                                                                          • Failed to format resume command line for RunOnce., xrefs: 0004B6A8
                                                                                                          • Failed to write resume command line value., xrefs: 0004B70C
                                                                                                          • Resume, xrefs: 0004B631
                                                                                                          • BundleResumeCommandLine, xrefs: 0004B6F7, 0004B789
                                                                                                          • Failed to delete run key value., xrefs: 0004B77C
                                                                                                          • Failed to write Resume value., xrefs: 0004B642
                                                                                                          • registration.cpp, xrefs: 0004B772, 0004B7BF
                                                                                                          • Failed to create run key., xrefs: 0004B6CC
                                                                                                          • Installed, xrefs: 0004B654
                                                                                                          • "%ls" /%ls, xrefs: 0004B694
                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 0004B5F9
                                                                                                          • Failed to write Installed value., xrefs: 0004B665
                                                                                                          • Failed to delete resume command line value., xrefs: 0004B7C9
                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 0004B619
                                                                                                          • Failed to write run key value., xrefs: 0004B6EA
                                                                                                          • burn.runonce, xrefs: 0004B689
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseValueVersion_memset
                                                                                                          • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
                                                                                                          • API String ID: 41592886-3140388177
                                                                                                          • Opcode ID: 0c1ee4d5d8718e9e9b5834fb5ef82929d28113d51b5e9fdf56b6d234abd93f0c
                                                                                                          • Instruction ID: feefdc9d819b540ed72c6ed85d8a668d0b2e141fb2180da9499956f36e8d7dee
                                                                                                          • Opcode Fuzzy Hash: 0c1ee4d5d8718e9e9b5834fb5ef82929d28113d51b5e9fdf56b6d234abd93f0c
                                                                                                          • Instruction Fuzzy Hash: 8F5104B2E40725BBDB21AEA48C46BAE7AE4BF00750F014136FE00FA151EB79DD1097D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00059D1C Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 144registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00059C03: LoadBitmapW.USER32(?,00000001), ref: 00059C39
                                                                                                            • Part of subcall function 00059C03: GetLastError.KERNEL32 ref: 00059C45
                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00059D7D
                                                                                                          • RegisterClassW.USER32(?), ref: 00059D91
                                                                                                          • GetLastError.KERNEL32 ref: 00059D9C
                                                                                                          • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 00059EA1
                                                                                                          • DeleteObject.GDI32(00000000), ref: 00059EB0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                          • String ID: ,2$Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                          • API String ID: 164797020-1863713614
                                                                                                          • Opcode ID: 978fbd016b525d5ec019e739c8266526867a6ac02eb1b1e93c5a57ba991e96dc
                                                                                                          • Instruction ID: a2636017893df84116430307e4ebfbabed95b18fd76da9f9dffa9757c4451978
                                                                                                          • Opcode Fuzzy Hash: 978fbd016b525d5ec019e739c8266526867a6ac02eb1b1e93c5a57ba991e96dc
                                                                                                          • Instruction Fuzzy Hash: 6F41AE72900A19FFEB119BE4DD09AAFBBB8FF08342F100125FA05E6160D7759E148BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054119 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 205fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000005,00000000,00000002,08000080,00000000,00000000,00000000,?,?,?,?,?,00000000,?), ref: 0005415C
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00000000), ref: 00054169
                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 0005434B
                                                                                                          Strings
                                                                                                          • Failed to create engine file at path: %ls, xrefs: 0005419A
                                                                                                          • Failed to seek to checksum in exe header., xrefs: 0005424E
                                                                                                          • cache.cpp, xrefs: 0005418D, 00054244, 000542AB, 0005431A
                                                                                                          • Failed to update signature offset., xrefs: 0005426A
                                                                                                          • Failed to seek to beginning of engine file: %ls, xrefs: 000541C2
                                                                                                          • Failed to seek to signature table in exe header., xrefs: 000542B5
                                                                                                          • Failed to zero out original data offset., xrefs: 0005433D
                                                                                                          • Failed to seek to original data in exe burn section header., xrefs: 00054324
                                                                                                          • Failed to copy engine from: %ls to: %ls, xrefs: 000541F1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                          • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cache.cpp
                                                                                                          • API String ID: 2528220319-3092846023
                                                                                                          • Opcode ID: 929836523cae6ac7cb4640484ab90d12180c603e40b55bc8a67941d0fadbb31a
                                                                                                          • Instruction ID: f705e3dc2703087176fe6824c6c9dfccbd2bd4e39be30f3a5461659690151203
                                                                                                          • Opcode Fuzzy Hash: 929836523cae6ac7cb4640484ab90d12180c603e40b55bc8a67941d0fadbb31a
                                                                                                          • Instruction Fuzzy Hash: 68510672E406257BFB11AA748C09FFF36A9EF08711F014125FE04EB192E6658D0097E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00067D03 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 181processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcessId.KERNEL32(74DE8FB0,00000001,00000000), ref: 00067D0F
                                                                                                          • _memset.LIBCMT ref: 00067D29
                                                                                                            • Part of subcall function 00050E4D: UuidCreate.RPCRT4(?), ref: 00050E80
                                                                                                            • Part of subcall function 00050E4D: StringFromGUID2.OLE32(?,?,00000027), ref: 00050E9D
                                                                                                          • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,0005D4C0,?,?,00000000,?,?,?), ref: 00067DF2
                                                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 00067DFC
                                                                                                          • GetProcessId.KERNEL32(0005D4C0,?,?,00000000,?,?,?,?), ref: 00067E34
                                                                                                          • CloseHandle.KERNEL32(00000000,?,000000FF,0005D4C0,?,00067C65,?,?,?,?,?,00000000,?,?,?,?), ref: 00067EB9
                                                                                                          • CloseHandle.KERNEL32(00000000,?,000000FF,0005D4C0,?,00067C65,?,?,?,?,?,00000000,?,?,?,?), ref: 00067EC7
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,000000FF,0005D4C0,?,00067C65,?,?,?,?,?,00000000,?,?,?), ref: 00067EDD
                                                                                                          Strings
                                                                                                          • Failed to wait for embedded process to connect to pipe., xrefs: 00067E55
                                                                                                          • Failed to process messages from embedded message., xrefs: 00067E77
                                                                                                          • Failed to create embedded pipe., xrefs: 00067D94
                                                                                                          • burn.embedded, xrefs: 00067DA5
                                                                                                          • Failed to create embedded pipe name and client token., xrefs: 00067D78
                                                                                                          • embedded.cpp, xrefs: 00067E1D
                                                                                                          • Failed to wait for embedded executable: %ls, xrefs: 00067E9C
                                                                                                          • %ls -%ls %ls %ls %u, xrefs: 00067DAD
                                                                                                          • Failed to create embedded process atpath: %ls, xrefs: 00067E2A
                                                                                                          • Failed to allocate embedded command., xrefs: 00067DC1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandleProcess$Create$CurrentErrorFromLastStringUuid_memset
                                                                                                          • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process atpath: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                          • API String ID: 1312086106-740426173
                                                                                                          • Opcode ID: 9f998f76e50e150a4cf01b88fd9986a06c5d89fd2d57d43adafa014147a572eb
                                                                                                          • Instruction ID: 1589b0e7218e6d2e0ef79823d20824be5002b67bdfce493927e2028e5d3fb1eb
                                                                                                          • Opcode Fuzzy Hash: 9f998f76e50e150a4cf01b88fd9986a06c5d89fd2d57d43adafa014147a572eb
                                                                                                          • Instruction Fuzzy Hash: 25519072D04619BFDF12AFA4CC41EEFBBB9AF08314F104126FA04B6251D7359E459B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00052A87 Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 352synchronizationthreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 000499A7: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00052EFF,000000B8,00000000), ref: 000499B6
                                                                                                            • Part of subcall function 000499A7: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 000499C5
                                                                                                            • Part of subcall function 000499A7: LeaveCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00052EFF,000000B8,00000000), ref: 000499DA
                                                                                                          • CreateThread.KERNEL32(00000000,00000000,0005193C,00000003,00000000,00000000), ref: 00052CF3
                                                                                                          • GetLastError.KERNEL32 ref: 00052D02
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00052D5F
                                                                                                          • ReleaseMutex.KERNEL32(00000000,?,00000000,?,?,00000001,00000000), ref: 00052E51
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00052E5A
                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,?,?,00000001,00000000), ref: 00052E74
                                                                                                            • Part of subcall function 00066DAA: SetThreadExecutionState.KERNEL32(80000001), ref: 00066DAF
                                                                                                          Strings
                                                                                                          • Engine cannot start apply because it is busy with another action., xrefs: 00052AE5
                                                                                                          • Failed to register bundle., xrefs: 00052CAD
                                                                                                          • Failed to create cache thread., xrefs: 00052D30
                                                                                                          • Failed to cache engine to working directory., xrefs: 00052C30
                                                                                                          • UX aborted apply begin., xrefs: 00052B53
                                                                                                          • Failed to set initial apply variables., xrefs: 00052BC1
                                                                                                          • Failed to elevate., xrefs: 00052C53
                                                                                                          • Another per-machine setup is already executing., xrefs: 00052C87
                                                                                                          • Failed while caching, aborting execution., xrefs: 00052D4C
                                                                                                          • core.cpp, xrefs: 00052B49, 00052D26
                                                                                                          • Another per-user setup is already executing., xrefs: 00052B97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$CriticalSectionThread$CompareCreateEnterErrorExchangeExecutionInterlockedLastLeaveMutexReleaseState
                                                                                                          • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp
                                                                                                          • API String ID: 2169948125-1544865161
                                                                                                          • Opcode ID: 8894fa18d817ad7110e312f2044cc595cd972815e185a361d0f78c557a07d3b9
                                                                                                          • Instruction ID: f64a37a44a9242507d2639ca997c584376caeb4e6ed99d007d3e5f7686d290d1
                                                                                                          • Opcode Fuzzy Hash: 8894fa18d817ad7110e312f2044cc595cd972815e185a361d0f78c557a07d3b9
                                                                                                          • Instruction Fuzzy Hash: AEC19E72900215EADF61AF60CC85BEF3BA8BF05312F04417AFD09AE142DB759949CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00064E8B Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,?,00000000,00000000,?,?,?), ref: 00064EF0
                                                                                                          • GetLastError.KERNEL32 ref: 00065060
                                                                                                          • GetExitCodeThread.KERNEL32(?,00000000), ref: 000650A0
                                                                                                          • GetLastError.KERNEL32 ref: 000650AA
                                                                                                          Strings
                                                                                                          • Failed to wait for cache check-point., xrefs: 00065091
                                                                                                          • Cache thread exited unexpectedly., xrefs: 000650EC
                                                                                                          • Failed to execute dependency action., xrefs: 00064FE0
                                                                                                          • Failed to execute MSP package., xrefs: 00064F75
                                                                                                          • Failed to execute MSI package., xrefs: 00064F50
                                                                                                          • Failed to execute EXE package., xrefs: 00064F27
                                                                                                          • Failed to execute compatible package action., xrefs: 0006501D
                                                                                                          • apply.cpp, xrefs: 00065084, 000650CE
                                                                                                          • Failed to execute package provider registration action., xrefs: 00064FC1
                                                                                                          • Invalid execute action., xrefs: 000650FB
                                                                                                          • Failed to execute MSU package., xrefs: 00064FA5
                                                                                                          • Failed to get cache thread exit code., xrefs: 000650DB
                                                                                                          • Failed to load compatible package on per-machine package., xrefs: 00065006
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                          • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                          • API String ID: 3703294532-2662572847
                                                                                                          • Opcode ID: 80de2f128d1cba6e2d2c40f7c069f51d23069c34772978e928d6b06da418e963
                                                                                                          • Instruction ID: 5c96130d747aac19abb49d0a07b6b479067065cddb933fe27689322358fa8640
                                                                                                          • Opcode Fuzzy Hash: 80de2f128d1cba6e2d2c40f7c069f51d23069c34772978e928d6b06da418e963
                                                                                                          • Instruction Fuzzy Hash: 3C719D71A01619EFDB14CFA4CD41ABE7BFAEF04B11F10416AF905EB281D7719E009BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004672A Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 214COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0004679C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16
                                                                                                          • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                          • API String ID: 3613110473-2134270738
                                                                                                          • Opcode ID: 41c00d1d132ba6bc47feb144bb703ccba3d04fd80a1ddb8e3034d7f79037b18b
                                                                                                          • Instruction ID: d004171eb8627fc552c56a52e8f099cea70efccad8886314df2ad7b1c68ddd5b
                                                                                                          • Opcode Fuzzy Hash: 41c00d1d132ba6bc47feb144bb703ccba3d04fd80a1ddb8e3034d7f79037b18b
                                                                                                          • Instruction Fuzzy Hash: BB6119B1D44219B7DF21AA90CC42EEE7778BB05700F644179F904BA142FA77DE10979A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004179C Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 192windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsWindow.USER32(?), ref: 000419A6
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000419B9
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 000419C8
                                                                                                          Strings
                                                                                                          • Failed to check global conditions, xrefs: 0004187D
                                                                                                          • Failed to set action variables., xrefs: 000418F8
                                                                                                          • Failed to set layout directory variable to value provided from command-line., xrefs: 0004193A
                                                                                                          • Failed to open log., xrefs: 000417D5
                                                                                                          • Failed to connect to elevated parent process., xrefs: 00041839
                                                                                                          • Failed while running , xrefs: 0004195E
                                                                                                          • Failed to create the message window., xrefs: 000418CC
                                                                                                          • Failed to query registration., xrefs: 000418E2
                                                                                                          • Failed to initialize internal cache functionality., xrefs: 000417F2
                                                                                                          • Failed to create pipes to connect to elevated parent process., xrefs: 0004181D
                                                                                                          • Failed to set registration variables., xrefs: 00041912
                                                                                                          • WixBundleLayoutDirectory, xrefs: 00041929
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandleMessagePostWindow
                                                                                                          • String ID: Failed to check global conditions$Failed to connect to elevated parent process.$Failed to create pipes to connect to elevated parent process.$Failed to create the message window.$Failed to initialize internal cache functionality.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                          • API String ID: 3586352542-3026528549
                                                                                                          • Opcode ID: a42352a9f41b3576c7a2d580604276a9866feec067ced94ad8dacfaa2086e375
                                                                                                          • Instruction ID: 3e04da676fe9ab83145521481d6503d833da70311d10a99067a50b95be487e6a
                                                                                                          • Opcode Fuzzy Hash: a42352a9f41b3576c7a2d580604276a9866feec067ced94ad8dacfaa2086e375
                                                                                                          • Instruction Fuzzy Hash: 5151F8B1A00A16FBDB269A60CD55BEEB7ACFF00751F000236F904A6141EB71AE94D7D8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000481EC Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 189processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0004820D
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00048236
                                                                                                          • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 00048343
                                                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0004834D
                                                                                                          • WaitForInputIdle.USER32(?,?), ref: 000483A1
                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 000483EC
                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 000483F9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait_memset
                                                                                                          • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                          • API String ID: 1632691311-2737401750
                                                                                                          • Opcode ID: ba1f0ec5106a6b6a4802b8dbfe744d0bc0c756be7ebbeb2667877938c00646bf
                                                                                                          • Instruction ID: 1987cee6dfdd988a9f36d533fc455e8fb614efd9efd31eefc16d384aa1c889a6
                                                                                                          • Opcode Fuzzy Hash: ba1f0ec5106a6b6a4802b8dbfe744d0bc0c756be7ebbeb2667877938c00646bf
                                                                                                          • Instruction Fuzzy Hash: 8B517DB2D0061AFBDF11AFE0CD419EEBBB9BF04701B008575FA18B6111DB759E209B99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00081BE1 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 153stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,?,000820CB,00000001,?), ref: 00081C01
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081C1C
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081C37
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081CA3
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081CC7
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081CEB
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,00000000,000000FF,?,000820CB,00000001,?), ref: 00081D0B
                                                                                                          • lstrlenW.KERNEL32(00000000,?,000820CB,00000001,?), ref: 00081D26
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString$lstrlen
                                                                                                          • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$name$sha1$sha256
                                                                                                          • API String ID: 1657112622-2180710652
                                                                                                          • Opcode ID: 2f5e41a144a089f87ec3a3c6473d53442efe9899e6761373a5b76815d0079fab
                                                                                                          • Instruction ID: 4253bd9d4564cad1452a89f92b55da80cfa12f65e58f2eddb03e2f18ee03e30f
                                                                                                          • Opcode Fuzzy Hash: 2f5e41a144a089f87ec3a3c6473d53442efe9899e6761373a5b76815d0079fab
                                                                                                          • Instruction Fuzzy Hash: E451B531A88712BBDF205F54CC86FA576A9BF15730F204320FAB5AE2D1C7A5E851C791
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B92D Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,0004C841,InstallerVersion,InstallerVersion,00000000,0004C841,InstallerName,InstallerName,00000000,0004C841,Date,InstalledDate,00000000,0004C841,LogonUser), ref: 0004BADB
                                                                                                            • Part of subcall function 000792ED: RegSetValueExW.ADVAPI32(00020006,00000001,00000000,00000001,00000001,00000002,00000001,000000FF,00000002,00000000,?,?,0004B6E4,00000002,?,?), ref: 00079320
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseValue
                                                                                                          • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                          • API String ID: 3132538880-2703781546
                                                                                                          • Opcode ID: b36f4cd24a352ce6996d9d12a9676f49def0a97ed9763c7a398d6bad597bc43c
                                                                                                          • Instruction ID: 78b112b90abc020b703227616acf0bf893904475895f42dcda27b5cd904f0674
                                                                                                          • Opcode Fuzzy Hash: b36f4cd24a352ce6996d9d12a9676f49def0a97ed9763c7a398d6bad597bc43c
                                                                                                          • Instruction Fuzzy Hash: 53418671E40A65B7CF22F694CC06EAE7D75BF00B24F154170FA407A252DBA1DD20A79E
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000677E7 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to copy download source for passthrough pseudo bundle., xrefs: 000679FD
                                                                                                          • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00067A5E
                                                                                                          • Failed to copy install arguments for passthrough bundle package, xrefs: 00067AD9
                                                                                                          • Failed to copy key for passthrough pseudo bundle payload., xrefs: 00067A3D
                                                                                                          • Failed to copy local source path for passthrough pseudo bundle., xrefs: 00067A29
                                                                                                          • Failed to copy related arguments for passthrough bundle package, xrefs: 00067AF6
                                                                                                          • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 00067827
                                                                                                          • Failed to allocate memory for pseudo bundle payload hash., xrefs: 00067A1E
                                                                                                          • pseudobundle.cpp, xrefs: 0006781B, 00067A12, 00067A52
                                                                                                          • Failed to copy key for passthrough pseudo bundle., xrefs: 000679F3
                                                                                                          • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 00067B1D
                                                                                                          • Failed to copy filename for passthrough pseudo bundle., xrefs: 00067A33
                                                                                                          • Failed to recreate command-line arguments., xrefs: 00067ABA
                                                                                                          • Failed to copy cache id for passthrough pseudo bundle., xrefs: 00067A79
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateProcess
                                                                                                          • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                          • API String ID: 1357844191-115096447
                                                                                                          • Opcode ID: b5f96b6ca22eb7cf98c3d7a2fe104c8e34b6b1d8ec0c817ca1eb6bbf5156c747
                                                                                                          • Instruction ID: 3b126c766c6df1dc75d878de4682cc3f5088c4541017a4b4416ae2d6cb2fee01
                                                                                                          • Opcode Fuzzy Hash: b5f96b6ca22eb7cf98c3d7a2fe104c8e34b6b1d8ec0c817ca1eb6bbf5156c747
                                                                                                          • Instruction Fuzzy Hash: 99B16831A04606EFCB12CF68C881F9ABBE6BF48314F118259ED189F362C775E910DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005745C Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 240COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 000575B7
                                                                                                          • Failed to find ordered patch package: %ls, xrefs: 00057627
                                                                                                          • Failed to execute MSP package., xrefs: 000576A4
                                                                                                          • Failed to read variables., xrefs: 0005765B
                                                                                                          • Failed to read parent hwnd., xrefs: 000574E9
                                                                                                          • Failed to read package log., xrefs: 00057511
                                                                                                          • Failed to read UI level., xrefs: 00057549
                                                                                                          • Failed to find package: %ls, xrefs: 000574C8
                                                                                                          • Failed to read ordered patch package id., xrefs: 00057637
                                                                                                          • Failed to read action., xrefs: 000574A6
                                                                                                          • Failed to allocate memory for ordered patches., xrefs: 000575C1
                                                                                                          • Failed to read ordered patch order number., xrefs: 0005763E
                                                                                                          • Failed to read count of ordered patches., xrefs: 00057585
                                                                                                          • Failed to read rollback flag., xrefs: 00057679
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to allocate memory for ordered patches.$Failed to execute MSP package.$Failed to find ordered patch package: %ls$Failed to find package: %ls$Failed to read UI level.$Failed to read action.$Failed to read count of ordered patches.$Failed to read ordered patch order number.$Failed to read ordered patch package id.$Failed to read package log.$Failed to read parent hwnd.$Failed to read rollback flag.$Failed to read variables.$elevation.cpp
                                                                                                          • API String ID: 2102423945-908036492
                                                                                                          • Opcode ID: f60941dc1ef01052ff3a7b675556921b33dd76c64f1b3861cf2b6019a01393a4
                                                                                                          • Instruction ID: 445702deac8a2716c269814dcf8a6e34768ddb0a59e0e7680e62fc98b5a0c4b9
                                                                                                          • Opcode Fuzzy Hash: f60941dc1ef01052ff3a7b675556921b33dd76c64f1b3861cf2b6019a01393a4
                                                                                                          • Instruction Fuzzy Hash: 90717D72D04A2EBBCF22DA94DC41DEF7BBCAB00351F104162FD09B6151DB719E18ABA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068EE3 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 204stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenW.KERNEL32(?,?,00064A29,75C08550,?,?,00000000,?,?,?,00000001,00000000,?), ref: 00068EFE
                                                                                                          Strings
                                                                                                          • bitsengine.cpp, xrefs: 00068F14, 00069007
                                                                                                          • Failed to set credentials for BITS job., xrefs: 00068FAC
                                                                                                          • Failed while waiting for BITS download., xrefs: 000690AF
                                                                                                          • Falied to start BITS job., xrefs: 000690B6
                                                                                                          • Failed to copy download URL., xrefs: 00068F45
                                                                                                          • Failed to set callback interface for BITS job., xrefs: 00069036
                                                                                                          • Failed to initialize BITS job callback., xrefs: 0006901F
                                                                                                          • Failed to complete BITS job., xrefs: 000690A8
                                                                                                          • Failed to download BITS job., xrefs: 00069095
                                                                                                          • Failed to create BITS job., xrefs: 00068F8D
                                                                                                          • Invalid BITS engine URL: %ls, xrefs: 00068F20
                                                                                                          • Failed to create BITS job callback., xrefs: 00069011
                                                                                                          • Failed to add file to BITS job., xrefs: 00068FCB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: lstrlen
                                                                                                          • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                          • API String ID: 1659193697-2382896028
                                                                                                          • Opcode ID: 440800f9aaa2245375787a84fe0eb39c24b848477ed49923156d9fca060a1a8a
                                                                                                          • Instruction ID: c4a2205f55378144b76257ec17ca920b23697481b2277c6266549ab2c7e757b2
                                                                                                          • Opcode Fuzzy Hash: 440800f9aaa2245375787a84fe0eb39c24b848477ed49923156d9fca060a1a8a
                                                                                                          • Instruction Fuzzy Hash: A661EA31A41225EFDF219F94C885DAE7BBAEF04710B118156FD09AF251DB72DD009B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00061AC5 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 150serviceCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,0006200E,?), ref: 00061AFE
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0006200E,?,?,?), ref: 00061B0B
                                                                                                          • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,0006200E,?,?,?), ref: 00061B4B
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0006200E,?,?,?), ref: 00061B57
                                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 00061C54
                                                                                                          • CloseServiceHandle.ADVAPI32(?), ref: 00061C5E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Service$CloseErrorHandleLastOpen$Manager
                                                                                                          • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                          • API String ID: 2257214823-301359130
                                                                                                          • Opcode ID: ffc0c03121bda93009c76729f3d27a09662c8c9ffe7c46c5c561a4bbfc113b61
                                                                                                          • Instruction ID: 090c94c49e1d3399ddc37da0c445dd09689900cf7a6fa02c31098f5a7e9ebd6a
                                                                                                          • Opcode Fuzzy Hash: ffc0c03121bda93009c76729f3d27a09662c8c9ffe7c46c5c561a4bbfc113b61
                                                                                                          • Instruction Fuzzy Hash: 7541C631E40715ABEB109BB98D45EEFB6E9EF48760F054025FD05FB251EB75DC0086A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000571AA Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 243COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 000572D9, 00057361
                                                                                                          • Failed to read variables., xrefs: 000573C7
                                                                                                          • Failed to allocate memory for slipstream patch actions., xrefs: 0005736D
                                                                                                          • Failed to execute MSI package., xrefs: 00057410
                                                                                                          • Failed to read parent hwnd., xrefs: 00057240
                                                                                                          • Failed to allocate memory for feature actions., xrefs: 000572E5
                                                                                                          • Failed to read package log., xrefs: 00057261
                                                                                                          • Failed to read feature action., xrefs: 0005732E
                                                                                                          • Failed to read slipstream action., xrefs: 000573AA
                                                                                                          • Failed to read UI level., xrefs: 00057282
                                                                                                          • Failed to find package: %ls, xrefs: 00057216
                                                                                                          • Failed to read action., xrefs: 000571F4
                                                                                                          • Failed to read rollback flag., xrefs: 000573E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to allocate memory for feature actions.$Failed to allocate memory for slipstream patch actions.$Failed to execute MSI package.$Failed to find package: %ls$Failed to read UI level.$Failed to read action.$Failed to read feature action.$Failed to read package log.$Failed to read parent hwnd.$Failed to read rollback flag.$Failed to read slipstream action.$Failed to read variables.$elevation.cpp
                                                                                                          • API String ID: 2102423945-2584093861
                                                                                                          • Opcode ID: c99d3779dc1456b72f746d1584d5c06216037106e5e6827acf9350ff6436a6c1
                                                                                                          • Instruction ID: 3982f651f5587567818b27fcaf914387284793fad428700f3959a73b0ff4f5bf
                                                                                                          • Opcode Fuzzy Hash: c99d3779dc1456b72f746d1584d5c06216037106e5e6827acf9350ff6436a6c1
                                                                                                          • Instruction Fuzzy Hash: E8819E72D04119BBCF22DE90DC41EEFBBB8AB00351F504166FD09BB251D7359E08ABA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F67B Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 230networkfilememoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000000,000000FF,?,00000000), ref: 0007F6BA
                                                                                                          • GetLastError.KERNEL32 ref: 0007F6C8
                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 0007F709
                                                                                                          • GetLastError.KERNEL32 ref: 0007F716
                                                                                                          • InternetCloseHandle.WININET(?), ref: 0007F7E7
                                                                                                          • InternetCloseHandle.WININET(?), ref: 0007F7F6
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007F8B8
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007F8C3
                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0007F8E5
                                                                                                          • CloseHandle.KERNEL32(?), ref: 0007F8F4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$Internet$ErrorLastVirtual$AllocCreateFileFree
                                                                                                          • String ID: GET$Range: bytes=%I64u-$Range: bytes=%I64u-%I64u$dlutil.cpp
                                                                                                          • API String ID: 424062026-1146475107
                                                                                                          • Opcode ID: 643ea39cc6b7eb20ab1622616f01b7afe9bc60edc36d9d522a03c02272913489
                                                                                                          • Instruction ID: 72ac520cc4f606bbb0aefe30119d07f6b902116fe375c1143b2b830b6ab4a0db
                                                                                                          • Opcode Fuzzy Hash: 643ea39cc6b7eb20ab1622616f01b7afe9bc60edc36d9d522a03c02272913489
                                                                                                          • Instruction Fuzzy Hash: BC816F72E0020AABEF54CFA4CC44BFE77B9BF48750F158225FD19E2250DB7899409B99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B123 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 163COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0004B294
                                                                                                          Strings
                                                                                                          • registration.cpp, xrefs: 0004B1A1
                                                                                                          • Failed to allocate memory for software tag structs., xrefs: 0004B1AB
                                                                                                          • Failed to get @Regid., xrefs: 0004B2DF
                                                                                                          • Failed to get software tag count., xrefs: 0004B170
                                                                                                          • Failed to convert SoftwareTag text to UTF-8, xrefs: 0004B2C9
                                                                                                          • Failed to get next node., xrefs: 0004B2ED
                                                                                                          • Regid, xrefs: 0004B1FD
                                                                                                          • Failed to get SoftwareTag text., xrefs: 0004B2D8
                                                                                                          • Failed to select software tag nodes., xrefs: 0004B153
                                                                                                          • Filename, xrefs: 0004B1E2
                                                                                                          • Failed to get @Filename., xrefs: 0004B2E6
                                                                                                          • SoftwareTag, xrefs: 0004B132
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeString
                                                                                                          • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Regid$SoftwareTag$registration.cpp
                                                                                                          • API String ID: 3341692771-11506941
                                                                                                          • Opcode ID: 69ce6ca21ab2396c758c93900db702cd9790edc04ff06136a62b32da6ddb5e91
                                                                                                          • Instruction ID: 189e841b859f43b1ba2e61a100609da00364a2ec5f24c52efd35516f074a89ce
                                                                                                          • Opcode Fuzzy Hash: 69ce6ca21ab2396c758c93900db702cd9790edc04ff06136a62b32da6ddb5e91
                                                                                                          • Instruction Fuzzy Hash: 2451C5B1E01319ABDB21AF94C992EAEBBB8BF04750F104179FD05EB251CBB1DD008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043307 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 132libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00043335
                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 00043356
                                                                                                          • GetLastError.KERNEL32 ref: 00043360
                                                                                                          • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 000433A3
                                                                                                          • GetLastError.KERNEL32 ref: 000433AD
                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 000434B8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc_memset
                                                                                                          • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                          • API String ID: 3969564325-109962352
                                                                                                          • Opcode ID: 3409628a43dacd371fbb8db26a52030422f7d75179061f0a10bd46d5d3961ad5
                                                                                                          • Instruction ID: 47994c68efb55a30543f27942a3d9a0f42e4f9b21c529ccab61fce71f6854246
                                                                                                          • Opcode Fuzzy Hash: 3409628a43dacd371fbb8db26a52030422f7d75179061f0a10bd46d5d3961ad5
                                                                                                          • Instruction Fuzzy Hash: 4E41E571D40638ABEB61AB65CC45BEAB6F8FF48711F0000A5FD48E6141DB349F84CBA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00081448 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 210COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 000814AA
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 000814CE
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 000814ED
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00081524
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 0008153F
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0008156A
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000815E9
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081635
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$Compare$Free
                                                                                                          • String ID: href$length$rel$title$type
                                                                                                          • API String ID: 318886736-602494426
                                                                                                          • Opcode ID: ed8fc053b18b8c782451bd589c86a1ef5d0beb56ad53ea56e9d4ab2e0f66be01
                                                                                                          • Instruction ID: 6346ec9927396fa28d9dfe97e38e16edda525bc20019b1cb609e768a76a6f710
                                                                                                          • Opcode Fuzzy Hash: ed8fc053b18b8c782451bd589c86a1ef5d0beb56ad53ea56e9d4ab2e0f66be01
                                                                                                          • Instruction Fuzzy Hash: 00716E71900519FBCF11EBA4CC84EEEBBB8FF04321F244265E5A5A71A1D7319E51DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046964 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 140registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0004699C
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000469E3
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000000B8,00000100,00000000,000000B8), ref: 00046AE1
                                                                                                          Strings
                                                                                                          • Failed to format value string., xrefs: 000469EE
                                                                                                          • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00046A57
                                                                                                          • Failed to query registry key value., xrefs: 00046A42
                                                                                                          • Failed to set variable., xrefs: 00046A9C
                                                                                                          • Failed to open registry key. Key = '%ls', xrefs: 00046AA3
                                                                                                          • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 00046AB9
                                                                                                          • Failed to format key string., xrefs: 000469A7
                                                                                                          • Registry key not found. Key = '%ls', xrefs: 00046A73
                                                                                                          • search.cpp, xrefs: 00046A38
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16$Close
                                                                                                          • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                          • API String ID: 2348241696-46557908
                                                                                                          • Opcode ID: e73257281b1baa11e0ff5d16c2738e1695342acfb527103aa2b3ccec44170d15
                                                                                                          • Instruction ID: 3b4cd6665ba075220b113f32d95e5e63250d12f0265a7deec1e3a6b35a4961c3
                                                                                                          • Opcode Fuzzy Hash: e73257281b1baa11e0ff5d16c2738e1695342acfb527103aa2b3ccec44170d15
                                                                                                          • Instruction Fuzzy Hash: E741EBB2E40614BBDF11AB54CC01BED7AA5EF44700F10C175FD08BA192EB768E109B96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004FCBE Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0004FCE5
                                                                                                          • GetTempPathW.KERNEL32(00000104,?,?,00000000,0000000D), ref: 0004FD12
                                                                                                          • GetLastError.KERNEL32(?,00000000,0000000D), ref: 0004FD1C
                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000001,?,00000104,?,?,00000000,0000000D), ref: 0004FD85
                                                                                                          • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,0000000D), ref: 0004FD8C
                                                                                                          Strings
                                                                                                          • %u\, xrefs: 0004FDA6
                                                                                                          • Failed to get length of session id string., xrefs: 0004FDDE
                                                                                                          • Failed to get length of temp folder., xrefs: 0004FD6B
                                                                                                          • Failed to copy temp folder., xrefs: 0004FE3B
                                                                                                          • Failed to format session id as a string., xrefs: 0004FDBA
                                                                                                          • logging.cpp, xrefs: 0004FD40
                                                                                                          • Failed to get temp folder., xrefs: 0004FD4A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$CurrentErrorLastPathSessionTemp_memset
                                                                                                          • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$logging.cpp
                                                                                                          • API String ID: 1047854834-1016737523
                                                                                                          • Opcode ID: eb2fd341034ade5819d541a38b455baed28f0c4c0888c7ad354158e8af017250
                                                                                                          • Instruction ID: 0c36ffd3fde51a600c137ff625558ebb4b5a2a7e0e6fb0a38c12580a8007ca34
                                                                                                          • Opcode Fuzzy Hash: eb2fd341034ade5819d541a38b455baed28f0c4c0888c7ad354158e8af017250
                                                                                                          • Instruction Fuzzy Hash: 7941AAB2D8063EABDB21AB509C49BEE77BCBF14711F1002B5F908B7152DA749E408BD4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00077319 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 123COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 0007735D
                                                                                                          • _memset.LIBCMT ref: 00077375
                                                                                                          • GetComputerNameW.KERNEL32(?,?), ref: 000773B5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Name$ComputerFileModule_memset
                                                                                                          • String ID: --- logging level: %hs ---$4$<$=== Logging started: %ls ===$Computer : %ls$D$Executable: %ls v%d.%d.%d.%d$P$X$`
                                                                                                          • API String ID: 1941974936-1904972896
                                                                                                          • Opcode ID: 3baa3f49ba6ceca33df3ec49a3b7ccc35af83e7cb523a02b7832bc2cfbd06f49
                                                                                                          • Instruction ID: a3a91efc2ca4780b0f607398476b94eb67e361ddd8962d9a39f7c20d1c580a0a
                                                                                                          • Opcode Fuzzy Hash: 3baa3f49ba6ceca33df3ec49a3b7ccc35af83e7cb523a02b7832bc2cfbd06f49
                                                                                                          • Instruction Fuzzy Hash: 744173B1D04518ABDB20DB54DC95EEA77BCEB45340F4080E9FA0DE3142E7389E849BA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00080103 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 152networkfileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InternetOpenW.WININET(Burn,00000000,00000000,00000000,00000000), ref: 00080154
                                                                                                          • GetLastError.KERNEL32 ref: 00080160
                                                                                                          • InternetSetOptionW.WININET(00000000,00000002,00000000,00000004), ref: 000801C7
                                                                                                          • InternetSetOptionW.WININET(00000000,00000006,00000000,00000004), ref: 000801D2
                                                                                                          • InternetSetOptionW.WININET(00000000,00000005,00000000,00000004), ref: 000801DD
                                                                                                          • DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00080257
                                                                                                          • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00080266
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0008027E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Internet$Option$CloseHandle$DeleteErrorFileLastOpen
                                                                                                          • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                          • API String ID: 2553576872-1704223933
                                                                                                          • Opcode ID: e663afd9fd4437434af8c3ef25c7bc3bd942dd7ced0717aa380c4e1f6637c041
                                                                                                          • Instruction ID: 6bfbc9ccc006c1b520db552e0b9536688a49247908314ec9a676b68b304c8568
                                                                                                          • Opcode Fuzzy Hash: e663afd9fd4437434af8c3ef25c7bc3bd942dd7ced0717aa380c4e1f6637c041
                                                                                                          • Instruction Fuzzy Hash: 92515872D00219BADF52AFA4CC45EFEBBB9FF08710F104265FA14E6150E7758A159BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005660C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0005665A
                                                                                                          • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 00056699
                                                                                                          • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 000566B3
                                                                                                          • WTHelperProvDataFromStateData.WINTRUST(00000000,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 000566FB
                                                                                                          • GetLastError.KERNEL32(00000000,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 00056704
                                                                                                          • WTHelperGetProvSignerFromChain.WINTRUST(00000000,00000000,00000000,00000000,00000000,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 0005673F
                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00000000,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 00056748
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 000566DA, 00056728, 0005676C
                                                                                                          • Failed to get provider state from authenticode certificate., xrefs: 00056732
                                                                                                          • Failed to get signer chain from authenticode certificate., xrefs: 00056776
                                                                                                          • Failed authenticode verification of payload: %ls, xrefs: 000566E5
                                                                                                          • Failed to verify expected payload against actual certificate chain., xrefs: 0005678E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DataErrorFromHelperLastProvTrustVerify$ChainSignerState_memset
                                                                                                          • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                                                          • API String ID: 1406330418-2590768268
                                                                                                          • Opcode ID: c08fb1703751cedcd5252291078fd11b7885ca908a85aec5523e325029b6cfa7
                                                                                                          • Instruction ID: b16cc999bdf85d836af7c20bcec78433d1b5283549257d09617a7c37dd677e2d
                                                                                                          • Opcode Fuzzy Hash: c08fb1703751cedcd5252291078fd11b7885ca908a85aec5523e325029b6cfa7
                                                                                                          • Instruction Fuzzy Hash: BC41B371D40628ABEB119FA8CC45AEFBBF8EF08750F01422AFD05F7291D77599048BA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00055195 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,000562C7,?,00000000,?,?,00000000), ref: 000551B0
                                                                                                          • GetLastError.KERNEL32(?,000562C7,?,00000000,?,?,00000000,?,00000000,?,00000000,00000000,?,00056E63,?,?), ref: 000551C0
                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000001,00000003,000007D0,?,?,00000000,?), ref: 000552CA
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 000551E4
                                                                                                          • %ls payload from working path '%ls' to path '%ls', xrefs: 00055275
                                                                                                          • Failed to move %ls to %ls, xrefs: 000552A2
                                                                                                          • Failed to open payload in working path: %ls, xrefs: 000551EF
                                                                                                          • Failed to copy %ls to %ls, xrefs: 000552B8
                                                                                                          • Failed to verify payload signature: %ls, xrefs: 0005522A
                                                                                                          • Moving, xrefs: 0005526C, 00055274
                                                                                                          • Copying, xrefs: 0005525F
                                                                                                          • Failed to verify payload hash: %ls, xrefs: 0005524C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                          • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                          • API String ID: 2528220319-1604654059
                                                                                                          • Opcode ID: 895996540090b045a9678daee157f152d1d2424283b19aa1278430994544048c
                                                                                                          • Instruction ID: c92815b192c6a98fc8fb9aa7d52143acb0cbebed2d2498db325eb01d27e6c932
                                                                                                          • Opcode Fuzzy Hash: 895996540090b045a9678daee157f152d1d2424283b19aa1278430994544048c
                                                                                                          • Instruction Fuzzy Hash: FB31D871E41B347BEB212A158C16FAF2A6CEF42B63F014115FD08BB292E6659C1097E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000437D7 Relevance: 19.6, APIs: 2, Strings: 11, Instructions: 150COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000001,000000B8,00000000,00000100,00000000,00000001), ref: 000437E8
                                                                                                            • Part of subcall function 0004210F: CompareStringW.KERNELBASE(0000007F,00001000,00000100,000000FF,?,000000FF,00000000,00000000,00000000,?,?,?,000427EC,00000000,00000100,00000000), ref: 0004214B
                                                                                                            • Part of subcall function 0004210F: GetLastError.KERNEL32(?,?,?,000427EC,00000000,00000100,00000000,00000000,00000000,?,?,00043D08,00000000,00000100,00000000), ref: 00042174
                                                                                                          • LeaveCriticalSection.KERNEL32(00000001,00000001,?), ref: 00043947
                                                                                                          Strings
                                                                                                          • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 000438D5
                                                                                                          • Setting string variable '%ls' to value '%ls', xrefs: 000438F8
                                                                                                          • Attempt to set built-in variable value: %ls, xrefs: 00043864
                                                                                                          • Failed to set value of variable: %ls, xrefs: 00043938
                                                                                                          • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00043959
                                                                                                          • Failed to insert variable '%ls'., xrefs: 00043824
                                                                                                          • variable.cpp, xrefs: 00043859
                                                                                                          • Failed to find variable value '%ls'., xrefs: 00043803
                                                                                                          • Setting hidden variable '%ls', xrefs: 00043896
                                                                                                          • Setting numeric variable '%ls' to value %lld, xrefs: 0004390F
                                                                                                          • Unsetting variable '%ls', xrefs: 000438EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                          • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                          • API String ID: 2716280545-445000439
                                                                                                          • Opcode ID: 11a006c5df5f50cd288ea16c32f0a9b48c03df8967926dd0512f07cd10a69b14
                                                                                                          • Instruction ID: d1870fee102950e62b1a71bd94f90f3a36526e18838f4bec3274451c4c079d44
                                                                                                          • Opcode Fuzzy Hash: 11a006c5df5f50cd288ea16c32f0a9b48c03df8967926dd0512f07cd10a69b14
                                                                                                          • Instruction Fuzzy Hash: 1E41EBF1A44255B7DB34AA05CC4AF6B77A8EB50700F20503DF948AA2C2DAB5DF40CBE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004F0BB Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 305COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to create string array from ancestors., xrefs: 0004F0F9
                                                                                                          • UX aborted plan related bundle., xrefs: 0004F3FA
                                                                                                          • Failed to copy ancestors and self to related bundle ancestors., xrefs: 0004F1D5
                                                                                                          • Failed to lookup the bundle ID in the ancestors dictionary., xrefs: 0004F3C3
                                                                                                          • Failed to copy self to related bundle ancestors., xrefs: 0004F401
                                                                                                          • Failed to add the package provider key "%ls" to the planned list., xrefs: 0004F3DA
                                                                                                          • Unexpected relation type encountered during plan: %d, xrefs: 0004F3D1
                                                                                                          • %ls;%ls, xrefs: 0004F1BD
                                                                                                          • Failed to create dictionary from ancestors array., xrefs: 0004F11A
                                                                                                          • plan.cpp, xrefs: 0004F3F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _wcstok_s
                                                                                                          • String ID: %ls;%ls$Failed to add the package provider key "%ls" to the planned list.$Failed to copy ancestors and self to related bundle ancestors.$Failed to copy self to related bundle ancestors.$Failed to create dictionary from ancestors array.$Failed to create string array from ancestors.$Failed to lookup the bundle ID in the ancestors dictionary.$UX aborted plan related bundle.$Unexpected relation type encountered during plan: %d$plan.cpp
                                                                                                          • API String ID: 86363921-489706565
                                                                                                          • Opcode ID: 3785d8edf6241e77328cd5278c3f64c914d86a3e0e03a3955ff7f83253970159
                                                                                                          • Instruction ID: bfaba81c30ff9ca93b16b7ab3067e22ae8032547fa36e9a4bcb82491cb92c84f
                                                                                                          • Opcode Fuzzy Hash: 3785d8edf6241e77328cd5278c3f64c914d86a3e0e03a3955ff7f83253970159
                                                                                                          • Instruction Fuzzy Hash: 6EB1CCB0900617EFDB21DF64C841ABEB7B5FF48311F108176E904AB251DB71AA51CBA9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00056FA4 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 194COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to read the list of ancestors., xrefs: 0005706E
                                                                                                          • Failed to find package: %ls, xrefs: 000570C7
                                                                                                          • Failed to read action., xrefs: 00057011
                                                                                                          • Failed to allocate the list of ancestors., xrefs: 0005711A
                                                                                                          • Failed to read variables., xrefs: 0005708C
                                                                                                          • Failed to read rollback., xrefs: 00057030
                                                                                                          • Failed to read the list of dependencies to ignore., xrefs: 0005704F
                                                                                                          • Failed to allocate the list of dependencies to ignore., xrefs: 000570F6
                                                                                                          • Failed to execute EXE package., xrefs: 00057142
                                                                                                          • Failed to read exe package., xrefs: 00056FF2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to execute EXE package.$Failed to find package: %ls$Failed to read action.$Failed to read exe package.$Failed to read rollback.$Failed to read the list of ancestors.$Failed to read the list of dependencies to ignore.$Failed to read variables.
                                                                                                          • API String ID: 2102423945-3515908195
                                                                                                          • Opcode ID: f09d63fb1ccdb4d377b1f5ef4cdfb92fb265747b159168839d33808bcb51c858
                                                                                                          • Instruction ID: cc74c3b988de5adf9316a9cb5e5a8d5f124768127e887c8158e3a5fdd5c2a765
                                                                                                          • Opcode Fuzzy Hash: f09d63fb1ccdb4d377b1f5ef4cdfb92fb265747b159168839d33808bcb51c858
                                                                                                          • Instruction Fuzzy Hash: 5F517F72D0462ABACF229A94DC41DEF7BBCEB04741F004166FE08B7151DA359E08A7A5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007FB38 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 159networkstringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InternetCloseHandle.WININET(?), ref: 0007FB60
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007FB70
                                                                                                          • InternetConnectW.WININET(00000000,000801FA,00000000,?,?,00000003,00000000,00000000), ref: 0007FBCE
                                                                                                          • lstrlenW.KERNEL32(?), ref: 0007FBF6
                                                                                                          • InternetSetOptionW.WININET(00000000,0000002B,?,00000000), ref: 0007FC07
                                                                                                          • lstrlenW.KERNEL32(?), ref: 0007FC0E
                                                                                                          • InternetSetOptionW.WININET(00000000,0000002C,?,00000000), ref: 0007FC19
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007FCAC
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007FCB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Internet$CloseHandle$Optionlstrlen$Connect
                                                                                                          • String ID: dlutil.cpp
                                                                                                          • API String ID: 1145286777-2067379296
                                                                                                          • Opcode ID: cd4268abd9e83642c542e6dbab2d6b672f092262f5772a39129f98e6e668cd3a
                                                                                                          • Instruction ID: 5a7e8edc32678a16ef59fd68642704fda0a4fdb93eeaf25914d235bf13727350
                                                                                                          • Opcode Fuzzy Hash: cd4268abd9e83642c542e6dbab2d6b672f092262f5772a39129f98e6e668cd3a
                                                                                                          • Instruction Fuzzy Hash: 2A51B172D0061AABDB229FA4CD849BFB7F9FF48750B118024FD08A7210D779DD509BA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042CCF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastVersion_memset
                                                                                                          • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 2058586872-1971907631
                                                                                                          • Opcode ID: aa1b68ab4709036eed44e8f3005c186f825e5bcc349a1e34fcd53b6cc3acb039
                                                                                                          • Instruction ID: 8c3967b3ab53f6a52a2c300b139ee40c92fc4e31002555aa1edba74fee2fa2bb
                                                                                                          • Opcode Fuzzy Hash: aa1b68ab4709036eed44e8f3005c186f825e5bcc349a1e34fcd53b6cc3acb039
                                                                                                          • Instruction Fuzzy Hash: 1241BBB1F00228B6E7309A769C09FFF7AACEF89750F400176B545E7181D6748D518AA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A990 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 0005A9AD
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0005AADA
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005AABB
                                                                                                          • Engine is active, cannot change engine state., xrefs: 0005A9C8
                                                                                                          • Failed to copy the id., xrefs: 0005AA3F
                                                                                                          • Failed to post launch approved exe message., xrefs: 0005AAC5
                                                                                                          • UX requested unknown approved exe with id: %ls, xrefs: 0005AA0D
                                                                                                          • Failed to copy the arguments., xrefs: 0005AA6C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                          • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                          • API String ID: 1367039788-528931743
                                                                                                          • Opcode ID: db3f3952cd53d33a5ab14849d68e594e48529f7490548ec07b788323b7e96fef
                                                                                                          • Instruction ID: 25da81efb0685d96091868141bc86cd2cdb0245478efaea43e21878feb75a9e9
                                                                                                          • Opcode Fuzzy Hash: db3f3952cd53d33a5ab14849d68e594e48529f7490548ec07b788323b7e96fef
                                                                                                          • Instruction Fuzzy Hash: 7831E332B40625AFDB119F24DD05EAB3798EF01761B018221FD09EB252EB74DD00C7D6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005507F Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00056258,?,00000000,?,?,00000000), ref: 0005509A
                                                                                                          • GetLastError.KERNEL32(?,00056258,?,00000000,?,?,00000000,00000000,00000000,?,00000000,00000000,?,00056E44,?,?), ref: 000550A8
                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000001,00000003,000007D0,?,?,00000000,?), ref: 00055187
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                          • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                          • API String ID: 2528220319-1187406825
                                                                                                          • Opcode ID: 7086572e17b794596cb2c26d2ba250a0cda21dd1997c5e7978053e1126844ac4
                                                                                                          • Instruction ID: 515834e67c77589a38c9172286db89aac1d8336e20e467f51cadce40fb7603d2
                                                                                                          • Opcode Fuzzy Hash: 7086572e17b794596cb2c26d2ba250a0cda21dd1997c5e7978053e1126844ac4
                                                                                                          • Instruction Fuzzy Hash: 71213A72E40F247FEB3129248C06FAB3A6CDF41B62F114115FE08BA2C2D6A59C11D6E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00044745 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000001,00000001,?,00000001,00000000), ref: 00044761
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00044956
                                                                                                          Strings
                                                                                                          • Failed to write variable value as string., xrefs: 00044920
                                                                                                          • Failed to get string, xrefs: 00044927
                                                                                                          • Unsupported variable type., xrefs: 00044919
                                                                                                          • Failed to write variable value type., xrefs: 00044935
                                                                                                          • Failed to get version, xrefs: 0004490D
                                                                                                          • Failed to write variable value as number., xrefs: 00044906
                                                                                                          • Failed to get numeric, xrefs: 0004492E
                                                                                                          • Failed to write variable name., xrefs: 0004493C
                                                                                                          • Failed to write variable count., xrefs: 0004477B
                                                                                                          • Failed to write included flag., xrefs: 00044943
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to get numeric$Failed to get string$Failed to get version$Failed to write included flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.
                                                                                                          • API String ID: 3168844106-272591488
                                                                                                          • Opcode ID: da7645f92c55c52f7cc0481c3dfc7c42995b78f4aabc87c49a065f53ec3ff827
                                                                                                          • Instruction ID: 75bff7600002c64612dea5c0746bb0a77bdb61587b6e284d705eab2162df9a51
                                                                                                          • Opcode Fuzzy Hash: da7645f92c55c52f7cc0481c3dfc7c42995b78f4aabc87c49a065f53ec3ff827
                                                                                                          • Instruction Fuzzy Hash: 5961A072C04A1AEBCF22DE94C800BAF7BA5FF04311F118166F915BB151DB329D51AB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007DBDF Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 220fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000005,?,00000003,08000080), ref: 0007DC05
                                                                                                          • GetLastError.KERNEL32(?,80000000,00000005,?,00000003,08000080), ref: 0007DC1B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateErrorFileLast
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 1214770103-2967768451
                                                                                                          • Opcode ID: 7e72180f24596fba36740992850dfcbd442f65d22a4fd5727f611e5dd9d3fd71
                                                                                                          • Instruction ID: 120d313b52f00b5cd1612967205f1a17b85e24775463902c54f543aacbc53421
                                                                                                          • Opcode Fuzzy Hash: 7e72180f24596fba36740992850dfcbd442f65d22a4fd5727f611e5dd9d3fd71
                                                                                                          • Instruction Fuzzy Hash: 7A61C331E40616EBEB329E688C44BAE76F9EF44750F11812AFD59EB280D67DDC00969C
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00077F3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 198sleepfiletimeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00077F89
                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 00077FD4
                                                                                                          • GetLastError.KERNEL32 ref: 00077FDE
                                                                                                          • GetLocalTime.KERNEL32(?,?,?,?,00000000,?), ref: 00078079
                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00078107
                                                                                                          • GetLastError.KERNEL32 ref: 00078114
                                                                                                          • Sleep.KERNEL32(00000064), ref: 00078126
                                                                                                          • CloseHandle.KERNEL32(?), ref: 00078186
                                                                                                          Strings
                                                                                                          • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 000780D7
                                                                                                          • pathutil.cpp, xrefs: 00078002
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime_memset
                                                                                                          • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                          • API String ID: 820914711-1101990113
                                                                                                          • Opcode ID: f0d17152ebf7e456a9dd386bab6df1d00abc412a5d8e002acc11c0ee1897eec9
                                                                                                          • Instruction ID: b7a2832651a6168c40c8a5d5f376fb0a0d9fb2944c1c888cecd2ff689c0d50aa
                                                                                                          • Opcode Fuzzy Hash: f0d17152ebf7e456a9dd386bab6df1d00abc412a5d8e002acc11c0ee1897eec9
                                                                                                          • Instruction Fuzzy Hash: C8718771D41629ABDB609BA4DC4DBEEB3F8AB09710F4081A5F908E7191DB389D81CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054907 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0005492E
                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 00054A53
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 000549FE
                                                                                                          • Failed to allocate access for Administrators group to path: %ls, xrefs: 0005495A
                                                                                                          • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 0005497B
                                                                                                          • Failed to allocate access for Users group to path: %ls, xrefs: 000549BD
                                                                                                          • Failed to create ACL to secure cache path: %ls, xrefs: 00054A09
                                                                                                          • Failed to allocate access for Everyone group to path: %ls, xrefs: 0005499C
                                                                                                          • Failed to secure cache path: %ls, xrefs: 00054A36
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeLocal_memset
                                                                                                          • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                          • API String ID: 3302596199-4113288589
                                                                                                          • Opcode ID: f574587f76b8263fcc648ec63cf4957e43af696c0f29af109638f73cb18693e8
                                                                                                          • Instruction ID: cdedd5dad72a89e8732e64e1b2f94202ea087adb67837d7e767c7b55944465f2
                                                                                                          • Opcode Fuzzy Hash: f574587f76b8263fcc648ec63cf4957e43af696c0f29af109638f73cb18693e8
                                                                                                          • Instruction Fuzzy Hash: 95410A32E81229BBEB319A508C05FEB76ACEF40715F014165BE04FB182EA615D88D7D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00050E4D Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • UuidCreate.RPCRT4(?), ref: 00050E80
                                                                                                          • StringFromGUID2.OLE32(?,?,00000027), ref: 00050E9D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFromStringUuid
                                                                                                          • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                          • API String ID: 4041566446-2510341293
                                                                                                          • Opcode ID: eeba6f1435e6b7228bf840623a65336cd11cc78cb5701684da46fd128902de13
                                                                                                          • Instruction ID: acaefd3780c9af26229056cfe03585ffce88b006e52cbdbef26c5b4c0d45394d
                                                                                                          • Opcode Fuzzy Hash: eeba6f1435e6b7228bf840623a65336cd11cc78cb5701684da46fd128902de13
                                                                                                          • Instruction Fuzzy Hash: 18415E72D40308EBDB21EAE4CC45EDFB7F8AB45711F214226ED09BB241D6749A09CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042A5F Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 105timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemTime.KERNEL32(?), ref: 00042A8A
                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00042A9E
                                                                                                          • GetLastError.KERNEL32 ref: 00042AB0
                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 00042B03
                                                                                                          • GetLastError.KERNEL32 ref: 00042B0D
                                                                                                          Strings
                                                                                                          • Failed to allocate the buffer for the Date., xrefs: 00042AEB
                                                                                                          • Failed to get the required buffer length for the Date., xrefs: 00042AD4
                                                                                                          • variable.cpp, xrefs: 00042ACA, 00042B27
                                                                                                          • Failed to set variant value., xrefs: 00042B4A
                                                                                                          • Failed to get the Date., xrefs: 00042B31
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DateErrorFormatLast$SystemTime
                                                                                                          • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 2700948981-3682088697
                                                                                                          • Opcode ID: 0e9e1d3902e622a8e1a39b33620f2f4f6c9fddafd92eacc9d493f6170cad1793
                                                                                                          • Instruction ID: 57f11aebfd09f9aaf179e10e1f0de8e8788b60007998bec483cd7cabf9e01cf0
                                                                                                          • Opcode Fuzzy Hash: 0e9e1d3902e622a8e1a39b33620f2f4f6c9fddafd92eacc9d493f6170cad1793
                                                                                                          • Instruction Fuzzy Hash: 5A31C472F40619BBDB21AAA8CC45FEFBBA8EB44710F114035FA44B7151EB659C0487E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00059F97 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 00059FB8
                                                                                                          • GetLastError.KERNEL32 ref: 00059FC5
                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00059D1C,?,00000000,?), ref: 0005A01C
                                                                                                          • GetLastError.KERNEL32 ref: 0005A029
                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 0005A06C
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0005A080
                                                                                                          • CloseHandle.KERNEL32(?), ref: 0005A08D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                          • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                          • API String ID: 2351989216-1977201954
                                                                                                          • Opcode ID: e1fcfe3a55408336b2be229f241abff7e73d7c237fc1d840e146467756e08d91
                                                                                                          • Instruction ID: 1495f705f290d15bd8211408db979dab0af287ca8f04882afa7b616bfc6d5a01
                                                                                                          • Opcode Fuzzy Hash: e1fcfe3a55408336b2be229f241abff7e73d7c237fc1d840e146467756e08d91
                                                                                                          • Instruction Fuzzy Hash: A5319175D00619BFEB109FA9CC04AAFBBF8FF85711F10422AFD14F6190E6744A008BA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042FD9 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 93COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00042FFF
                                                                                                          • GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 0004301A
                                                                                                          • GetLastError.KERNEL32 ref: 00043028
                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00043069
                                                                                                          • GetLastError.KERNEL32 ref: 00043073
                                                                                                          Strings
                                                                                                          • Failed to get 64-bit system folder., xrefs: 000430A1
                                                                                                          • Failed to get 32-bit system folder., xrefs: 00043062
                                                                                                          • variable.cpp, xrefs: 00043058, 00043097
                                                                                                          • Failed to backslash terminate system folder., xrefs: 000430C5
                                                                                                          • Failed to set system folder variant value., xrefs: 000430E1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryErrorLastSystem$Wow64_memset
                                                                                                          • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                          • API String ID: 3186313095-1590374846
                                                                                                          • Opcode ID: eb6a3def4a92807037cdf07bc3ba3c37233f2c539b5df3339c4109feb5c502c9
                                                                                                          • Instruction ID: 1ebfc35c5689925ae95ab0bd351783f3c38536e8d289bf388733d76af8222c83
                                                                                                          • Opcode Fuzzy Hash: eb6a3def4a92807037cdf07bc3ba3c37233f2c539b5df3339c4109feb5c502c9
                                                                                                          • Instruction Fuzzy Hash: 40212B71F44725A7E730A7649C1AB9B37D8AF00750F114375FD48EB181EA65DE0087E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005CB79 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,0004222A,00000000,000000FF,?,74DF2F60,0004222A,?,00041F6E,00041E2E,00000000,00041EB6,00041EB6,WixBundleElevated,?,?), ref: 0005CBA4
                                                                                                          • GetLastError.KERNEL32 ref: 0005CBB7
                                                                                                          • GetExitCodeThread.KERNEL32(?,?), ref: 0005CC03
                                                                                                          • GetLastError.KERNEL32 ref: 0005CC11
                                                                                                          • ResetEvent.KERNEL32(?), ref: 0005CC4C
                                                                                                          • GetLastError.KERNEL32 ref: 0005CC56
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                          • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                          • API String ID: 2979751695-3400260300
                                                                                                          • Opcode ID: 970ca57cefea1dc48bdc94221a305538c5e07455d78cb4e02285c2129b08789f
                                                                                                          • Instruction ID: a2b53564ae6786ad635bb19dccea36d93298896e2fb6b7e478a187a3d56053d4
                                                                                                          • Opcode Fuzzy Hash: 970ca57cefea1dc48bdc94221a305538c5e07455d78cb4e02285c2129b08789f
                                                                                                          • Instruction Fuzzy Hash: 7531A271A40704AFFF189B758D15ABFBAF8BF04711F10412EF94AD61A0E6749A009F54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000434D3 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast_memset$DirectoryNamePathVolumeWindows
                                                                                                          • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 2690897267-4026719079
                                                                                                          • Opcode ID: 17a6c0479da60bef37d1fff31a47d88be5216cd57e1a263229011cf805119a62
                                                                                                          • Instruction ID: 9c04ec5a0ffa2dbb349144b77cfbaf37f8bf435ae9a08d8eac12a1b7c14e7abf
                                                                                                          • Opcode Fuzzy Hash: 17a6c0479da60bef37d1fff31a47d88be5216cd57e1a263229011cf805119a62
                                                                                                          • Instruction Fuzzy Hash: FC210BB2E4072867E720AA749C09FDB72ECBB41710F014175BD09F7181EA35AE0087E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005CC9F Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetEvent.KERNEL32(2798E857,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?), ref: 0005CCBC
                                                                                                          • GetLastError.KERNEL32(?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?,00041EFA,5050C033,00041EFA), ref: 0005CCC6
                                                                                                          • WaitForSingleObject.KERNEL32(50E87D8B,000000FF,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?,00041EFA), ref: 0005CD00
                                                                                                          • GetLastError.KERNEL32(?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?,00041EFA,5050C033,00041EFA), ref: 0005CD0A
                                                                                                          • CloseHandle.KERNEL32(50E87D8B,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD55
                                                                                                          • CloseHandle.KERNEL32(2798E857,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD64
                                                                                                          • CloseHandle.KERNEL32(F08B0000,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD73
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                          • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                          • API String ID: 1206859064-226982402
                                                                                                          • Opcode ID: 91b2465097c9809388c8762dca6852ef0b0ea25b8a4b2105916edde416e0733e
                                                                                                          • Instruction ID: 5bd053710fe98a291bc280376f0a260aaba441bfe8f0404601ac473f31d61faf
                                                                                                          • Opcode Fuzzy Hash: 91b2465097c9809388c8762dca6852ef0b0ea25b8a4b2105916edde416e0733e
                                                                                                          • Instruction Fuzzy Hash: 5221B132140B00AFF7715B26CC09B53BAF5BB84752F00462DEA8A911A0DBB9A804DF28
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043973 Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 211COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,00000100), ref: 0004399E
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,0000010C,00000100,?), ref: 00043B75
                                                                                                          Strings
                                                                                                          • Failed to read variable value as string., xrefs: 00043B49
                                                                                                          • Failed to read variable value as number., xrefs: 00043B36
                                                                                                          • Unsupported variable type., xrefs: 00043B42
                                                                                                          • Failed to read variable count., xrefs: 000439BE
                                                                                                          • Failed to set variable., xrefs: 00043B50
                                                                                                          • Failed to set variable value., xrefs: 00043B2F
                                                                                                          • Failed to read variable name., xrefs: 00043B5E
                                                                                                          • Failed to read variable value type., xrefs: 00043B57
                                                                                                          • Failed to read variable included flag., xrefs: 00043B65
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                          • API String ID: 3168844106-2109580988
                                                                                                          • Opcode ID: 82c6eb4342aec34595b2f73903e2af62463d0dd0bf0413e25d6c58d04540f830
                                                                                                          • Instruction ID: c966f54dc12cc995abf441978f8d5de283f0bb34448ba5e564ca685d66c2c35a
                                                                                                          • Opcode Fuzzy Hash: 82c6eb4342aec34595b2f73903e2af62463d0dd0bf0413e25d6c58d04540f830
                                                                                                          • Instruction Fuzzy Hash: BF61A0B1C0061EBADF219A94CC06FEEBBB8EB04720F105165FA41BA151DB719E508BE9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00059EC0 Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00059ECB
                                                                                                          • DefWindowProcW.USER32(?,00000082,?,?), ref: 00059F07
                                                                                                          • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00059F14
                                                                                                          • SetWindowLongW.USER32(?,000000EB,?), ref: 00059F23
                                                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 00059F31
                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00059F3D
                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00059F4E
                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00059F70
                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00059F78
                                                                                                          • DeleteDC.GDI32(00000000), ref: 00059F7B
                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00059F89
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                          • String ID:
                                                                                                          • API String ID: 409979828-0
                                                                                                          • Opcode ID: 2df0a7d1cdc4370d5c95228066a8f79f412bf09921b37362f4e8cdef4920b75e
                                                                                                          • Instruction ID: c80da54da7cd21be74859cfffd5a5f2a652023b90c28a97838ae68aab56a2fe2
                                                                                                          • Opcode Fuzzy Hash: 2df0a7d1cdc4370d5c95228066a8f79f412bf09921b37362f4e8cdef4920b75e
                                                                                                          • Instruction Fuzzy Hash: D821A176104204FFEB155FA4DC4CE7B7FA8FF49362B154628FA56D61A0C6758810DB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004ED3F Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 298COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,00000000,?,?,?,?,?,00000001,00000000), ref: 0004EDAC
                                                                                                            • Part of subcall function 00062D1F: _wcstok_s.LIBCMT ref: 00062D76
                                                                                                          Strings
                                                                                                          • Failed to add registration action for dependent related bundle., xrefs: 0004F0B4
                                                                                                          • Failed to check for remaining dependents during planning., xrefs: 0004EF52
                                                                                                          • Failed to add registration action for self dependent., xrefs: 0004F07D
                                                                                                          • Failed to add dependents ignored from command-line., xrefs: 0004EE61
                                                                                                          • Failed to add dependent bundle provider key to ignore dependents., xrefs: 0004EF16
                                                                                                          • Failed to create the string dictionary., xrefs: 0004EDE5
                                                                                                          • Failed to allocate registration action., xrefs: 0004EE15
                                                                                                          • Failed to add self-dependent to ignore dependents., xrefs: 0004EE30
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString_wcstok_s
                                                                                                          • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.
                                                                                                          • API String ID: 3211832249-2086987450
                                                                                                          • Opcode ID: c03143116d84b12aee980309ea895bcdb039d9d39317910f84aae8c1e82ebb17
                                                                                                          • Instruction ID: 3f22c0c07d54e4973f2d40a3e18558b8ae6bd0195a9d270ce93586029f300ccf
                                                                                                          • Opcode Fuzzy Hash: c03143116d84b12aee980309ea895bcdb039d9d39317910f84aae8c1e82ebb17
                                                                                                          • Instruction Fuzzy Hash: 9CB189B0A00616EFDF25AF64C881BAE7BE1BF48740F008179F815AB252D771DA60DBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000781DD Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 205COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00078221
                                                                                                          • GetLastError.KERNEL32 ref: 0007822B
                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00078279
                                                                                                          • GetLastError.KERNEL32 ref: 00078283
                                                                                                          • GetFullPathNameW.KERNEL32(00000000,00000040,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00078340
                                                                                                          • GetLastError.KERNEL32 ref: 0007834A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$EnvironmentExpandStrings$FullNamePath
                                                                                                          • String ID: pathutil.cpp
                                                                                                          • API String ID: 3720696297-741606033
                                                                                                          • Opcode ID: 23b26ba0a954035b18ad18eaf278db8656d33bf0fef0686d14375daf9efc8048
                                                                                                          • Instruction ID: 903fe25b41ae22320defd5aa48b9eb987d4ca46db84a739b2285a4dcab41d3e2
                                                                                                          • Opcode Fuzzy Hash: 23b26ba0a954035b18ad18eaf278db8656d33bf0fef0686d14375daf9efc8048
                                                                                                          • Instruction Fuzzy Hash: 7D61C772E40629ABDF219AA48C4CBEF76E8EF40750F11C165EE09E7150EB7D8E0097D4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008099F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 166COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,74DEDFD0,?,00080F19,?,?), ref: 000809F5
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080A60
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080AD8
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080B1A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$Free$Compare
                                                                                                          • String ID: label$scheme$term
                                                                                                          • API String ID: 1324494773-4117840027
                                                                                                          • Opcode ID: 58bd462711ab0144d88d5566434999e476913f98a7f431a4da8149664a6ed383
                                                                                                          • Instruction ID: 5be3afc81862b1692728f0f40a3ecb2bb7320f6d269f47aa9317df0f4f759cac
                                                                                                          • Opcode Fuzzy Hash: 58bd462711ab0144d88d5566434999e476913f98a7f431a4da8149664a6ed383
                                                                                                          • Instruction Fuzzy Hash: 9E517B31D01219FBDF55EBA4CC94FAEBBB8BF04321F2042A9E451AB2A1D7719E04DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000490B0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 151COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00042306,000000FF,0004222E,00041FEE,00041E2E,00000000,00041EFA,00042306,0004222A,0004222E,00041F6E,0004230A), ref: 0004910C
                                                                                                          Strings
                                                                                                          • Failed to get next stream., xrefs: 00049218
                                                                                                          • Failed to extract file., xrefs: 000491EA
                                                                                                          • Failed to find embedded payload: %ls, xrefs: 00049211
                                                                                                          • Failed to get directory portion of local file path, xrefs: 00049200
                                                                                                          • payload.cpp, xrefs: 0004922A
                                                                                                          • Failed to concat file paths., xrefs: 00049207
                                                                                                          • Payload was not found in container: %ls, xrefs: 00049236
                                                                                                          • Failed to ensure directory exists, xrefs: 000491F1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString
                                                                                                          • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                          • API String ID: 1825529933-1711239286
                                                                                                          • Opcode ID: 7290f91b7957bad50f822b5a11571b30f532143e721d985b1a6e7c489ef90d10
                                                                                                          • Instruction ID: ec05c9f2b7cec4900643e24abc9d024902a7d55dd0cf3b383d3a1559cd72c133
                                                                                                          • Opcode Fuzzy Hash: 7290f91b7957bad50f822b5a11571b30f532143e721d985b1a6e7c489ef90d10
                                                                                                          • Instruction Fuzzy Hash: 1D51E1B1D0022AEFCF21AF84CD859AFBBB4FF40750F1481B6E914AB261D6719D40CB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00064D2F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNEL32(00000002,00000000,00000002,00000000,?,?,?,00000002,00000000,00000000,?,?,000660CC,?,00000001,00000000), ref: 00064DB9
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000002,00000000,00000000,?,?,000660CC,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00064DC3
                                                                                                          • CopyFileExW.KERNEL32(00000002,00000002,00064C14,00000000,00000020,00000000,00000002,00000000,?,?,?,00000002,00000000,00000000), ref: 00064E11
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000002,00000000,00000000,?,?,000660CC,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00064E40
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLast$AttributesCopy
                                                                                                          • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                          • API String ID: 1969131206-836986073
                                                                                                          • Opcode ID: 90572704916dd53ee7c6b48dbb14837fdd34f07c88a5c42e80f0ddd85efbc35a
                                                                                                          • Instruction ID: 76f92bae8414efa08f2ec0e79d131f50af30299285b292edc7c25a42785fec89
                                                                                                          • Opcode Fuzzy Hash: 90572704916dd53ee7c6b48dbb14837fdd34f07c88a5c42e80f0ddd85efbc35a
                                                                                                          • Instruction Fuzzy Hash: F4312271B01A11BBEB209A65CC42EAB73EEFF04B50B008129BD19DB291E735CD1087E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00059C03 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadBitmapW.USER32(?,00000001), ref: 00059C39
                                                                                                          • GetLastError.KERNEL32 ref: 00059C45
                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00059C8C
                                                                                                          • GetCursorPos.USER32(?), ref: 00059CAD
                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00059CBF
                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00059CD5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                          • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                          • API String ID: 2342928100-598475503
                                                                                                          • Opcode ID: ad0c388854ded7de87cd759636888dc0330e2f1fe25c646594d655dd756fd039
                                                                                                          • Instruction ID: 22441fb77fb5bbad79f04c18779da92d42543499912f21277cda06f82058bf88
                                                                                                          • Opcode Fuzzy Hash: ad0c388854ded7de87cd759636888dc0330e2f1fe25c646594d655dd756fd039
                                                                                                          • Instruction Fuzzy Hash: B8311E75A00619AFDB50DFB8DD49A9EBBF4FF08711F148129E904EB245EB74E904CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043BB2 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 99stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to append characters., xrefs: 00043C51
                                                                                                          • Failed to allocate buffer for escaped string., xrefs: 00043BDC
                                                                                                          • Failed to append escape sequence., xrefs: 00043C58
                                                                                                          • Failed to format escape sequence., xrefs: 00043C5F
                                                                                                          • Failed to copy string., xrefs: 00043C79
                                                                                                          • []{}, xrefs: 00043BEF
                                                                                                          • [\%c], xrefs: 00043C24
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _wcscspnlstrlen
                                                                                                          • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                          • API String ID: 2089742776-3250950999
                                                                                                          • Opcode ID: 9e2e4846c6a403bafd77916e9dd0822d0f32bae7580a8ab5f574988722b796a2
                                                                                                          • Instruction ID: dc522aa6bed1ee365c6c990a6f19212f565ddfc5148fedc34d0907da2c8d8e93
                                                                                                          • Opcode Fuzzy Hash: 9e2e4846c6a403bafd77916e9dd0822d0f32bae7580a8ab5f574988722b796a2
                                                                                                          • Instruction Fuzzy Hash: 03214BB2D04229BBDB25A690CD86FEE77A8EF00710F114175F905B7041DB75AF009B9A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005117E Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,?), ref: 00051187
                                                                                                          • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 00051225
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0005123E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$CloseCurrentHandle
                                                                                                          • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                          • API String ID: 2815245435-1352204306
                                                                                                          • Opcode ID: 1c27d840f2ff149bff36d9d4f26ee3918747f2d636cca86efa3c978b57047f27
                                                                                                          • Instruction ID: 1295f03719bc7e3cc738e59cca28a828fd7ebf2d9195426539e8940261700204
                                                                                                          • Opcode Fuzzy Hash: 1c27d840f2ff149bff36d9d4f26ee3918747f2d636cca86efa3c978b57047f27
                                                                                                          • Instruction Fuzzy Hash: E7216B75D00609FFDF01AF94CC459EEBBB8FF04355B1082AAF918A6241DB359E249B94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004323E Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 74libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 00043268
                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 0004326F
                                                                                                          • GetLastError.KERNEL32 ref: 00043279
                                                                                                          Strings
                                                                                                          • Failed to find DllGetVersion entry point in msi.dll., xrefs: 000432A7
                                                                                                          • DllGetVersion, xrefs: 0004325A
                                                                                                          • Failed to get msi.dll version info., xrefs: 000432C1
                                                                                                          • variable.cpp, xrefs: 0004329D
                                                                                                          • Failed to set variant value., xrefs: 000432E5
                                                                                                          • msi, xrefs: 0004325F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressErrorHandleLastModuleProc
                                                                                                          • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                          • API String ID: 4275029093-842451892
                                                                                                          • Opcode ID: e80db14f80972047413e072b37d209fbb212d42f22fee41b280639f1dd2fb0d5
                                                                                                          • Instruction ID: a03cff811b4c255e31d860f91e8f77b96a028124371d7467a279ba81ee3c4bfd
                                                                                                          • Opcode Fuzzy Hash: e80db14f80972047413e072b37d209fbb212d42f22fee41b280639f1dd2fb0d5
                                                                                                          • Instruction Fuzzy Hash: 56112971A407247BE7106BB8DD02ABF76A8FB08710F104125FE45EB181DA75DD0083E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00049B9F Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 61libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryW.KERNEL32(00000000,00000000,?,00041457,?,?,?,?,00000000,?), ref: 00049BAC
                                                                                                          • GetLastError.KERNEL32(?,00041457,?,?,?,?,00000000,?), ref: 00049BB9
                                                                                                          • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 00049BF1
                                                                                                          • GetLastError.KERNEL32(?,00041457,?,?,?,?,00000000,?), ref: 00049BFD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                          • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                          • API String ID: 1866314245-2276003667
                                                                                                          • Opcode ID: 6895cf65d41b788ebd0c6cfd5fbdf76f088a8d4e53ec3d342284012138232081
                                                                                                          • Instruction ID: bcfdc686ecd3ebe8f0cf632cee75e163431d3bb835a8a0852db750f655b8cc30
                                                                                                          • Opcode Fuzzy Hash: 6895cf65d41b788ebd0c6cfd5fbdf76f088a8d4e53ec3d342284012138232081
                                                                                                          • Instruction Fuzzy Hash: E711C672E80B21ABEB257B699D05BAB76D8FF04751B024139FE85E7150EA25DC0087E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005AF70 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0005AF85
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0005B100
                                                                                                          Strings
                                                                                                          • UX requested unknown container with id: %ls, xrefs: 0005B02A
                                                                                                          • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 0005AFF0
                                                                                                          • Failed to set download password., xrefs: 0005B0AE
                                                                                                          • Failed to set download user., xrefs: 0005B088
                                                                                                          • UX did not provide container or payload id., xrefs: 0005B0EF
                                                                                                          • Engine is active, cannot change engine state., xrefs: 0005AF9F
                                                                                                          • UX requested unknown payload with id: %ls, xrefs: 0005AFDA
                                                                                                          • Failed to set download URL., xrefs: 0005B05F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                          • API String ID: 3168844106-2615595102
                                                                                                          • Opcode ID: 5e0106ddf1a4e9699cfdcc322a4968a39efb8b41936eebf039f5a806d3ff352b
                                                                                                          • Instruction ID: fa6c4ba4c5a220fa029ce8b5e53675e23f657eeb12ae3c622450721595d40b89
                                                                                                          • Opcode Fuzzy Hash: 5e0106ddf1a4e9699cfdcc322a4968a39efb8b41936eebf039f5a806d3ff352b
                                                                                                          • Instruction Fuzzy Hash: A8410871A04612FBCF719B64C846AAFB3A8AF00712F148265FC149B2C1EB75FD54D791
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004CF0B Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 171COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to append cache action., xrefs: 0004D06C
                                                                                                          • Failed to append package start action., xrefs: 0004CF8E
                                                                                                          • Failed to append payload cache action., xrefs: 0004D073
                                                                                                          • Failed to create syncpoint event., xrefs: 0004D0C5
                                                                                                          • Failed to append rollback cache action., xrefs: 0004CFBB
                                                                                                          • plan.cpp, xrefs: 0004D0BB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString
                                                                                                          • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                          • API String ID: 1825529933-2489563283
                                                                                                          • Opcode ID: a20d99385560a7a6c750916e86e9030251c85861ace2785358fd7ae16228a35b
                                                                                                          • Instruction ID: 4ac3371e745cdd458acdd14e0ff9cddc7b9188eebfe90891a4ecec1676af1021
                                                                                                          • Opcode Fuzzy Hash: a20d99385560a7a6c750916e86e9030251c85861ace2785358fd7ae16228a35b
                                                                                                          • Instruction Fuzzy Hash: 5E5120B5500604EFDB15DF64C980EAEBBF9FF84310F21806AE9159B212DB35EE42DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008212A Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,000640E2,000000B8,00000001), ref: 00082158
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,000640E2,000000B8,00000001,00000000,000000B8,00000001,000000B8,000002F0), ref: 00082173
                                                                                                          • _qsort_s.LIBCMT ref: 0008226F
                                                                                                            • Part of subcall function 00081D97: _memset.LIBCMT ref: 00082117
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareHeapString$AllocateProcess_memset_qsort_s
                                                                                                          • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                          • API String ID: 1432674729-4206478990
                                                                                                          • Opcode ID: 8eb3bcb9ccc61492105fef5933a487670b735090c1051b90b5d746e9da37e945
                                                                                                          • Instruction ID: bb787338a556e360ec67e60f9d03adde761d18b698f1c25df90ab0d594144476
                                                                                                          • Opcode Fuzzy Hash: 8eb3bcb9ccc61492105fef5933a487670b735090c1051b90b5d746e9da37e945
                                                                                                          • Instruction Fuzzy Hash: C251D031A44601BBDF60AF54CC86F5A77E5BB00720F208614FAA9AF2D2DB75ED40CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000465B9 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 147COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000465DF
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00046604
                                                                                                          Strings
                                                                                                          • Failed to set variable., xrefs: 000466E2
                                                                                                          • Failed to get component path: %d, xrefs: 00046668
                                                                                                          • Failed to format component id string., xrefs: 000465EA
                                                                                                          • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 000466F2
                                                                                                          • Failed to format product code string., xrefs: 0004660F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16
                                                                                                          • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                          • API String ID: 3613110473-1671347822
                                                                                                          • Opcode ID: 1a9768ba34182d606aec00987e91443d358add777c484b04da2953575eaf1778
                                                                                                          • Instruction ID: a0a5df0c7c0c8e14d85f684c3d1e96e15bfe70c561a4fbfa4405ab414a33656d
                                                                                                          • Opcode Fuzzy Hash: 1a9768ba34182d606aec00987e91443d358add777c484b04da2953575eaf1778
                                                                                                          • Instruction Fuzzy Hash: 92413AF1900615BACF21AA948C42BAEB6B8AF02310F254636F514E5192FB339D50DB9F
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000576F0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to read package log., xrefs: 0005775A
                                                                                                          • Failed to find package: %ls, xrefs: 000577D3
                                                                                                          • Failed to read action., xrefs: 00057779
                                                                                                          • Failed to read StopWusaService., xrefs: 000577B4
                                                                                                          • Failed to read rollback., xrefs: 00057798
                                                                                                          • Failed to execute MSU package., xrefs: 00057807
                                                                                                          • Failed to read package id., xrefs: 0005773B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to execute MSU package.$Failed to find package: %ls$Failed to read StopWusaService.$Failed to read action.$Failed to read package id.$Failed to read package log.$Failed to read rollback.
                                                                                                          • API String ID: 2102423945-2413426928
                                                                                                          • Opcode ID: 230dde6874027f5d6c9e1b66929f0af06e8aea70bf3efb522e9fdbbfd7b2bc81
                                                                                                          • Instruction ID: 173f08affa6a2a64514cd7fba7ca3376088432bed552d992591d799660a5fdd8
                                                                                                          • Opcode Fuzzy Hash: 230dde6874027f5d6c9e1b66929f0af06e8aea70bf3efb522e9fdbbfd7b2bc81
                                                                                                          • Instruction Fuzzy Hash: 26419272D4822DBACF22DA90EC45DEF7BBCAB04710F104162FD09B6211DA759A08E7E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000413EF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 128windowthreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PeekMessageW.USER32(?,00000000,00000400,00000400,00000000), ref: 00041414
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0004141A
                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 000414A8
                                                                                                          Strings
                                                                                                          • Unexpected return value from message pump., xrefs: 000414FE
                                                                                                          • Failed to load UX., xrefs: 0004145D
                                                                                                          • Failed to create engine for UX., xrefs: 00041434
                                                                                                          • engine.cpp, xrefs: 000414F4
                                                                                                          • Failed to start bootstrapper application., xrefs: 00041476
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$CurrentPeekThread
                                                                                                          • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp
                                                                                                          • API String ID: 673430819-3216346975
                                                                                                          • Opcode ID: 0d46fae68975da56fe9c19226e3b0f32362a45bd0432a58168938bdbc0d77ce9
                                                                                                          • Instruction ID: 698f77fba1fc8277ef2e11ef273d809c2326a66d50958292f5c9edc9b4acd4f7
                                                                                                          • Opcode Fuzzy Hash: 0d46fae68975da56fe9c19226e3b0f32362a45bd0432a58168938bdbc0d77ce9
                                                                                                          • Instruction Fuzzy Hash: E341A2B1A00615BBDB109BA4CC85EFEB7ACFF44315F104135F915EB181DB34AD4587A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00080876 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,74DEDFD0,000000FF,name,000000FF,74DEDFD0,?,74DEDFD0,?,74DEDFD0), ref: 000808D4
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,email,000000FF), ref: 000808F1
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0008092F
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080976
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$CompareFree
                                                                                                          • String ID: email$name$uri
                                                                                                          • API String ID: 3589242889-1168628755
                                                                                                          • Opcode ID: 0b173f38f7f8417d09c0c40861dffb67cc58d36cb6b6729aa0dfef2c2996018b
                                                                                                          • Instruction ID: f712674505e901d8e2d0c3e5515ead0a4367c69bd599f0b7fcd3f830fd45b0cb
                                                                                                          • Opcode Fuzzy Hash: 0b173f38f7f8417d09c0c40861dffb67cc58d36cb6b6729aa0dfef2c2996018b
                                                                                                          • Instruction Fuzzy Hash: A7415035D01219FBDF91EBA4CC44F9EB7B5BF04721F2042A5E9A0AB2A1D7319E44DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00051568 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,?,00000000,00000000,?,00000000,?,?,00000000), ref: 00051611
                                                                                                          • GetLastError.KERNEL32(?,?,?,000419A3,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 0005161C
                                                                                                          Strings
                                                                                                          • Failed to post terminate message to child process., xrefs: 000515FC
                                                                                                          • Failed to write exit code to message buffer., xrefs: 0005158C
                                                                                                          • Failed to post terminate message to child process cache thread., xrefs: 000515E0
                                                                                                          • Failed to wait for child process exit., xrefs: 0005164A
                                                                                                          • Failed to write restart to message buffer., xrefs: 000515A9
                                                                                                          • pipe.cpp, xrefs: 00051640
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastObjectSingleWait
                                                                                                          • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                          • API String ID: 1211598281-2161881128
                                                                                                          • Opcode ID: aefe211bc161d6727f525148e73750902037e513b102c75e9ba09c39696d7861
                                                                                                          • Instruction ID: ee61ca3df058f0032849a75e341eb8efcd7cdf47064d8e5ff3f28ec487bd9a00
                                                                                                          • Opcode Fuzzy Hash: aefe211bc161d6727f525148e73750902037e513b102c75e9ba09c39696d7861
                                                                                                          • Instruction Fuzzy Hash: CF210332940A29BBDB126AA4CC05FDF77A8FF00322F100362FE05A6181DB359E1497D4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054AE2 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 88fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,?,?,00055A50,00000000,?,00000000,?,?), ref: 00054AFC
                                                                                                          • GetLastError.KERNEL32(?,00055A50,00000000,?,00000000,?,?,?,?,00000000,00000000,00000000,00000000,?), ref: 00054B09
                                                                                                          • CloseHandle.KERNEL32(00000000,?,00055A50,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 00054BD0
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 00054B3F
                                                                                                          • Failed to verify signature of payload: %ls, xrefs: 00054B78
                                                                                                          • Failed to verify catalog signature of payload: %ls, xrefs: 00054B97
                                                                                                          • Failed to verify hash of payload: %ls, xrefs: 00054BBB
                                                                                                          • Failed to open payload at path: %ls, xrefs: 00054B4C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                          • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                          • API String ID: 2528220319-2757871984
                                                                                                          • Opcode ID: cc5228846490017939bb0e7242cd8a416c09bb9e527a0edbebb748f76053466a
                                                                                                          • Instruction ID: ca1db2c1b4a4d6432efca32e47a3f05f83a7a0e5dd725240ca374efd38b8d794
                                                                                                          • Opcode Fuzzy Hash: cc5228846490017939bb0e7242cd8a416c09bb9e527a0edbebb748f76053466a
                                                                                                          • Instruction Fuzzy Hash: DB210832940A36BBFB222A648C85FDB7B69BF0177AF104211FD1466191A736CCA4DAD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004635E Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00046379
                                                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000000B8,00000100,00000000,00000000,?,00046F57,00000100,000000B8,000000B8,?,000000B8), ref: 00046391
                                                                                                          • GetLastError.KERNEL32(?,00046F57,00000100,000000B8,000000B8,?,000000B8,00000100,000000B8,000002C0,00000100), ref: 0004639C
                                                                                                          Strings
                                                                                                          • Failed to set variable., xrefs: 00046421
                                                                                                          • Failed get to file attributes. '%ls', xrefs: 000463DB
                                                                                                          • File search: %ls, did not find path: %ls, xrefs: 000463F0
                                                                                                          • Failed to format variable string., xrefs: 00046384
                                                                                                          • search.cpp, xrefs: 000463CE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                                                          • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                          • API String ID: 1811509786-2053429945
                                                                                                          • Opcode ID: 778f1268f7df6dc40a47b3a2d07eefaaff1e5fa235f15fa191b782062a775ad0
                                                                                                          • Instruction ID: 80d6fe535aab7f5382ad48b4cb1ce5454f70da7d6ed7ee86077cbb4dccf3588f
                                                                                                          • Opcode Fuzzy Hash: 778f1268f7df6dc40a47b3a2d07eefaaff1e5fa235f15fa191b782062a775ad0
                                                                                                          • Instruction Fuzzy Hash: 1E216172940524BBDF113D54CD46FAF7A59EF41350F104161FE08DA192EB23CE1093E6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004273B Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 000427C2
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseOpen
                                                                                                          • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                          • API String ID: 47109696-3209209246
                                                                                                          • Opcode ID: 75b06916a946d504487063b70b73aa872a249dc09bf024ae4986ecd9a9d36c2d
                                                                                                          • Instruction ID: 98d14a9b9331e5aa8bb99fe3432dc6da1d6e441803de8baa2a5e0ab2e2c90f7d
                                                                                                          • Opcode Fuzzy Hash: 75b06916a946d504487063b70b73aa872a249dc09bf024ae4986ecd9a9d36c2d
                                                                                                          • Instruction Fuzzy Hash: 8D014972F48628F7CB126654CC06E8E7BA8EF50760F608172FD0C7A102DAB5DE1097D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005018E Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 223sleepCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0004FC16: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000009,?,?,?,000501A8,00000009,?,00000000,?,?,?,000417CF), ref: 0004FCB2
                                                                                                          • Sleep.KERNEL32(000007D0,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?,?,?,000417CF,?), ref: 0005023D
                                                                                                            • Part of subcall function 0004FCBE: _memset.LIBCMT ref: 0004FCE5
                                                                                                            • Part of subcall function 0004FCBE: GetTempPathW.KERNEL32(00000104,?,?,00000000,0000000D), ref: 0004FD12
                                                                                                            • Part of subcall function 0004FCBE: GetLastError.KERNEL32(?,00000000,0000000D), ref: 0004FD1C
                                                                                                          Strings
                                                                                                          • Failed to copy log extension to extension., xrefs: 0005037F
                                                                                                          • Failed to copy log path to prefix., xrefs: 0005035F
                                                                                                          • Failed to get current directory., xrefs: 00050227
                                                                                                          • Failed to get non-session specific TEMP folder., xrefs: 000502E7
                                                                                                          • log, xrefs: 000501EC
                                                                                                          • Setup, xrefs: 000501F2
                                                                                                          • Failed to open log: %ls, xrefs: 000502B9
                                                                                                          • Failed to copy full log path to prefix., xrefs: 0005039A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseErrorLastPathSleepTemp_memset
                                                                                                          • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$log
                                                                                                          • API String ID: 3892646522-2818506709
                                                                                                          • Opcode ID: 3c64a60c6577bb73cafe8a306fa53ab6a3e4304db95890788bb3af198c43c191
                                                                                                          • Instruction ID: 4fcd2590ae5d4ff1a0c44b697aaba1d042542e1db1461acd42864ae8f6b76327
                                                                                                          • Opcode Fuzzy Hash: 3c64a60c6577bb73cafe8a306fa53ab6a3e4304db95890788bb3af198c43c191
                                                                                                          • Instruction Fuzzy Hash: 5C61C171A00616AFEF229F24C846A6F77E8EF04341B048665FC08DB181E7B5EE5487A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00055C87 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 189COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • WixBundleOriginalSource, xrefs: 00055CE9
                                                                                                          • WixBundleLastUsedSource, xrefs: 00055CCE
                                                                                                          • Failed to get current process directory., xrefs: 00055D44
                                                                                                          • Failed to copy source path., xrefs: 00055E27
                                                                                                          • Failed to combine last source with source., xrefs: 00055D63
                                                                                                          • Failed to get path to current process., xrefs: 00055D28
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Find$CloseFileFirst_memsetlstrlen
                                                                                                          • String ID: Failed to combine last source with source.$Failed to copy source path.$Failed to get current process directory.$Failed to get path to current process.$WixBundleLastUsedSource$WixBundleOriginalSource
                                                                                                          • API String ID: 1284678136-10224182
                                                                                                          • Opcode ID: 5fa1be3148fc2ecfd338e43dc651c8b04df6be6769e3a5d9bd643dbe6e1f472f
                                                                                                          • Instruction ID: 8e415b1176f25b31ca0fae5272a1f704858097ab1ab6263cc0381ccb85f6f6d6
                                                                                                          • Opcode Fuzzy Hash: 5fa1be3148fc2ecfd338e43dc651c8b04df6be6769e3a5d9bd643dbe6e1f472f
                                                                                                          • Instruction Fuzzy Hash: B7517E72D00A19AFCF669FA4CC56AEF7BB5EF08312F104125ED08E6251E7759E44CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000652F3 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?), ref: 000653C0
                                                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 000653CA
                                                                                                          Strings
                                                                                                          • Failed to clear readonly bit on payload destination path: %ls, xrefs: 000653F9
                                                                                                          • :, xrefs: 00065443
                                                                                                          • apply.cpp, xrefs: 000653EE
                                                                                                          • download, xrefs: 0006538A
                                                                                                          • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 000654A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileLast
                                                                                                          • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                          • API String ID: 1799206407-1905830404
                                                                                                          • Opcode ID: 93204cab7e2352f8cbb6c4520f5762ed8815a9f54c3b8ec4a24c9805922b747e
                                                                                                          • Instruction ID: 462de705855ee00e71a50b095e2e7bdf541c76662adfeef17798cd9219d64b95
                                                                                                          • Opcode Fuzzy Hash: 93204cab7e2352f8cbb6c4520f5762ed8815a9f54c3b8ec4a24c9805922b747e
                                                                                                          • Instruction Fuzzy Hash: 8F517E71A00A15AFDF10DFA8CC41AAEB7F6FF04716F108099E905EB251E775DA81CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00080B51 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,74DEDFD0,000000FF,type,000000FF,?,74DEDFD0,74DEDFD0,74DEDFD0), ref: 00080BA7
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080BF2
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080C6E
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00080CBA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$Free$Compare
                                                                                                          • String ID: type$url
                                                                                                          • API String ID: 1324494773-1247773906
                                                                                                          • Opcode ID: 09d65b514c0f742e1b032264f90f0e953822ab7fc066db0381f853d26502f79b
                                                                                                          • Instruction ID: 26b04e8182dc75a0c592edbc90abcbf228bc752ee3d08157ef3773784bc830d9
                                                                                                          • Opcode Fuzzy Hash: 09d65b514c0f742e1b032264f90f0e953822ab7fc066db0381f853d26502f79b
                                                                                                          • Instruction Fuzzy Hash: 88515B75901219FFDF51EFA4C844FAEBBB8BF04321F1442A9E851AB2A1D7319E44DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004C904 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 122registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000000,00000000,?,00020006,00020006,?,?,?), ref: 0004CA08
                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000000,00000000,?,00020006,00020006,?,?,?), ref: 0004CA15
                                                                                                            • Part of subcall function 00078A3F: RegCreateKeyExW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?,?,0004C951,00000000,00000000,00020006), ref: 00078A64
                                                                                                          Strings
                                                                                                          • %ls.RebootRequired, xrefs: 0004C92B
                                                                                                          • Failed to delete registration key: %ls, xrefs: 0004C9B7
                                                                                                          • Failed to write volatile reboot required registry key., xrefs: 0004C955
                                                                                                          • Failed to open registration key., xrefs: 0004CA48
                                                                                                          • Failed to update resume mode., xrefs: 0004C9ED
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Close$Create
                                                                                                          • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                                                                          • API String ID: 359002179-2517785395
                                                                                                          • Opcode ID: dcef4ad2c70fc6558785eadbd19d096d4fb23f026b1c06502ca2f009ea3ff7e0
                                                                                                          • Instruction ID: aa930806771eb0395d702eba1d140d6b3d74b9699aaebf40ba2a44b1e04fe383
                                                                                                          • Opcode Fuzzy Hash: dcef4ad2c70fc6558785eadbd19d096d4fb23f026b1c06502ca2f009ea3ff7e0
                                                                                                          • Instruction Fuzzy Hash: 6641A0B2901619FBDF51AFA0CC45DAEBBB9AF40314B14807EF549A2112DB329E10DB55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004BBBA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,00000000,00000000,00000100,0000010C,?,00000000,?), ref: 0004BCDF
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,00000000,00000000,00000100,0000010C,?,00000000,?), ref: 0004BCEC
                                                                                                          Strings
                                                                                                          • %ls.RebootRequired, xrefs: 0004BBD7
                                                                                                          • Failed to open registration key., xrefs: 0004BC4B
                                                                                                          • Failed to format pending restart registry key to read., xrefs: 0004BBEE
                                                                                                          • Failed to read Resume value., xrefs: 0004BC78
                                                                                                          • Resume, xrefs: 0004BC56
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Close
                                                                                                          • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                          • API String ID: 3535843008-3890505273
                                                                                                          • Opcode ID: 8f04e582b87ccc3559c78de35e45337fa407b0b5cd89c37493a9b04f7a4667ec
                                                                                                          • Instruction ID: 84b31e6253990e6f4e50a24755cddc69f452b7a7936c955df0f84b05a7ade04c
                                                                                                          • Opcode Fuzzy Hash: 8f04e582b87ccc3559c78de35e45337fa407b0b5cd89c37493a9b04f7a4667ec
                                                                                                          • Instruction Fuzzy Hash: 00415CB5900219EFCB219F94C8C1AADBBB5FF04310F118076E918AB251CB75DE50AB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000564BA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                          • API String ID: 0-660234312
                                                                                                          • Opcode ID: 6d2a0258c3e6920dd0a99f8b2b40b10177e9cfc290a2d6679cfd56ce404f5b83
                                                                                                          • Instruction ID: 4262dd10cd257a464ba0fe0fafc1d3ac723b5aa5013e2f3c4fd815e753901771
                                                                                                          • Opcode Fuzzy Hash: 6d2a0258c3e6920dd0a99f8b2b40b10177e9cfc290a2d6679cfd56ce404f5b83
                                                                                                          • Instruction Fuzzy Hash: BD31D831D40629BBCF219AA4CC45FAFB7B9AB45721F600361FD14B71D1EA329F548790
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00057CE0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 107COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to copy installed ProductCode., xrefs: 00057DAC
                                                                                                          • Failed to find package: %ls, xrefs: 00057D41
                                                                                                          • Failed to read installed ProductCode from message buffer., xrefs: 00057D6D
                                                                                                          • Failed to read package id from message buffer., xrefs: 00057D1F
                                                                                                          • Failed to read installed version from message buffer., xrefs: 00057D8D
                                                                                                          • Failed to load compatible package., xrefs: 00057DDD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to copy installed ProductCode.$Failed to find package: %ls$Failed to load compatible package.$Failed to read installed ProductCode from message buffer.$Failed to read installed version from message buffer.$Failed to read package id from message buffer.
                                                                                                          • API String ID: 2102423945-2628348887
                                                                                                          • Opcode ID: 10122c49c8905655fd020e175b5afc2d82c75248a4ccc66fb02fadf3b2713f8b
                                                                                                          • Instruction ID: beaf54ba9b21e24fe1bb2a8697f92ff9e9d5257d5b496cd92f2a5e829a78600f
                                                                                                          • Opcode Fuzzy Hash: 10122c49c8905655fd020e175b5afc2d82c75248a4ccc66fb02fadf3b2713f8b
                                                                                                          • Instruction Fuzzy Hash: 41316072D04629BBCF129E94EC41DFEBBB8AF44310F104166FD08BA211DB319A14ABA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068952 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CoCreateInstance.OLE32(00099A94,00000000,00000017,00099AA4,?,?,00000000,00000000,?,?,?,?,?,00068F84,00000000,00000000), ref: 0006898A
                                                                                                          Strings
                                                                                                          • Failed to set BITS job to foreground., xrefs: 00068A03
                                                                                                          • WixBurn, xrefs: 000689AD
                                                                                                          • Failed to set notification flags for BITS job., xrefs: 000689D4
                                                                                                          • Failed to set progress timeout., xrefs: 000689EC
                                                                                                          • Failed to create BITS job., xrefs: 000689BC
                                                                                                          • Failed to create IBackgroundCopyManager., xrefs: 00068996
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateInstance
                                                                                                          • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                          • API String ID: 542301482-468763447
                                                                                                          • Opcode ID: d062aff8ea02eaf424bcd209ea5711810848465c45021e85f036a3d4a9bee61a
                                                                                                          • Instruction ID: 41776d046ce1ef466b7ebd28c90916da881e35d85d4aedbaba16ff2d23bd020f
                                                                                                          • Opcode Fuzzy Hash: d062aff8ea02eaf424bcd209ea5711810848465c45021e85f036a3d4a9bee61a
                                                                                                          • Instruction Fuzzy Hash: A1318231A40216AFDB14CBA8C855DBFBBB5EF49710B00825EFA05EB350CA319C05DB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007FA21 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 0007FA6B
                                                                                                          • GetLastError.KERNEL32 ref: 0007FA78
                                                                                                          • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 0007FABF
                                                                                                          • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000D3,00000000), ref: 0007FB27
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                          • String ID: %ls.R$dlutil.cpp
                                                                                                          • API String ID: 2136311172-657863730
                                                                                                          • Opcode ID: 0c7ee3ac3e3b84b2c7cf2f25b2e14965daf1d7c0d97c7fca6215caab0423c789
                                                                                                          • Instruction ID: a9409c484c4f1437322b05df65fabd583db8081220f0c14b8766891672ead363
                                                                                                          • Opcode Fuzzy Hash: 0c7ee3ac3e3b84b2c7cf2f25b2e14965daf1d7c0d97c7fca6215caab0423c789
                                                                                                          • Instruction Fuzzy Hash: AE31A772E40715BBEB209F69CC45BAA76E4FF49721F118225FE08EB1D0D7789C0087A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00048DCE Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 97fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0004926B: CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00000000,000000FF,?,00000000,?,?,?,00056DB2,?,?,?,?), ref: 00049296
                                                                                                          • CreateFileW.KERNEL32(EB000856,80000000,00000005,00000000,00000003,08000000,00000000,00041E36,50F0E800,00000000,00041F6E,64680779,00041FEE,00041E2E,00000000,00041EFA), ref: 00048E3E
                                                                                                          • GetLastError.KERNEL32(?,?,?,000535E9,000420DE,00041EEA,00041EEA,00000000,?,00041EFA,5050C033,00041EFA,?,?,00041E2E,?), ref: 00048E83
                                                                                                            • Part of subcall function 0005660C: _memset.LIBCMT ref: 0005665A
                                                                                                            • Part of subcall function 0005660C: WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 00056699
                                                                                                            • Part of subcall function 0005660C: WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,000000FF,00AAC56B,?,00000000,00000000,00000000), ref: 000566B3
                                                                                                          Strings
                                                                                                          • Failed to open catalog in working path: %ls, xrefs: 00048EB4
                                                                                                          • Failed to verify catalog signature: %ls, xrefs: 00048E7C
                                                                                                          • Failed to get catalog local file path, xrefs: 00048EC4
                                                                                                          • Failed to find payload for catalog file., xrefs: 00048ECB
                                                                                                          • catalog.cpp, xrefs: 00048EA7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TrustVerify$CompareCreateErrorFileLastString_memset
                                                                                                          • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                          • API String ID: 2918315300-48089280
                                                                                                          • Opcode ID: bfd4f45c3bb994aefb7588b3466980941a1980fd9ba8dff7fcddde60a4e3e513
                                                                                                          • Instruction ID: 3b49dbc851b096a4457c82f0b9a35c3e3173e2abd4524dee0ddb8ac35107ea99
                                                                                                          • Opcode Fuzzy Hash: bfd4f45c3bb994aefb7588b3466980941a1980fd9ba8dff7fcddde60a4e3e513
                                                                                                          • Instruction Fuzzy Hash: 71312672940A25BFDB11AB65CC41F9EBBE4FF04710F10C625FA08EB281EB71AD109798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000683FF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,74DF30B0,00000000,?,?,?,?,0006870C,?), ref: 00068418
                                                                                                          • ReleaseMutex.KERNEL32(?,?,?,?,0006870C,?), ref: 0006843B
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0006847C
                                                                                                          • ReleaseMutex.KERNEL32(?), ref: 00068493
                                                                                                          • SetEvent.KERNEL32(?), ref: 0006849C
                                                                                                          Strings
                                                                                                          • Failed to get message from netfx chainer., xrefs: 000684BD
                                                                                                          • Failed to send files in use message from netfx chainer., xrefs: 000684E2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                          • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                          • API String ID: 2608678126-3424578679
                                                                                                          • Opcode ID: bb65dfe2c90dc151f2285f60f6ab7b41275b1ae27719fa0416d1d45665abce3d
                                                                                                          • Instruction ID: e02be5689cfa702d50b7ccfc74a4f7ff87c768f4cbb132e3486f906b3313e4c3
                                                                                                          • Opcode Fuzzy Hash: bb65dfe2c90dc151f2285f60f6ab7b41275b1ae27719fa0416d1d45665abce3d
                                                                                                          • Instruction Fuzzy Hash: 4931E63190061ABFDB228FA4CC08AEEBBB9FF44321F10C369F955A6261DF7599019B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004628F Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000462A8
                                                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000000B8,00000100,00000000,?,00046F69,00000100,000000B8,000002C0,00000100), ref: 000462BD
                                                                                                          • GetLastError.KERNEL32(?,00046F69,00000100,000000B8,000002C0,00000100), ref: 000462C8
                                                                                                          Strings
                                                                                                          • Failed while searching directory search: %ls, for path: %ls, xrefs: 00046325
                                                                                                          • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 0004633B
                                                                                                          • Failed to set directory search path variable., xrefs: 000462F8
                                                                                                          • Failed to format variable string., xrefs: 000462B3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                                                          • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                          • API String ID: 1811509786-2966038646
                                                                                                          • Opcode ID: 71e96d005ef710b66cd45de5ec374cdfb33e71d0b69d321b98a34824b6db497d
                                                                                                          • Instruction ID: 9f7406f572d94780cf79d13fb14ea48424f11a876861b80a0bcbea9ce3ca3b34
                                                                                                          • Opcode Fuzzy Hash: 71e96d005ef710b66cd45de5ec374cdfb33e71d0b69d321b98a34824b6db497d
                                                                                                          • Instruction Fuzzy Hash: 8E1108B2840564F7DB222A948D06BDEBB65EF02721F204221FD0476152EB775F10A7DA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046441 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0004645A
                                                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000000B8,00000100,00000000,?,00046F45,00000100,000000B8,000000B8,?,000000B8,00000100), ref: 0004646F
                                                                                                          • GetLastError.KERNEL32(?,00046F45,00000100,000000B8,000000B8,?,000000B8,00000100,000000B8,000002C0,00000100), ref: 0004647A
                                                                                                          Strings
                                                                                                          • Failed while searching file search: %ls, for path: %ls, xrefs: 000464A7
                                                                                                          • Failed to set variable to file search path., xrefs: 000464D1
                                                                                                          • File search: %ls, did not find path: %ls, xrefs: 000464E5
                                                                                                          • Failed to format variable string., xrefs: 00046465
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                                                          • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                          • API String ID: 1811509786-3425311760
                                                                                                          • Opcode ID: 693e1d34544fc9c6f300d836bbaa6cf91584c4b39f313abe4557eb27e9392118
                                                                                                          • Instruction ID: 9f8fc4c4cb126817dce060ed5e5ce27113a2f8b5239b152cfa30fc8d17616c9b
                                                                                                          • Opcode Fuzzy Hash: 693e1d34544fc9c6f300d836bbaa6cf91584c4b39f313abe4557eb27e9392118
                                                                                                          • Instruction Fuzzy Hash: 29112B72D40524B7DF213A94CD06BDEBA65BF41760F208231FD1476151EB375E20A7DA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054060 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00054089
                                                                                                          • GetTempPathW.KERNEL32(00000104,?,?,00000000,?), ref: 0005409D
                                                                                                          • GetLastError.KERNEL32(?,00000000,?), ref: 000540A7
                                                                                                          Strings
                                                                                                          • cache.cpp, xrefs: 000540CB
                                                                                                          • Failed to get temp path for working folder., xrefs: 000540D5
                                                                                                          • Failed to append bundle id on to temp path for working folder., xrefs: 000540F8
                                                                                                          • %ls%ls\, xrefs: 000540E4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastPathTemp_memset
                                                                                                          • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to get temp path for working folder.$cache.cpp
                                                                                                          • API String ID: 623060366-3390808230
                                                                                                          • Opcode ID: 73a535d30e5880ff9f7bdb1cfcea825e9f35d30d3f249d8c5ed210a136b25854
                                                                                                          • Instruction ID: e29e239d1d824c815f370b45bfc62b4ae9e4ba1851b08b274e0326e30c44e2ed
                                                                                                          • Opcode Fuzzy Hash: 73a535d30e5880ff9f7bdb1cfcea825e9f35d30d3f249d8c5ed210a136b25854
                                                                                                          • Instruction Fuzzy Hash: A4112572F40628ABE710ABA49C06FEA73ACEF41710F104162FE04FB182EA746D0586D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D325 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 0007D335
                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 0007D373
                                                                                                          • GetLastError.KERNEL32(?,?,00000000), ref: 0007D37D
                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0007D3B0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseErrorExecuteHandleLastShell_memset
                                                                                                          • String ID: <$PDu$shelutil.cpp
                                                                                                          • API String ID: 495777052-2418939910
                                                                                                          • Opcode ID: 99b8cb606d28dcc6af2b12ed4fe99a73e9bb34fff267fe822b5d2fde165484ed
                                                                                                          • Instruction ID: f0b544f67a1126e9771bb5f486c08bcaea9aa9a68d4b94400754665100eb7eef
                                                                                                          • Opcode Fuzzy Hash: 99b8cb606d28dcc6af2b12ed4fe99a73e9bb34fff267fe822b5d2fde165484ed
                                                                                                          • Instruction Fuzzy Hash: A411E7B5E01219ABDB50DFA9D845ACE7BF8EF48350F00412AFD09E7251E73599108BA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00058909 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53synchronizationthreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,000493E0,00000000,?,?,00058D3D,00000000,00000000,?,000581C5,?,00000000,?,?,?,?), ref: 0005891B
                                                                                                          • GetLastError.KERNEL32(?,?,00058D3D,00000000,00000000,?,000581C5,?,00000000,?,?,?,?,00000000), ref: 00058925
                                                                                                          • GetExitCodeThread.KERNEL32(?,00000000,?,?,00058D3D,00000000,00000000,?,000581C5,?,00000000,?,?,?,?,00000000), ref: 00058961
                                                                                                          • GetLastError.KERNEL32(?,?,00058D3D,00000000,00000000,?,000581C5,?,00000000,?,?,?,?,00000000), ref: 0005896B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                          • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                          • API String ID: 3686190907-1954264426
                                                                                                          • Opcode ID: 98a5d7008cac8bba327a141eb5dd70b3001ffd1045955f4bbcb1614bb23c4e46
                                                                                                          • Instruction ID: 90af96d77f7e98a3b28a9ecf5e408095215c5080187f32f623df64e9ed2347ef
                                                                                                          • Opcode Fuzzy Hash: 98a5d7008cac8bba327a141eb5dd70b3001ffd1045955f4bbcb1614bb23c4e46
                                                                                                          • Instruction Fuzzy Hash: 0501F932F80B25BBEB216A759C05BA739D8FF04792B018125FE48FA050DA558D0093E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000529DE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000000,?,00052DAC,?,?,00000000,?,?,00000001,00000000), ref: 000529EB
                                                                                                          • GetLastError.KERNEL32(?,00052DAC,?,?,00000000,?,?,00000001,00000000), ref: 000529F5
                                                                                                          • GetExitCodeThread.KERNEL32(?,00000000,?,00052DAC,?,?,00000000,?,?,00000001,00000000), ref: 00052A34
                                                                                                          • GetLastError.KERNEL32(?,00052DAC,?,?,00000000,?,?,00000001,00000000), ref: 00052A3E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                          • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                          • API String ID: 3686190907-2546940223
                                                                                                          • Opcode ID: 0600e38343bc1b62059edb1f1fbf9a06e9632b467a17ec4dbf354fd554eb2675
                                                                                                          • Instruction ID: bc6c3eda1b2fefbc36a20a4a23d08cc6d9b2b7c8c9343fdede7daec4a5b3ee48
                                                                                                          • Opcode Fuzzy Hash: 0600e38343bc1b62059edb1f1fbf9a06e9632b467a17ec4dbf354fd554eb2675
                                                                                                          • Instruction Fuzzy Hash: C401A170680704FBEF18AB75DD16B7E3AE4FF00712F10412DBD86D90E1EA798A109728
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005B110 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0005B125
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0005B232
                                                                                                          Strings
                                                                                                          • UX requested unknown container with id: %ls, xrefs: 0005B1F1
                                                                                                          • Failed to set source path for payload., xrefs: 0005B1C1
                                                                                                          • Engine is active, cannot change engine state., xrefs: 0005B13F
                                                                                                          • UX requested unknown payload with id: %ls, xrefs: 0005B191
                                                                                                          • Failed to set source path for container., xrefs: 0005B217
                                                                                                          • UX denied while trying to set source on embedded payload: %ls, xrefs: 0005B1A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                          • API String ID: 3168844106-4121889706
                                                                                                          • Opcode ID: 359eca0d3117ffbcfd8a051ff44f53b164667118f79703d00275a4106bcbc5dd
                                                                                                          • Instruction ID: eab0bb2257f0dfb8f764543440185f14c10b5b1cb2c228d18152010d6c3638d0
                                                                                                          • Opcode Fuzzy Hash: 359eca0d3117ffbcfd8a051ff44f53b164667118f79703d00275a4106bcbc5dd
                                                                                                          • Instruction Fuzzy Hash: C4315976A40615BBCB219B58DC86DAFB7ECEF44721B158115FC08EB241DB74FD0487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00065DB7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 134COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00065DC9
                                                                                                            • Part of subcall function 000784DB: GetModuleFileNameW.KERNEL32(00047A22,?,00000104,?,00000104,?,00000000,?,?,00047A22,?,00000000,?,?,?,?), ref: 000784FC
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,?,00000001,?,00000001,?,?,00000000,?,?,00000000), ref: 00065E5F
                                                                                                            • Part of subcall function 00077CEF: CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,00000000,000000FF,00000000,00000000,00000003,00000000,00000000,00000003,00000000), ref: 00077D33
                                                                                                          Strings
                                                                                                          • Failed to open container: %ls., xrefs: 00065E24
                                                                                                          • Failed to extract payload: %ls from container: %ls, xrefs: 00065EB0
                                                                                                          • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 00065EBC
                                                                                                          • Failed to extract all payloads from container: %ls, xrefs: 00065EDD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString$FileModuleName_memset
                                                                                                          • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                          • API String ID: 3323778125-3891707333
                                                                                                          • Opcode ID: 1d32a7bf0ea9ae7f9210a6832b352051c2d3d9355f6559d47e1c3bc0086ee973
                                                                                                          • Instruction ID: 0f12b1868fa11fb982813ce2afd22f9aceb865ba22c697d104383ecf7c330bb0
                                                                                                          • Opcode Fuzzy Hash: 1d32a7bf0ea9ae7f9210a6832b352051c2d3d9355f6559d47e1c3bc0086ee973
                                                                                                          • Instruction Fuzzy Hash: 77419272D00A1AABCF22DED4CC459DEB7BAAF04311F204562F914A7151E736DB54DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00077DCA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateDirectoryW.KERNEL32(0004222A,00000000,?,?,?,?,00041F6E,0004230A), ref: 00077E61
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00041F6E,0004230A), ref: 00077E6F
                                                                                                          • GetTempPathW.KERNEL32(00000104,00000000,00000000,00000104,00041E2E,00000000,?,?,?,00049AD1,00000000,.ba%d,000F423F,00041F6E,0004230A,00000000), ref: 00077EA5
                                                                                                          • GetLastError.KERNEL32(?,?,?,00049AD1,00000000,.ba%d,000F423F,00041F6E,0004230A,00000000,00000000,?,?,000535A8,5050C033,00041EFA), ref: 00077EB3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CreateDirectoryPathTemp
                                                                                                          • String ID: %s%s$pathutil.cpp
                                                                                                          • API String ID: 2804724334-3961969462
                                                                                                          • Opcode ID: 6fa78ac2db2e85a615db8fc5b384133ecc78103ade690132fb9ae5f2663787c7
                                                                                                          • Instruction ID: 2b66fce6903a404b604448b1850193fc7ae62cd8c569bd2776c7226b8511832a
                                                                                                          • Opcode Fuzzy Hash: 6fa78ac2db2e85a615db8fc5b384133ecc78103ade690132fb9ae5f2663787c7
                                                                                                          • Instruction Fuzzy Hash: 34311632D08229EBDB21AAA4CD04BAE76A8EF05790F5185B5FD0CB7151E73D9D0093E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007753A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(000A41BC,00000000,0000000D,?,?,00050305,?,?,00000000,?,00000000,00000000,0000000D,?,00000000,Setup), ref: 0007754A
                                                                                                          • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,00000001,?,000A41B4,?,?,00050305,?), ref: 000775EB
                                                                                                          • GetLastError.KERNEL32(?,?,00050305,?,?,00000000,?,00000000,00000000,0000000D,?,00000000,Setup,00000000,log,0000000D), ref: 000775FB
                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,00050305,?,?,00000000,?,00000000,00000000,0000000D,?,00000000), ref: 00077634
                                                                                                            • Part of subcall function 00077F3A: _memset.LIBCMT ref: 00077F89
                                                                                                            • Part of subcall function 00077F3A: GetLocalTime.KERNEL32(?,?,?,?,00000000,?), ref: 00078079
                                                                                                          • LeaveCriticalSection.KERNEL32(000A41BC,00000001,?,000A41B4,?,?,00050305,?,?,00000000,?,00000000,00000000,0000000D,?,00000000), ref: 0007768D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime_memset
                                                                                                          • String ID: logutil.cpp
                                                                                                          • API String ID: 654766419-3545173039
                                                                                                          • Opcode ID: 4114544cf14cf46b99e104b704eac2aa7e77be7c3f44c9a33d8d5617dd071ae2
                                                                                                          • Instruction ID: cf015e1d069a6ce867e55dad7544988f4d811c99f8ed53af901beb255ee100d3
                                                                                                          • Opcode Fuzzy Hash: 4114544cf14cf46b99e104b704eac2aa7e77be7c3f44c9a33d8d5617dd071ae2
                                                                                                          • Instruction Fuzzy Hash: 9B31F571E05A16FFEB215FA4DC41E6A3AA8FB11B91F01C124FD0CAA161D778CD4097A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005EB50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0005EBB7
                                                                                                          Strings
                                                                                                          • Failed to append property string part., xrefs: 0005EC2B
                                                                                                          • Failed to format property string part., xrefs: 0005EC32
                                                                                                          • %s%="%s", xrefs: 0005EBEA
                                                                                                          • Failed to escape string., xrefs: 0005EC39
                                                                                                          • Failed to format property value., xrefs: 0005EC40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16
                                                                                                          • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                          • API String ID: 3613110473-515423128
                                                                                                          • Opcode ID: 7bffda0683e224e9ec5c15b71ab3c36ecb7e5ecc97287e0fa96a2ededc5d1f89
                                                                                                          • Instruction ID: f16f24513d4500f93461af2f8451e3c5b89a30a32a147f7f9631bc358c298531
                                                                                                          • Opcode Fuzzy Hash: 7bffda0683e224e9ec5c15b71ab3c36ecb7e5ecc97287e0fa96a2ededc5d1f89
                                                                                                          • Instruction Fuzzy Hash: B831F072C01269AFDF199E94CC41AAFBB68EF00713F10416AFE1266281D3719F199B90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B7FE Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 112stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 000785C9: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0005461C,0000001C,00000000,00000000,00000000,00000000), ref: 000785E9
                                                                                                          • lstrlenA.KERNEL32(?,00000000,?,00000000,?,?,?,0004C820,?,?,0000001C,0004C820,?,00000000,00000000,0004C820), ref: 0004B89D
                                                                                                          Strings
                                                                                                          • per-user, xrefs: 0004B837
                                                                                                          • Failed to find local %hs appdata directory., xrefs: 0004B840
                                                                                                          • Failed to create regid folder: %ls, xrefs: 0004B8DB
                                                                                                          • Failed to allocate regid folder path., xrefs: 0004B8EB
                                                                                                          • per-machine, xrefs: 0004B832, 0004B83F
                                                                                                          • Failed to write tag xml to file: %ls, xrefs: 0004B8D1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FolderPathlstrlen
                                                                                                          • String ID: Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to find local %hs appdata directory.$Failed to write tag xml to file: %ls$per-machine$per-user
                                                                                                          • API String ID: 3664928333-722958590
                                                                                                          • Opcode ID: dc4b647d8612f52f89fdd9e5d46a478408fe2fcb4297ca004d25f198480fd8b6
                                                                                                          • Instruction ID: f7d7cda30a4289348b596e0b9cdd39ba94864b12d7be66ad627c576a4ddec48c
                                                                                                          • Opcode Fuzzy Hash: dc4b647d8612f52f89fdd9e5d46a478408fe2fcb4297ca004d25f198480fd8b6
                                                                                                          • Instruction Fuzzy Hash: 6631A771D00119FBDB11AF94CC41BADBB79EF40750F108179F918AA261DB71DE50DB88
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00058DF3 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000001,?,?,00000001,000000FF,?,?,?,?,00000001,00000000,?,0005339D), ref: 00058EEC
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 00058E27
                                                                                                          • Failed to connect to elevated child process., xrefs: 00058ED5
                                                                                                          • Failed to create pipe name and client token., xrefs: 00058E5D
                                                                                                          • UX aborted elevation requirement., xrefs: 00058E31
                                                                                                          • Failed to elevate., xrefs: 00058EC2
                                                                                                          • Failed to create pipe and cache pipe., xrefs: 00058E76
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                          • API String ID: 2962429428-3003415917
                                                                                                          • Opcode ID: 51f33f01f45dd41f1debee8ac0ff1a075a41136b0289745a001c9697ac16afc8
                                                                                                          • Instruction ID: 54ac466ab9a335abfc7b208c9c3b36ceaba49f9b0249fcf2f7806e64d6ac0bec
                                                                                                          • Opcode Fuzzy Hash: 51f33f01f45dd41f1debee8ac0ff1a075a41136b0289745a001c9697ac16afc8
                                                                                                          • Instruction Fuzzy Hash: F931C972B41626BBDB229664CC43FEF766CAF00721F108255FE15FB292DE61AD0893D4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007FCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,000A3100,84400200,00000000), ref: 0007FD2F
                                                                                                          • GetLastError.KERNEL32 ref: 0007FD3B
                                                                                                          • HttpAddRequestHeadersW.WININET(00000000,?,000000FF,40000000), ref: 0007FD80
                                                                                                          • GetLastError.KERNEL32 ref: 0007FD8A
                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0007FDC6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHttpLastRequest$CloseHandleHeadersInternetOpen
                                                                                                          • String ID: dlutil.cpp
                                                                                                          • API String ID: 3883690129-2067379296
                                                                                                          • Opcode ID: d6d257bb3c85c9a90ab5eb0409916ecb005bc72df2b93913240bfe6900f56493
                                                                                                          • Instruction ID: 516d72510ac0ace72ab54ffae3ecfa78399621b3325f9b252ad47aad3d89eb0c
                                                                                                          • Opcode Fuzzy Hash: d6d257bb3c85c9a90ab5eb0409916ecb005bc72df2b93913240bfe6900f56493
                                                                                                          • Instruction Fuzzy Hash: 4931B872D00616AFEB219EA9CC44AAB76EAEF41790B124135FD08E7150DB39DD00D6B9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D8A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7,?), ref: 0007D8C1
                                                                                                          • GetLastError.KERNEL32(?,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7,?,00000000,00000001,00000001), ref: 0007D8D0
                                                                                                          • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7), ref: 0007D95F
                                                                                                          • GetLastError.KERNEL32(?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7,?,00000000), ref: 0007D969
                                                                                                            • Part of subcall function 0007DAF5: _memset.LIBCMT ref: 0007DB20
                                                                                                            • Part of subcall function 0007DAF5: FindFirstFileW.KERNEL32(00000003,?,00000000,00000000,00000000), ref: 0007DB30
                                                                                                            • Part of subcall function 0007DAF5: FindClose.KERNEL32(00000000), ref: 0007DB3C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$ErrorFindLastMove$CloseFirst_memset
                                                                                                          • String ID: \$fileutil.cpp
                                                                                                          • API String ID: 266112880-1689471480
                                                                                                          • Opcode ID: c330f6f8cbca9d553335049c771826f5757773e26c261e9047496fb2e723d1b2
                                                                                                          • Instruction ID: 6aac629f56520287148a4b1b8175438db62f753db4109ac64524b32a905fe39e
                                                                                                          • Opcode Fuzzy Hash: c330f6f8cbca9d553335049c771826f5757773e26c261e9047496fb2e723d1b2
                                                                                                          • Instruction Fuzzy Hash: 68219C36E00226ABDB616E68CC0076EB6A5FF857A1F01C427FE4D97110D7788C11839A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00057853 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to read bundle dependency key from message buffer., xrefs: 000578B4
                                                                                                          • Failed to find package: %ls, xrefs: 0005790C
                                                                                                          • Failed to read action., xrefs: 000578D4
                                                                                                          • Failed to execute package dependency action., xrefs: 0005792D
                                                                                                          • Failed to read package id from message buffer., xrefs: 00057891
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to execute package dependency action.$Failed to find package: %ls$Failed to read action.$Failed to read bundle dependency key from message buffer.$Failed to read package id from message buffer.
                                                                                                          • API String ID: 2102423945-4197210911
                                                                                                          • Opcode ID: 832581e213e217a8d9d51252e56f4c583f54f47b6ed2b2dbf956cb226ed25dd4
                                                                                                          • Instruction ID: f4dc0c2ab9943b0289e20e8ea0be3e21f022ac0c59b132ce89926e2f248fb61d
                                                                                                          • Opcode Fuzzy Hash: 832581e213e217a8d9d51252e56f4c583f54f47b6ed2b2dbf956cb226ed25dd4
                                                                                                          • Instruction Fuzzy Hash: 7C316172D4452DBACF12EE90EC41DEF7BB8AB04311F404561FE08F6151EB329E24A7A5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043CE1 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 90COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00042388,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 00043CF3
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,00042388,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 00043DCC
                                                                                                          Strings
                                                                                                          • Failed to get unformatted string, xrefs: 00043D5D
                                                                                                          • Failed to format value '%ls' of variable: %ls, xrefs: 00043D96
                                                                                                          • Failed to get variable: %ls, xrefs: 00043D34
                                                                                                          • Failed to get value as string for variable: %ls, xrefs: 00043DBB
                                                                                                          • *****, xrefs: 00043D88, 00043D95
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                          • API String ID: 3168844106-2193070477
                                                                                                          • Opcode ID: a6eb4bc3bb159fccbafadebcc50fb854e526e3518210f7e707efdf636d5e9698
                                                                                                          • Instruction ID: d9326e9e12ec330f1731c5b662aaad463ba5f5f027b94d78a3306abf09e0ac4a
                                                                                                          • Opcode Fuzzy Hash: a6eb4bc3bb159fccbafadebcc50fb854e526e3518210f7e707efdf636d5e9698
                                                                                                          • Instruction Fuzzy Hash: 7431EEB6D0061AFBDF226F90DC01BAE7B68FF10320F015231F9146A191DB76AB6087C8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00054837 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InitializeAcl.ADVAPI32(00000000,00000008,00000002,0000001A,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00054877
                                                                                                          • GetLastError.KERNEL32 ref: 00054881
                                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000001,20000004,00000000,00000000,00000000,00000000,00000003,000007D0,00000000,00000000,00000000,00000000,00000000), ref: 000548EC
                                                                                                          Strings
                                                                                                          • Failed to initialize ACL., xrefs: 000548AF
                                                                                                          • Failed to allocate administrator SID., xrefs: 00054868
                                                                                                          • cache.cpp, xrefs: 000548A5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileInitializeLast
                                                                                                          • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                          • API String ID: 669721577-1117388985
                                                                                                          • Opcode ID: 601897eae1552509c6b21fcec2d2e06ebb968f0e9237faa9dc0c198cdafb63d6
                                                                                                          • Instruction ID: 8dca8df1f6cf074c2f8ee7950c2fd4daca285334ebc2e9f5fb635165fba324cc
                                                                                                          • Opcode Fuzzy Hash: 601897eae1552509c6b21fcec2d2e06ebb968f0e9237faa9dc0c198cdafb63d6
                                                                                                          • Instruction Fuzzy Hash: 9F21EB72E40214BBEB215EA59C45FEFB7A8FB00B51F118126FE08FB181DA749E0497A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C327 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0005C38E
                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0005C3A0
                                                                                                          • SetFileTime.KERNEL32(?,?,?,?), ref: 0005C3B3
                                                                                                          • CloseHandle.KERNEL32(?), ref: 0005C3C1
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005C35D
                                                                                                          • Invalid operation for this state., xrefs: 0005C367
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$File$CloseDateHandleLocal
                                                                                                          • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                          • API String ID: 609741386-1751360545
                                                                                                          • Opcode ID: b6941fd378a6ddb5543de807e5d42157d262f669d416e6493868fdab46884d2f
                                                                                                          • Instruction ID: be184dc800c49b2f58e36c885f2b56323bc99ec94f86ee59fda8c027a5d3294e
                                                                                                          • Opcode Fuzzy Hash: b6941fd378a6ddb5543de807e5d42157d262f669d416e6493868fdab46884d2f
                                                                                                          • Instruction Fuzzy Hash: D3219F72900229AFDB509F99DC84DAF7BACFF047127508156FD04E6181DB75CE458BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000461D3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000461EE
                                                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000000B8,00000100,00000000,00000000,?,00046F72,00000100,000000B8,000002C0,00000100), ref: 00046203
                                                                                                          • GetLastError.KERNEL32(?,00046F72,00000100,000000B8,000002C0,00000100), ref: 0004620E
                                                                                                          Strings
                                                                                                          • Failed while searching directory search: %ls, for path: %ls, xrefs: 00046247
                                                                                                          • Failed to set variable., xrefs: 0004626F
                                                                                                          • Failed to format variable string., xrefs: 000461F9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                                                          • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                          • API String ID: 1811509786-402580132
                                                                                                          • Opcode ID: e35c0483fcc4194f44133f595c4fc4364f84b206956abfeda613a5285dff9389
                                                                                                          • Instruction ID: a0459b6da1c40dac655aa05f6c0ad533785d7adc22c98f8c3859d31af9a85003
                                                                                                          • Opcode Fuzzy Hash: e35c0483fcc4194f44133f595c4fc4364f84b206956abfeda613a5285dff9389
                                                                                                          • Instruction Fuzzy Hash: 86112C72A40924BBDF212A748E05FDF7A69EF42331F114231FD54AA151EB678D1053D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005C263 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005C2FC
                                                                                                          • Failed to write during cabinet extraction., xrefs: 0005C306
                                                                                                          • Unexpected call to CabWrite()., xrefs: 0005C292
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                          • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                          • API String ID: 1970631241-3111339858
                                                                                                          • Opcode ID: a6d5b5c80ed8946edcd8b14e4c59c83e2632b4c929122dfc21ed41ed81f85047
                                                                                                          • Instruction ID: e43798445960ada9f2f21430d3a60a247ba1f450880539d7db2cc6a191e25e22
                                                                                                          • Opcode Fuzzy Hash: a6d5b5c80ed8946edcd8b14e4c59c83e2632b4c929122dfc21ed41ed81f85047
                                                                                                          • Instruction Fuzzy Hash: F221AE76600204EFEF10DF99DC84EAA77E9FF88351B11419AFE08CB252DA71DA00DB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043166 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastPathTemp_memset
                                                                                                          • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 623060366-2915113195
                                                                                                          • Opcode ID: 503283b89ac6ce3ec9675f164186c4cc86cd98e8c84186b264c599403e9b8ecf
                                                                                                          • Instruction ID: da9e0e6f0a91a694aec134f4db7f3e886488abbc92a377033379abd561dcfb9d
                                                                                                          • Opcode Fuzzy Hash: 503283b89ac6ce3ec9675f164186c4cc86cd98e8c84186b264c599403e9b8ecf
                                                                                                          • Instruction Fuzzy Hash: 2701DB72F4172867E710AB649C06FDA73ACAB01710F114165FD14E71C2EE65AE0487E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006C0A1 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __init_pointers.LIBCMT ref: 0006C0A1
                                                                                                            • Part of subcall function 0006C250: EncodePointer.KERNEL32(00000000,?,0006C0A6,00069186,0009FB80,00000014), ref: 0006C253
                                                                                                            • Part of subcall function 0006C250: __initp_misc_winsig.LIBCMT ref: 0006C26E
                                                                                                            • Part of subcall function 0006C250: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0006CED4
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0006CEE8
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0006CEFB
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0006CF0E
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0006CF21
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0006CF34
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0006CF47
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0006CF5A
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0006CF6D
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0006CF80
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0006CF93
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0006CFA6
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0006CFB9
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0006CFCC
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0006CFDF
                                                                                                            • Part of subcall function 0006C250: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0006CFF2
                                                                                                          • __mtinitlocks.LIBCMT ref: 0006C0A6
                                                                                                          • __mtterm.LIBCMT ref: 0006C0AF
                                                                                                            • Part of subcall function 0006C117: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,0006C0B4,00069186,0009FB80,00000014), ref: 0006EBBD
                                                                                                            • Part of subcall function 0006C117: _free.LIBCMT ref: 0006EBC4
                                                                                                            • Part of subcall function 0006C117: DeleteCriticalSection.KERNEL32(x?,?,?,0006C0B4,00069186,0009FB80,00000014), ref: 0006EBE6
                                                                                                          • __calloc_crt.LIBCMT ref: 0006C0D4
                                                                                                          • __initptd.LIBCMT ref: 0006C0F6
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0006C0FD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                          • String ID:
                                                                                                          • API String ID: 3567560977-0
                                                                                                          • Opcode ID: 949a0bcdc4356d88bd2bed9367444741a2643ba15c035eeab68a596493f219e8
                                                                                                          • Instruction ID: 498e378d63b30343dc4ed51003a00e659628fb2254a0102bcc7ce7de2b901f43
                                                                                                          • Opcode Fuzzy Hash: 949a0bcdc4356d88bd2bed9367444741a2643ba15c035eeab68a596493f219e8
                                                                                                          • Instruction Fuzzy Hash: A0F06D72198B5159F6647778BC03EEA36C79F03770B24062AF9E0CA4D3EF2588425290
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007891F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,000428DA,00000000), ref: 00078933
                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 0007893A
                                                                                                          • GetLastError.KERNEL32(?,?,?,000428DA,00000000), ref: 00078951
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressErrorHandleLastModuleProc
                                                                                                          • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                          • API String ID: 4275029093-1586155540
                                                                                                          • Opcode ID: f62960e19c80c9b53e92125d105fa5ec1d1f71fe32174365e3c28e6940c6f763
                                                                                                          • Instruction ID: 82ef6ff36a5f97955e5c21746ed2373251889f84947cf11777f6caf8ed0a2382
                                                                                                          • Opcode Fuzzy Hash: f62960e19c80c9b53e92125d105fa5ec1d1f71fe32174365e3c28e6940c6f763
                                                                                                          • Instruction Fuzzy Hash: 29F0C871A50624ABEB20DBA5CC09AAB7BA8FB04B91B008115FE09DB240EE759D00D7E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005B242 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0005B25A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 0005B3A4
                                                                                                            • Part of subcall function 0004AD71: _memset.LIBCMT ref: 0004AD97
                                                                                                          Strings
                                                                                                          • Failed to recreate command-line for update bundle., xrefs: 0005B31E
                                                                                                          • Failed to set update bundle., xrefs: 0005B375
                                                                                                          • update\%ls, xrefs: 0005B2B8
                                                                                                          • Failed to default local update source, xrefs: 0005B2CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave_memset
                                                                                                          • String ID: Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                          • API String ID: 3751686142-1266646976
                                                                                                          • Opcode ID: 7e772610296c79f936765a47d17c167bae910388c5adacdb180cdaaeae1829ad
                                                                                                          • Instruction ID: 9202a2eb6bc3c9c4e9ffc7058ef6ad94f4d0bc95ec84df98da6b90b49514ac8f
                                                                                                          • Opcode Fuzzy Hash: 7e772610296c79f936765a47d17c167bae910388c5adacdb180cdaaeae1829ad
                                                                                                          • Instruction Fuzzy Hash: 72417C71A40209EFDF268F94C846FAE77A5EF08312F018265FD08A6161D771AE549B90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000546F5 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Sleep.KERNEL32(000007D0,?,?), ref: 00054761
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Sleep
                                                                                                          • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                          • API String ID: 3472027048-398165853
                                                                                                          • Opcode ID: 611c764b3ede09892d2cabd7fc05b3b726d3e8288c1b0ee1a4ef3ffda0f78476
                                                                                                          • Instruction ID: 2b54720205bd0299ebebdad439fe98a4fb4bd407bb1f0c1e513c6810ccff0657
                                                                                                          • Opcode Fuzzy Hash: 611c764b3ede09892d2cabd7fc05b3b726d3e8288c1b0ee1a4ef3ffda0f78476
                                                                                                          • Instruction Fuzzy Hash: 6A314872E44229BBEB11A654CC42FFF76ACEF04B15F004079FE08EA142DB788D4492A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00060D03 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 207COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,00000002,?,?,00061914,?,00000001,?,?), ref: 00060D6C
                                                                                                          Strings
                                                                                                          • Failed grow array of ordered patches., xrefs: 00060E0C
                                                                                                          • Failed to insert execute action., xrefs: 00060DC8
                                                                                                          • Failed to plan action for target product., xrefs: 00060E2F
                                                                                                          • Failed to copy target product code., xrefs: 00060EA6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString
                                                                                                          • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.
                                                                                                          • API String ID: 1825529933-3432308488
                                                                                                          • Opcode ID: c9b5398654bf571c4689e72c07bf2dfcc7cae1279cf8dbd2bf09fcecd9a8828c
                                                                                                          • Instruction ID: 4619d669a087ef0693ec7cb3b97fa5608ef15003c2e54e505f371dfefbc2f719
                                                                                                          • Opcode Fuzzy Hash: c9b5398654bf571c4689e72c07bf2dfcc7cae1279cf8dbd2bf09fcecd9a8828c
                                                                                                          • Instruction Fuzzy Hash: 888126B564425A9FCB55CF98C880AAA77E6FF08324B118AAAFC158B352D731EC11CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00064319 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 171COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00052FD6,000000B8,0000001C,00000100), ref: 00064348
                                                                                                          • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,00000000,000000FF,?,?,?,00052FD6,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 000643E1
                                                                                                          Strings
                                                                                                          • Failed to initialize update bundle., xrefs: 00064484
                                                                                                          • detect.cpp, xrefs: 00064446
                                                                                                          • BA aborted detect forward compatible bundle., xrefs: 00064450
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString
                                                                                                          • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$detect.cpp
                                                                                                          • API String ID: 1825529933-918857910
                                                                                                          • Opcode ID: 3908e8245b47806eacae4a9449a64ca95113b9c413276657f0b68c98cb4a26f1
                                                                                                          • Instruction ID: d5e291a8e006eb6a5aab5be52e41ebc771e32d3ffddff42f16328c2e092f7d98
                                                                                                          • Opcode Fuzzy Hash: 3908e8245b47806eacae4a9449a64ca95113b9c413276657f0b68c98cb4a26f1
                                                                                                          • Instruction Fuzzy Hash: 71516A71A04211EFDB599F64CC81ABAB7AAFF09310B108668F919DA251DB31DD60DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000581C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 162synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • elevation.cpp, xrefs: 000583AE
                                                                                                          • Failed to save state., xrefs: 00058287
                                                                                                          • Unexpected elevated message sent to child process, msg: %u, xrefs: 000583BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandleMutexRelease
                                                                                                          • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                          • API String ID: 4207627910-1576875097
                                                                                                          • Opcode ID: 94ac848137206b84fa17af0cac44c909d4db17e5d87d10b82ebec189623107f1
                                                                                                          • Instruction ID: 5cad390a7da3f76136260c9918efa70cbcdfa296f5d55000112ae05c803c6d8c
                                                                                                          • Opcode Fuzzy Hash: 94ac848137206b84fa17af0cac44c909d4db17e5d87d10b82ebec189623107f1
                                                                                                          • Instruction Fuzzy Hash: C551A53A104604EFCB225F84CD01C5ABBB2FF18712711C559FE9E6A632CB72E925EB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007902A Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,000000B8,00000000,000000B8,00000000,00000000,000000B8,BundleUpgradeCode,000002F0,000000B8,00000000,00000000,00052FA9,00000100,000000B0,00000088), ref: 00079052
                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,?), ref: 0007908B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                          • API String ID: 3660427363-1648651458
                                                                                                          • Opcode ID: 80910595f16b1b47d8090a176f0f58b20eaa6e527d86454e427a00069fd0ca53
                                                                                                          • Instruction ID: 906a156e40b23db52c9eaf115b0c3a0d31bc5091ac84ad0717fb6c3babca77aa
                                                                                                          • Opcode Fuzzy Hash: 80910595f16b1b47d8090a176f0f58b20eaa6e527d86454e427a00069fd0ca53
                                                                                                          • Instruction Fuzzy Hash: C741C635E0021AEFDF25CF94C848AAE77F9EF44720F518169FC09AB200D639AD10DB98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000827F1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00082853
                                                                                                          • InternetCrackUrlW.WININET(?,00000000,90000000,0000003C), ref: 00082900
                                                                                                          • GetLastError.KERNEL32 ref: 0008290A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CrackErrorInternetLast_memset
                                                                                                          • String ID: <$uriutil.cpp
                                                                                                          • API String ID: 2372571340-4267795606
                                                                                                          • Opcode ID: d95d54fdc5706683eec0c3584b24c1186d2c7843d0035c2fd2c4d90b0dab9e28
                                                                                                          • Instruction ID: 8f972b149f3e12633ee3109e199e3bfee63b539fd81115329686539021312494
                                                                                                          • Opcode Fuzzy Hash: d95d54fdc5706683eec0c3584b24c1186d2c7843d0035c2fd2c4d90b0dab9e28
                                                                                                          • Instruction Fuzzy Hash: A9511A71D012299BDF61EF69CD88AD9B7F8BF08700F4041EAE988E7211DB349E848F55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007AD23 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WideCharToMultiByte.KERNEL32(00077011,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00077011,?,00000000,00000000), ref: 0007AD69
                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00077011,?,00000000,00000000,0000FDE9), ref: 0007AD75
                                                                                                            • Part of subcall function 00077AFF: GetProcessHeap.KERNEL32(00000000,?,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B07
                                                                                                            • Part of subcall function 00077AFF: HeapSize.KERNEL32(00000000,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B0E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                          • String ID: strutil.cpp
                                                                                                          • API String ID: 3662877508-3612885251
                                                                                                          • Opcode ID: f747d529fcb9c634b038cebe5658a34b457ed3dd468d17172801ffc97ff3600c
                                                                                                          • Instruction ID: ffe54706415a715be4be85d17c508966d5410ce618dda0f50e062948c6dc5ae2
                                                                                                          • Opcode Fuzzy Hash: f747d529fcb9c634b038cebe5658a34b457ed3dd468d17172801ffc97ff3600c
                                                                                                          • Instruction Fuzzy Hash: 7331EC31B40755AFFB205E78CCC4ABE32DDFB853657108229F91A8B1A0D679CC109766
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00079397 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115stringregistryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenW.KERNEL32(00000000,00000002,?,00000000,00000000), ref: 000793D3
                                                                                                          • lstrlenW.KERNEL32(00000000,?,00000001,00000000,?,00000001,?,00000000,00000000), ref: 00079435
                                                                                                          • lstrlenW.KERNEL32(?), ref: 00079441
                                                                                                          • RegSetValueExW.ADVAPI32(00000002,?,00000000,00000007,00000000,?,00000001,00000000,?,?,00000001,?,00000000,00000000), ref: 00079485
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: lstrlen$Value
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 198323757-955085611
                                                                                                          • Opcode ID: 87a04b5c94d0b9d6c67dfe76609e803c078257ca194e419ca03f695f4e428a48
                                                                                                          • Instruction ID: 7053d70ba72183d510b82d7af6eceb00cf7c249336e807d13c3b81af95053732
                                                                                                          • Opcode Fuzzy Hash: 87a04b5c94d0b9d6c67dfe76609e803c078257ca194e419ca03f695f4e428a48
                                                                                                          • Instruction Fuzzy Hash: 66419372D00619ABDF11DF98CC84E9EB7BAFF84340F124065F918A7250DB39DD129BA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B352 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 000785C9: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0005461C,0000001C,00000000,00000000,00000000,00000000), ref: 000785E9
                                                                                                          • RemoveDirectoryW.KERNEL32(00000002,00000001,00000002,?,00000001,?,?,00000002,0000001C,?,00020006,?,00000000,?), ref: 0004B3EF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryFolderPathRemove
                                                                                                          • String ID: Failed to allocate regid folder path.$Failed to find local %hs appdata directory.$per-machine$per-user
                                                                                                          • API String ID: 293476170-2037127396
                                                                                                          • Opcode ID: 11ea93367bd1497828574747522a3818eb2893ba1bc0c3833413c38f95ad5523
                                                                                                          • Instruction ID: 202f27aa324a4410b1a684961b102f06bb770c381bf3297995877b3ee4c9a0ed
                                                                                                          • Opcode Fuzzy Hash: 11ea93367bd1497828574747522a3818eb2893ba1bc0c3833413c38f95ad5523
                                                                                                          • Instruction Fuzzy Hash: 4F318DB1E00118FBCF11AF99D885ADDBBB9EF84340F10C0B6F908AA252D775DE509B94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004B448 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000002,PackageVersion,00000001,?,?,00000001,00000002,00000001,?,00020006), ref: 0004B4BF
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000002,PackageVersion,00000001,?,?,00000001,00000002,00000001,?,00020006,?,00000000,?), ref: 0004B4D6
                                                                                                          Strings
                                                                                                          • PackageVersion, xrefs: 0004B4A0
                                                                                                          • Failed to format key for update registration., xrefs: 0004B475
                                                                                                          • Failed to remove update registration key: %ls, xrefs: 0004B503
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCompareString
                                                                                                          • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                          • API String ID: 446873843-3222553582
                                                                                                          • Opcode ID: e0572b41cf1b75b32d511ae6052d19cdbe65a9801e6b6693f33b78e997e2abb5
                                                                                                          • Instruction ID: 3cb2cf00217ee834da49bb634693e5f2e5fb49d8a760035f48a20bdfc0cc1a5f
                                                                                                          • Opcode Fuzzy Hash: e0572b41cf1b75b32d511ae6052d19cdbe65a9801e6b6693f33b78e997e2abb5
                                                                                                          • Instruction Fuzzy Hash: 5421B472E00218BBCB11AAA4CC46FDFBBB8EF40750F108175F914A7152D775DE109798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00063E41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000001,00000100,000000B5), ref: 00063EC0
                                                                                                          • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000001,00000100,000000B5,?,?,?,0004BB88,00000001,00000001,000000B5,00000000), ref: 00063F0E
                                                                                                          Strings
                                                                                                          • Failed to enumerate uninstall key for related bundles., xrefs: 00063F1F
                                                                                                          • Failed to open uninstall registry key., xrefs: 00063E88
                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00063E62
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCompareOpenString
                                                                                                          • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                          • API String ID: 2817536665-2531018330
                                                                                                          • Opcode ID: 926baef583d2ba7efc81857691c41a52a2cc525f1d19d74459f662194890e039
                                                                                                          • Instruction ID: 0c9e065ebc2a35e6e55b6c0b6591562f6266c2a6239ad0fbe8784a30f68c56e5
                                                                                                          • Opcode Fuzzy Hash: 926baef583d2ba7efc81857691c41a52a2cc525f1d19d74459f662194890e039
                                                                                                          • Instruction Fuzzy Hash: B7218632D54118FBDF219B94CC4ABEEBABAEF04320F248165F914660D1D7764F50A7E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00062AE7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to add "%ls" to the string dictionary., xrefs: 00062B8D
                                                                                                          • Failed to add "%ls" to the list of dependencies to ignore., xrefs: 00062B94
                                                                                                          • Failed to create the string dictionary., xrefs: 00062B09
                                                                                                          • Failed to check the dictionary of unique dependencies., xrefs: 00062B41
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _wcstok_s
                                                                                                          • String ID: Failed to add "%ls" to the list of dependencies to ignore.$Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.$Failed to create the string dictionary.
                                                                                                          • API String ID: 86363921-3348696663
                                                                                                          • Opcode ID: d97739bce273c68b6b5e2dd74c97d10d4f8b8a2ada32f4797bedfc5da6965099
                                                                                                          • Instruction ID: 5b8f9ac413e83454136e0480f0599b6fac887e384a1b76016f8755717676b460
                                                                                                          • Opcode Fuzzy Hash: d97739bce273c68b6b5e2dd74c97d10d4f8b8a2ada32f4797bedfc5da6965099
                                                                                                          • Instruction Fuzzy Hash: F6215B72D41A58BEDB21AE509C02DFF7B6DDF407A0F104175FE087A142EB755E1092A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D6DF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0007D7EA,00000000,00000000,00000000,00000000,?,00054AC1,00000000,00000000), ref: 0007D6F9
                                                                                                          • GetLastError.KERNEL32(?,0007D7EA,00000000,00000000,00000000,00000000,?,00054AC1,00000000,00000000,00000001,00000003,000007D0,00000000,?,00055AE8), ref: 0007D707
                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0007D7EA,00000000,00000000,00000000,00000000,?,00054AC1,00000000,00000000,00000001), ref: 0007D76D
                                                                                                          • GetLastError.KERNEL32(?,0007D7EA,00000000,00000000,00000000,00000000,?,00054AC1,00000000,00000000,00000001,00000003,000007D0,00000000,?,00055AE8), ref: 0007D777
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyErrorFileLast
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 374144340-2967768451
                                                                                                          • Opcode ID: 4af319ab3087f4b2769f689bfcdab6ab5648d25839be6cee6f43542f857d05ca
                                                                                                          • Instruction ID: b5b2de095b326db67c6823f88b201265c06f06f87890dd040127fffcfbc30a12
                                                                                                          • Opcode Fuzzy Hash: 4af319ab3087f4b2769f689bfcdab6ab5648d25839be6cee6f43542f857d05ca
                                                                                                          • Instruction Fuzzy Hash: 9E21C97AD446319BEB245A658C4077FB6F8FF457A1B51C127FE48DB150FA298C00C2E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007C9A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 0007C9B8
                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0007C9D4
                                                                                                          • VariantClear.OLEAUT32(?), ref: 0007CA5B
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007CA66
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: StringVariant$AllocClearFreeInit
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 760788290-1270936966
                                                                                                          • Opcode ID: fd416ba7d918075b822bf4e710199993bd383b0d77e77c0089b3b8016c64f9fd
                                                                                                          • Instruction ID: ef22ac3a90c05c8eaf90b145f6fef91a19b39518f19e1c3fcc6d183c35ec3046
                                                                                                          • Opcode Fuzzy Hash: fd416ba7d918075b822bf4e710199993bd383b0d77e77c0089b3b8016c64f9fd
                                                                                                          • Instruction Fuzzy Hash: 03218031D10219FFDB11DBA4C858EAEBBB8AF4471AF15815CF909AB220C7399E01CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005795A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • Failed to find package: %ls, xrefs: 000579F0
                                                                                                          • Failed to read action., xrefs: 000579B8
                                                                                                          • Failed to execute package provider action., xrefs: 00057A0F
                                                                                                          • Failed to read package id from message buffer., xrefs: 00057998
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: Failed to execute package provider action.$Failed to find package: %ls$Failed to read action.$Failed to read package id from message buffer.
                                                                                                          • API String ID: 2102423945-384206569
                                                                                                          • Opcode ID: 4962d3c747e278253c03ca55973ab390a977eda003a0e58678bcf651924de887
                                                                                                          • Instruction ID: 7b75a9d6249b82a0ea698715e4ab2a61af6d70c98ed4a9c22212cc547f404fa8
                                                                                                          • Opcode Fuzzy Hash: 4962d3c747e278253c03ca55973ab390a977eda003a0e58678bcf651924de887
                                                                                                          • Instruction Fuzzy Hash: 3E217F72D44229BADF12EEA4EC01DDE7BBCAB04310F504162FE08B6152E7319A18A796
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006831A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000683AF
                                                                                                          • ReleaseMutex.KERNEL32(?), ref: 000683DD
                                                                                                          • SetEvent.KERNEL32(?), ref: 000683E6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                          • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                          • API String ID: 944053411-3611226795
                                                                                                          • Opcode ID: ca331b97e388ab56fb0583d5195cfaa0f3ef06578c95e22e97458e0d1c3f2d51
                                                                                                          • Instruction ID: ad9014594e3712e5a5d35ce241a3380c58ce8c7b3e02d1f859c33422e3cea11d
                                                                                                          • Opcode Fuzzy Hash: ca331b97e388ab56fb0583d5195cfaa0f3ef06578c95e22e97458e0d1c3f2d51
                                                                                                          • Instruction Fuzzy Hash: A721D3B0A0071ABFDB109F68CC44A99B7F5FF48310F10C628F96897352CB75A950CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007EA78 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateDirectoryW.KERNEL32(00000003,00000001,00000000,00000000,?,0007D94C,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000), ref: 0007EA86
                                                                                                          • GetLastError.KERNEL32(?,0007D94C,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7,?), ref: 0007EA94
                                                                                                          • CreateDirectoryW.KERNEL32(00000003,00000001,00000000,?,0007D94C,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000), ref: 0007EAFB
                                                                                                          • GetLastError.KERNEL32(?,0007D94C,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001,00000000,00000000,00000000,?,000561E7,?), ref: 0007EB05
                                                                                                            • Part of subcall function 0007EB46: GetFileAttributesW.KERNEL32(00000003,00000000,?,0007EAAD,00000003,00000000,?,0007D94C,00000001,00000000,?,?,0007D9E3,00000003,00000001,00000001), ref: 0007EB4F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDirectoryErrorLast$AttributesFile
                                                                                                          • String ID: dirutil.cpp
                                                                                                          • API String ID: 925696554-2193988115
                                                                                                          • Opcode ID: 5a45e54d0851faaba110b99a56736058495b638ba7a4255ab641f4cd3d88b4a3
                                                                                                          • Instruction ID: ac3cae5b2f58aeaaba4473ed0c5fcca4d99e8f262f1d76911eef8eb5fec8152c
                                                                                                          • Opcode Fuzzy Hash: 5a45e54d0851faaba110b99a56736058495b638ba7a4255ab641f4cd3d88b4a3
                                                                                                          • Instruction Fuzzy Hash: B3113D35D422B0A7EB311AA5CC45A7BBA98FF4D761B50C065FD4EDA090D72C9C0193E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F372 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 0007F387
                                                                                                          • GetLastError.KERNEL32(?,?,00054D20,?,00000003,00000000,00000000), ref: 0007F391
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CertCertificateContextErrorLastProperty
                                                                                                          • String ID: certutil.cpp
                                                                                                          • API String ID: 980632616-2692845373
                                                                                                          • Opcode ID: 09f9d10abc094c4d25d86b82981989df246e8211f8ed484a04daa7758e8e80dd
                                                                                                          • Instruction ID: 01eb15b147cea999311713033af218d8c709bd67fda63c866ff4ff8b57eff723
                                                                                                          • Opcode Fuzzy Hash: 09f9d10abc094c4d25d86b82981989df246e8211f8ed484a04daa7758e8e80dd
                                                                                                          • Instruction Fuzzy Hash: 6A21F872E40625FBEB219E69CD04BBB7AE8FF44750F018025FC09F7150D6398D0196E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F5AA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,00061BFC,00000000,?), ref: 0007F5C0
                                                                                                          • GetLastError.KERNEL32(?,?,00061BFC,00000000,?,?,?,?,?,?,?,?,?,0006200E,?,?), ref: 0007F5CE
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,00061BFC,00000000,?), ref: 0007F608
                                                                                                          • GetLastError.KERNEL32(?,?,00061BFC,00000000,?,?,?,?,?,?,?,?,?,0006200E,?,?), ref: 0007F612
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                          • String ID: svcutil.cpp
                                                                                                          • API String ID: 355237494-1746323212
                                                                                                          • Opcode ID: 8bb7384f3249f21f6e773ab3d69e390653892180f5f9b2a8858d9f650297a5d8
                                                                                                          • Instruction ID: 8d34e28fc03054098357f7f8f62ce014c54cfec641abd40e4270b03d3b3618bb
                                                                                                          • Opcode Fuzzy Hash: 8bb7384f3249f21f6e773ab3d69e390653892180f5f9b2a8858d9f650297a5d8
                                                                                                          • Instruction Fuzzy Hash: 4A212732D40625BBEB21AA65CC04FBB7AE8FF447A0F118121FD0CE7260D62DCD0196E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008272A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpQueryInfoW.WININET(?,?,?,00000000,?), ref: 00082777
                                                                                                          • GetLastError.KERNEL32(?,0007FE9E,?,00000033,?,?,00000013,00000000), ref: 00082781
                                                                                                          • HttpQueryInfoW.WININET(?,?,?,00000000,?), ref: 000827B4
                                                                                                          • GetLastError.KERNEL32(?,0007FE9E,?,00000033,?,?,00000013,00000000), ref: 000827BE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHttpInfoLastQuery
                                                                                                          • String ID: inetutil.cpp
                                                                                                          • API String ID: 4218848986-2900720265
                                                                                                          • Opcode ID: 244ef62057423caab9fbc5d02cf86134701ffaf560397826a2ecf5c868580130
                                                                                                          • Instruction ID: 0438453669d46a291f786d1219560fdec2c3aae12bc37a76cfe8f22209757dbb
                                                                                                          • Opcode Fuzzy Hash: 244ef62057423caab9fbc5d02cf86134701ffaf560397826a2ecf5c868580130
                                                                                                          • Instruction Fuzzy Hash: 05216D36D04529BBDB12AFA5CC44AAFBBACFF04B50B514166F944E6110EB35DE109BE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007EB71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000001,00000000,0000000D,?,?,00050221,?,00000000,Setup,00000000,log,0000000D,00000000,00000009), ref: 0007EBAC
                                                                                                          • GetLastError.KERNEL32(?,?,00050221,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?), ref: 0007EBB8
                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000001,00000001,00000000,?,?,00050221,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?), ref: 0007EBF3
                                                                                                          • GetLastError.KERNEL32(?,?,00050221,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?), ref: 0007EBFD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentDirectoryErrorLast
                                                                                                          • String ID: dirutil.cpp
                                                                                                          • API String ID: 152501406-2193988115
                                                                                                          • Opcode ID: 1948a579b85b175f350f1a2d714ba0d6fa033a289e5a2d5822725889d2bae272
                                                                                                          • Instruction ID: 8034815021a56f08092dc590fa61df839941ba9930e345d1fd56b08d8f9f06b2
                                                                                                          • Opcode Fuzzy Hash: 1948a579b85b175f350f1a2d714ba0d6fa033a289e5a2d5822725889d2bae272
                                                                                                          • Instruction Fuzzy Hash: A9110D72E01721ABEB219AA9CC4476BB6ECFF0C7517118175FE09E7200E729DC0186F8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00045F33 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                          • API String ID: 2001391462-1605196437
                                                                                                          • Opcode ID: 5240152d311f9db75c503a4d0640414f2c4f82ffcc9c01c3c01d187a8381f9b3
                                                                                                          • Instruction ID: a5d2317a5c66c490c126247d18c114e5eae559f36ef400e26dd53b2b0d7876a2
                                                                                                          • Opcode Fuzzy Hash: 5240152d311f9db75c503a4d0640414f2c4f82ffcc9c01c3c01d187a8381f9b3
                                                                                                          • Instruction Fuzzy Hash: 24113AB2584A14B7DB113E68CC46DCB7A58AB04750B508172FA18AE197C972CD14C3EF
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008259F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69timenetworkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpQueryInfoW.WININET(00000000,4000000B,?,00000010,00000000), ref: 000825DE
                                                                                                          • GetLastError.KERNEL32 ref: 000825E8
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00082610
                                                                                                          • GetLastError.KERNEL32 ref: 0008261A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastTime$FileHttpInfoQuerySystem
                                                                                                          • String ID: inetutil.cpp
                                                                                                          • API String ID: 3487154604-2900720265
                                                                                                          • Opcode ID: 08b718e5f18a2081103dc21f12ec511547f560b96055e7ddedb50cb8da292aee
                                                                                                          • Instruction ID: d4055af6cf52c18dbd7dcdbbdb36f246955b1c3832ed4bbe835bc86833e27384
                                                                                                          • Opcode Fuzzy Hash: 08b718e5f18a2081103dc21f12ec511547f560b96055e7ddedb50cb8da292aee
                                                                                                          • Instruction Fuzzy Hash: 9A119072A00629ABE720EBB9DD44BABB7ECFF08341F01412AFE41E7150E6349D0487E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046508 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0004652A
                                                                                                          Strings
                                                                                                          • Failed to format path string., xrefs: 00046535
                                                                                                          • Failed to set variable., xrefs: 00046581
                                                                                                          • Failed get file version., xrefs: 00046562
                                                                                                          • File search: %ls, did not find path: %ls, xrefs: 00046595
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open@16
                                                                                                          • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                          • API String ID: 3613110473-2458530209
                                                                                                          • Opcode ID: 7b07252c2552ef6bcc3639beca56b93db8bdcc1fde7ed530bb0b4dff9372d90a
                                                                                                          • Instruction ID: 90b56ba05338424fd31bbdc9698c880e8d9897f849c92dea413cbae74f859af7
                                                                                                          • Opcode Fuzzy Hash: 7b07252c2552ef6bcc3639beca56b93db8bdcc1fde7ed530bb0b4dff9372d90a
                                                                                                          • Instruction Fuzzy Hash: BA1181B2D4051DBE8B126E94CD429AEBB79EF04350F1082B5F90466212E6335E60ABD9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00050B37 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,00000000,?,80070057,00000000,?,?,?,000513FA), ref: 00050B83
                                                                                                          Strings
                                                                                                          • Failed to write message type to pipe., xrefs: 00050BC5
                                                                                                          • Failed to allocate message to write., xrefs: 00050B62
                                                                                                          • pipe.cpp, xrefs: 00050BBB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileWrite
                                                                                                          • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                          • API String ID: 3934441357-1996674626
                                                                                                          • Opcode ID: ad21739447ff3f6b00560c629193881bd9aee20d19c0ae2e2b224def1d5a6ae6
                                                                                                          • Instruction ID: a9d5b1d696c7a13a6d62717614bfb9c04875cf6ab331d6ec7616ddc359927eeb
                                                                                                          • Opcode Fuzzy Hash: ad21739447ff3f6b00560c629193881bd9aee20d19c0ae2e2b224def1d5a6ae6
                                                                                                          • Instruction Fuzzy Hash: 3611AC72940219BBEB21DF98DD49EEF7BA8FF40352F104126FD04A6150DB719E50DBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00053FB5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00054862,0000001A,00000000,00000000,00000000,00000000), ref: 00053FFE
                                                                                                          • GetLastError.KERNEL32(?,?,00054862,0000001A,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00054008
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                          • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                          • API String ID: 2186923214-2110050797
                                                                                                          • Opcode ID: b9115381362858d1aa1d678ce98ead488e4bfc8741827e6ebbabb278e5373eea
                                                                                                          • Instruction ID: 195f9a3aeb861f5916d6c06772b3636a31b1240d80dd4145f46824c6dca39c7b
                                                                                                          • Opcode Fuzzy Hash: b9115381362858d1aa1d678ce98ead488e4bfc8741827e6ebbabb278e5373eea
                                                                                                          • Instruction Fuzzy Hash: 6B016332D447287AE72166658C06EDB76DDDF41B61F114115FF0CDB182EE798D0142E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068E3F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 00068E6D
                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00068E95
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00069065,00000000,?,?,?,00000001,00000000), ref: 00068E9D
                                                                                                          Strings
                                                                                                          • Failed while waiting for download., xrefs: 00068ECB
                                                                                                          • bitsengine.cpp, xrefs: 00068EC1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                          • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                          • API String ID: 435350009-228655868
                                                                                                          • Opcode ID: 90e00d15da5e83f431f0693e65f7c8e15946aca9cfc5253af441e696148b4f61
                                                                                                          • Instruction ID: 9987f5172364743a5a8c5a2907c8b7d41b677cf0757bf54091eaa8f89ebc9d1f
                                                                                                          • Opcode Fuzzy Hash: 90e00d15da5e83f431f0693e65f7c8e15946aca9cfc5253af441e696148b4f61
                                                                                                          • Instruction Fuzzy Hash: 2111E532B4522877EB209AA99C49EDB7BDDEF04751F004226FE08E6181DEA6890086F5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00050703 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • _memcpy_s.LIBCMT ref: 00050755
                                                                                                          • _memcpy_s.LIBCMT ref: 00050768
                                                                                                          • _memcpy_s.LIBCMT ref: 00050783
                                                                                                          Strings
                                                                                                          • Failed to allocate memory for message., xrefs: 0005073E
                                                                                                          • pipe.cpp, xrefs: 00050734
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                          • String ID: Failed to allocate memory for message.$pipe.cpp
                                                                                                          • API String ID: 886498622-1914209504
                                                                                                          • Opcode ID: 1a257bd8d50dfe29912cb3ff7ba7d0a2e5bc5de00b339dfdba18ff588b1a2ca9
                                                                                                          • Instruction ID: b37fec4c447c0135114d5d8504ac443345d6e4b583a00237082705ad60bebfc7
                                                                                                          • Opcode Fuzzy Hash: 1a257bd8d50dfe29912cb3ff7ba7d0a2e5bc5de00b339dfdba18ff588b1a2ca9
                                                                                                          • Instruction Fuzzy Hash: 1211A7B290430DABDB01AE90CC86DEF77ACEF44750B00452BFA149B142E7B0EA14CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042956 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetComputerNameW.KERNEL32(?,00000010), ref: 00042984
                                                                                                          • GetLastError.KERNEL32 ref: 0004298E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ComputerErrorLastName
                                                                                                          • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 3560734967-484636765
                                                                                                          • Opcode ID: 921bc9aca0bd378c116f31df812bf59b388fecb73dca62a7b11868d27d6b1c4c
                                                                                                          • Instruction ID: d1c4d7f8b44d57c6afa316ac4c1db1b0ec6cb96d65bea940a7cca5e5ecff5305
                                                                                                          • Opcode Fuzzy Hash: 921bc9aca0bd378c116f31df812bf59b388fecb73dca62a7b11868d27d6b1c4c
                                                                                                          • Instruction Fuzzy Hash: B701E532F40A186BE710EAA49D05FDE77E8EB08710F514166FD04FB280EA35AD0487E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068229 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,000684B4,00000000,00000000,00000000,?), ref: 00068239
                                                                                                          • ReleaseMutex.KERNEL32(?,?,000684B4,00000000,00000000,00000000,?), ref: 000682C0
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • _memmove.LIBCMT ref: 000682A7
                                                                                                          Strings
                                                                                                          • NetFxChainer.cpp, xrefs: 0006827E
                                                                                                          • Failed to allocate memory for message data, xrefs: 00068288
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait_memmove
                                                                                                          • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                          • API String ID: 2689949979-1624333943
                                                                                                          • Opcode ID: c2a000ba04f72e76ed41f3eea183ea6e3c15a90cd1a7a87eb371498c8dc79b23
                                                                                                          • Instruction ID: 6e3a1fd4a94432a85b2d659edc0d4ba1f9f7f06d1311aee6ea1f918c53043bd7
                                                                                                          • Opcode Fuzzy Hash: c2a000ba04f72e76ed41f3eea183ea6e3c15a90cd1a7a87eb371498c8dc79b23
                                                                                                          • Instruction Fuzzy Hash: 5D119171300615AFDB158F68DC45E99BBF5FF49724B108269F9189B361CB71AC10CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00046140 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000461B7
                                                                                                          Strings
                                                                                                          • Condition, xrefs: 00046152
                                                                                                          • Failed to select condition node., xrefs: 0004616E
                                                                                                          • Failed to get Condition inner text., xrefs: 00046187
                                                                                                          • Failed to copy condition string from BSTR, xrefs: 000461A1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeString
                                                                                                          • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                                                          • API String ID: 3341692771-3600577998
                                                                                                          • Opcode ID: b3e9562e4b61aa7f3dfb34f41f4ea3c0e569e91a80d149446737b5a1c9bacb35
                                                                                                          • Instruction ID: 1822e1fbf598d6da09bc9614d16932f3e0119df32f6e3642bd52190836e97821
                                                                                                          • Opcode Fuzzy Hash: b3e9562e4b61aa7f3dfb34f41f4ea3c0e569e91a80d149446737b5a1c9bacb35
                                                                                                          • Instruction Fuzzy Hash: 4B112971D45228BBDF12AA90CC45FAD77B4AF01711F144175F804A6162E7769E10D7C9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000428BC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 000428CE
                                                                                                            • Part of subcall function 0007891F: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,000428DA,00000000), ref: 00078933
                                                                                                            • Part of subcall function 0007891F: GetProcAddress.KERNEL32(00000000), ref: 0007893A
                                                                                                            • Part of subcall function 0007891F: GetLastError.KERNEL32(?,?,?,000428DA,00000000), ref: 00078951
                                                                                                            • Part of subcall function 0007D3D2: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0007D3FF
                                                                                                          Strings
                                                                                                          • variable.cpp, xrefs: 000428F8
                                                                                                          • Failed to set variant value., xrefs: 00042932
                                                                                                          • Failed to get shell folder., xrefs: 00042902
                                                                                                          • Failed to get 64-bit folder., xrefs: 00042918
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                          • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                          • API String ID: 2084161155-3906113122
                                                                                                          • Opcode ID: 08f35039e4ca361aa85590c722200e1fdedb6a025634a50ca32081e0ac4a89d4
                                                                                                          • Instruction ID: d802a328c2cbae8f0e03953f77b58e3ceacc34ea5cd55f721dbe0ad8fee056a2
                                                                                                          • Opcode Fuzzy Hash: 08f35039e4ca361aa85590c722200e1fdedb6a025634a50ca32081e0ac4a89d4
                                                                                                          • Instruction Fuzzy Hash: 2D01C871E4461CB7DF12BB90CC06FEE7A68AF00761F508161F904B6152EB759E1097E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007887B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(000001F4,?,00000001,?,?,0005D62F,?,000001F4,?,?,?,?,?,?,?,?), ref: 0007888B
                                                                                                          • GetLastError.KERNEL32(?,?,0005D62F,?,000001F4,?,?,?,?,?,?,?,?), ref: 00078899
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastObjectSingleWait
                                                                                                          • String ID: procutil.cpp
                                                                                                          • API String ID: 1211598281-1178289305
                                                                                                          • Opcode ID: f13c1dc179e6172bebc52a4225147259b0408fcfa0b316fccfba344bf7d429d4
                                                                                                          • Instruction ID: 9411a2b8a97e2b4bd1c719cb745e6a7a22c13a1008890abf87562d100e823b7b
                                                                                                          • Opcode Fuzzy Hash: f13c1dc179e6172bebc52a4225147259b0408fcfa0b316fccfba344bf7d429d4
                                                                                                          • Instruction Fuzzy Hash: CF11E931D40625ABEB219F658C0C7AA7AD5FB04760F118215FD09E7250DA388D0097E9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D810 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007DAF5: _memset.LIBCMT ref: 0007DB20
                                                                                                            • Part of subcall function 0007DAF5: FindFirstFileW.KERNEL32(00000003,?,00000000,00000000,00000000), ref: 0007DB30
                                                                                                            • Part of subcall function 0007DAF5: FindClose.KERNEL32(00000000), ref: 0007DB3C
                                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000080,?,00000000,000000FF,00000000,?,?,00055B6F,?,00000000,E0000136,00000000,00000000,?,00000000), ref: 0007D83F
                                                                                                          • GetLastError.KERNEL32(?,?,00055B6F,?,00000000,E0000136,00000000,00000000,?,00000000,00000000,?,?,?,?,00000000), ref: 0007D849
                                                                                                          • DeleteFileW.KERNEL32(00000000,?,00000000,000000FF,00000000,?,?,00055B6F,?,00000000,E0000136,00000000,00000000,?,00000000,00000000), ref: 0007D868
                                                                                                          • GetLastError.KERNEL32(?,?,00055B6F,?,00000000,E0000136,00000000,00000000,?,00000000,00000000,?,?,?,?,00000000), ref: 0007D872
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst_memset
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 1255660700-2967768451
                                                                                                          • Opcode ID: 2039febe3402c2c59a776d3caaaa2909118b1f132aee7575c0d7ada6585e84cd
                                                                                                          • Instruction ID: 07d343d6090cbfc6404ee2c4229d2a9654824ac4667c250f3bb5da3270e6c182
                                                                                                          • Opcode Fuzzy Hash: 2039febe3402c2c59a776d3caaaa2909118b1f132aee7575c0d7ada6585e84cd
                                                                                                          • Instruction Fuzzy Hash: D801F931E41B25A7D7615B65CC08B5B7DE8FF04761F008222FC48E6090DF19DD0096E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068AA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00068ABC
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00068B01
                                                                                                          • SetEvent.KERNEL32(?,?,?,?), ref: 00068B15
                                                                                                          Strings
                                                                                                          • Failed to get state during job modification., xrefs: 00068AD5
                                                                                                          • Failure while sending progress during BITS job modification., xrefs: 00068AF0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                                                          • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                          • API String ID: 3094578987-1258544340
                                                                                                          • Opcode ID: af2411021ab6c9cf96af9ba4e8348d4ad445267b7ebdb606b75adfb241c9b16f
                                                                                                          • Instruction ID: 91b3285942855133cc423520c39f0bcbd56b9fdeeafeea6a9f752926b3ec7d0f
                                                                                                          • Opcode Fuzzy Hash: af2411021ab6c9cf96af9ba4e8348d4ad445267b7ebdb606b75adfb241c9b16f
                                                                                                          • Instruction Fuzzy Hash: 2901F572A01629BFDB12DB95D848E9EBBACFF04321B00824AF904D7601DF75A904CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00068D1D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,00068E8B), ref: 00068D31
                                                                                                          • LeaveCriticalSection.KERNEL32(00000008,?,00068E8B), ref: 00068D76
                                                                                                          • SetEvent.KERNEL32(?,?,00068E8B), ref: 00068D8A
                                                                                                          Strings
                                                                                                          • Failure while sending progress., xrefs: 00068D65
                                                                                                          • Failed to get BITS job state., xrefs: 00068D4A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                                                          • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                          • API String ID: 3094578987-2876445054
                                                                                                          • Opcode ID: d0e87ddebaddbe8558ccb3695392da4a7a4fa39e1e61a92f8176bb1ab04c748f
                                                                                                          • Instruction ID: 8a265119967a8ebf19f8d456040fdeede56e7c5fc37e3969ca978906d3b955b2
                                                                                                          • Opcode Fuzzy Hash: d0e87ddebaddbe8558ccb3695392da4a7a4fa39e1e61a92f8176bb1ab04c748f
                                                                                                          • Instruction Fuzzy Hash: 6E01F572A01A29FFCB12CB55D849A9EB7ACFF14321B004256F50997250DF74AD04C7E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006888A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,00068FEF,?,?,?,?,?,00000001,00000000,?), ref: 000688A4
                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00068FEF,?,?,?,?,?,00000001,00000000,?), ref: 000688AF
                                                                                                          • GetLastError.KERNEL32(?,00068FEF,?,?,?,?,?,00000001,00000000,?), ref: 000688BC
                                                                                                          Strings
                                                                                                          • bitsengine.cpp, xrefs: 000688E0
                                                                                                          • Failed to create BITS job complete event., xrefs: 000688EA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                          • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                          • API String ID: 3069647169-3441864216
                                                                                                          • Opcode ID: 2dc71d51182305506c05a3cb6d884541e5d7289eec2c468367e33213b3179bd3
                                                                                                          • Instruction ID: 8974c5e48367d52329bd97694cff5ed3af167ab68fa45df4e4b7b82ce1f3689e
                                                                                                          • Opcode Fuzzy Hash: 2dc71d51182305506c05a3cb6d884541e5d7289eec2c468367e33213b3179bd3
                                                                                                          • Instruction Fuzzy Hash: E6017176641B26BFD7109F6ADC04A86BBD8FF49761B014216F948D7640EB749810CBE8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000499A7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00052EFF,000000B8,00000000), ref: 000499B6
                                                                                                          • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 000499C5
                                                                                                          • LeaveCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00052EFF,000000B8,00000000), ref: 000499DA
                                                                                                          Strings
                                                                                                          • Engine active cannot be changed because it was already in that state., xrefs: 000499FD
                                                                                                          • userexperience.cpp, xrefs: 000499F3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                          • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                          • API String ID: 3376869089-1544469594
                                                                                                          • Opcode ID: 50d4b0392958db01cc616fb76f01afbe1bcf67fc3c125eb5bd4b322e4c21704a
                                                                                                          • Instruction ID: d20069a420fa9b5ebbeb9db44ad7243aefda8948966edb4c1ff8f3c20a615dd7
                                                                                                          • Opcode Fuzzy Hash: 50d4b0392958db01cc616fb76f01afbe1bcf67fc3c125eb5bd4b322e4c21704a
                                                                                                          • Instruction Fuzzy Hash: C4F0AF767006096F9720AEAAEC89DA773ECFB91761304403EF686C7241EA74EC0487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00083147 Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000000,?,?,00000000,00000001,?,00020019,?,00000000,00000000,00020019,?,?), ref: 0008321F
                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,00000000,00000001,?,00020019), ref: 0008325A
                                                                                                          • RegCloseKey.ADVAPI32(?,?,00020019,00000000,00000000,00000000,00000000), ref: 00083276
                                                                                                          • RegCloseKey.ADVAPI32(?,?,00020019,00000000,00000000,00000000,00000000), ref: 00083283
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00020019,00000000,00000000,00000000,00000000), ref: 00083290
                                                                                                            • Part of subcall function 00078AB3: RegCloseKey.ADVAPI32(00000000), ref: 00078C05
                                                                                                            • Part of subcall function 00078E00: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0008320C,?), ref: 00078E18
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Close$InfoOpenQuery
                                                                                                          • String ID:
                                                                                                          • API String ID: 796878624-0
                                                                                                          • Opcode ID: d61c55c547243230a881064f928ed90d2d49832dc6e4d712923e0df76767f289
                                                                                                          • Instruction ID: 87b0f0281d1b72d3c04afdd5f32b2b76e9143d2be2ba2509622b457294fe5559
                                                                                                          • Opcode Fuzzy Hash: d61c55c547243230a881064f928ed90d2d49832dc6e4d712923e0df76767f289
                                                                                                          • Instruction Fuzzy Hash: B9411972C0122DBFDF21AF99CE829EEFBB9BF54B50B11816AE94076121D7314F509B90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00045130 Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,000452E7,00045E28,?,00045E28,?,?,00045E28,?,?), ref: 00045150
                                                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,000452E7,00045E28,?,00045E28,?,?,00045E28,?,?), ref: 00045158
                                                                                                          • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,000452E7,00045E28,?,00045E28,?), ref: 000451A7
                                                                                                          • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,000452E7,00045E28,?,00045E28,?), ref: 00045205
                                                                                                          • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,000452E7,00045E28,?,00045E28,?), ref: 00045232
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString$lstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1657112622-0
                                                                                                          • Opcode ID: 7d532347232f53336b387e3024eafe2816954a133d03a59d6022a5c7472f81e1
                                                                                                          • Instruction ID: 79f5e02391bb0f3b066f80a3b68f35abee1ea556d235a1f56154f64a8fee4d81
                                                                                                          • Opcode Fuzzy Hash: 7d532347232f53336b387e3024eafe2816954a133d03a59d6022a5c7472f81e1
                                                                                                          • Instruction Fuzzy Hash: 6B31A9B2600919BFCF258F48CD45AAF3FAAFB49391F104036FD598B112D2719D90DBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007AAAC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007AAF2
                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007AAFE
                                                                                                            • Part of subcall function 00077AFF: GetProcessHeap.KERNEL32(00000000,?,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B07
                                                                                                            • Part of subcall function 00077AFF: HeapSize.KERNEL32(00000000,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B0E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                          • String ID: strutil.cpp
                                                                                                          • API String ID: 3662877508-3612885251
                                                                                                          • Opcode ID: 7e2493e945872ea61fe4c8d0425b4096f10ec9b5c4e5eb3c07cebd90d57f8067
                                                                                                          • Instruction ID: b4755a1afe5e0f508813d1a251e30a5ba0bdb77f99e10585714d572bc3429c69
                                                                                                          • Opcode Fuzzy Hash: 7e2493e945872ea61fe4c8d0425b4096f10ec9b5c4e5eb3c07cebd90d57f8067
                                                                                                          • Instruction Fuzzy Hash: 1C311E31B01615ABEB208E69CC44A6F77D6FF86360B118225FC19DB191EB38CC0087EA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00041A8C Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,?,?), ref: 00041AD6
                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,?), ref: 00041AEA
                                                                                                          • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00041BD9
                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00041BE0
                                                                                                          • _memset.LIBCMT ref: 00041BEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalDeleteSection$CloseFreeHandle_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 3611737199-0
                                                                                                          • Opcode ID: b80e51d2908a4b0843c6a558c6cb25bb2d67034cddc6db67a52f5befd5c96605
                                                                                                          • Instruction ID: 93bc0219e18a939c0e807713f694f35b3d3c8e063ddc9303923f755461e3f717
                                                                                                          • Opcode Fuzzy Hash: b80e51d2908a4b0843c6a558c6cb25bb2d67034cddc6db67a52f5befd5c96605
                                                                                                          • Instruction Fuzzy Hash: 1B31ACF1A00B059ADA60EBB4C889FDB73ECAF45300F444939F19AD2052EB38E5558769
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007123D Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 00071249
                                                                                                            • Part of subcall function 0006E7C0: __FF_MSGBANNER.LIBCMT ref: 0006E7D7
                                                                                                            • Part of subcall function 0006E7C0: __NMSG_WRITE.LIBCMT ref: 0006E7DE
                                                                                                            • Part of subcall function 0006E7C0: HeapAlloc.KERNEL32(00E10000,00000000,00000001,00000000,00000000,00000000,?,0006ED4F,?,?,?,00000000,?,0006EC3C,00000018,0009FCC0), ref: 0006E803
                                                                                                          • _free.LIBCMT ref: 0007125C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocHeap_free_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 2734353464-0
                                                                                                          • Opcode ID: dd314635cb4e0661ea57607eb79c317ac35c14878adeeb294b48ffd97b74de77
                                                                                                          • Instruction ID: f973ab59ccb3ab45a8e13883848592fe6ef243c1a284c37cb4dbc746863bda59
                                                                                                          • Opcode Fuzzy Hash: dd314635cb4e0661ea57607eb79c317ac35c14878adeeb294b48ffd97b74de77
                                                                                                          • Instruction Fuzzy Hash: 4811E772D08611BBDB712F78EC046DE37D9AF01360F208526F94CD61D3DE38885182AC
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000681C8 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,00000000,?,00000000,?,000681BE,00000000), ref: 000681E3
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,000681BE,00000000), ref: 000681EF
                                                                                                          • CloseHandle.KERNEL32(?,00000000,?,00000000,?,000681BE,00000000), ref: 000681FC
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,000681BE,00000000), ref: 00068209
                                                                                                          • UnmapViewOfFile.KERNEL32(?,00000000,?,000681BE,00000000), ref: 00068218
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$FileUnmapView
                                                                                                          • String ID:
                                                                                                          • API String ID: 260491571-0
                                                                                                          • Opcode ID: b2699b60c6b2878dabc8f8afef4300407d97a77ab1b4dca7cb2ec4cbc967edcc
                                                                                                          • Instruction ID: 682a0d7f5b06c89ddb9605aad09f4da9d83f828e9136e59a2197f2ca8a211140
                                                                                                          • Opcode Fuzzy Hash: b2699b60c6b2878dabc8f8afef4300407d97a77ab1b4dca7cb2ec4cbc967edcc
                                                                                                          • Instruction Fuzzy Hash: D401E436401B16DFCB706F66DC90816FBEAFF50715315C93EE6AA52921CB71A880CF40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007B569 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: #115#116
                                                                                                          • String ID: $wiutil.cpp
                                                                                                          • API String ID: 618785432-1260143216
                                                                                                          • Opcode ID: 6e724c681a03f8ee565656180d994cdb4a22d5817df5f00514b3a0ac4e7c3234
                                                                                                          • Instruction ID: 99014c37dc225c65e36559d60fd6c99c78d65317b409614d55e19c309e2e9d9f
                                                                                                          • Opcode Fuzzy Hash: 6e724c681a03f8ee565656180d994cdb4a22d5817df5f00514b3a0ac4e7c3234
                                                                                                          • Instruction Fuzzy Hash: 8661B170E002169FCB68CF28C8807AEB7B1FB84724B54C26AE90A9F156D3399951CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00081773 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 164COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000818D7
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000818E2
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000818ED
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeString$Heap$AllocateProcess
                                                                                                          • String ID: atomutil.cpp
                                                                                                          • API String ID: 2724874077-4059165915
                                                                                                          • Opcode ID: 5fa336c71008675c5afde6de989e52ebb377efa96f2d6c482bdc884088e505b4
                                                                                                          • Instruction ID: e506853ab7d4a6083d4fb4daf64c698c99c12b5c44d1e3ed0afaf9b54276e036
                                                                                                          • Opcode Fuzzy Hash: 5fa336c71008675c5afde6de989e52ebb377efa96f2d6c482bdc884088e505b4
                                                                                                          • Instruction Fuzzy Hash: 63518E71D0162AEFCB61EBA4C885AEEB7F8BF44710F1145A4E945AB211DB31ED018BE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007FDE4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpSendRequestW.WININET(?,00000000,00000000,00000000,00000000), ref: 0007FE02
                                                                                                          • GetLastError.KERNEL32 ref: 0007FE0C
                                                                                                            • Part of subcall function 000826C0: HttpQueryInfoW.WININET(00000004,?,?,00000004,00000000), ref: 000826E9
                                                                                                            • Part of subcall function 000826C0: GetLastError.KERNEL32(?,?,?,0007FE4F,?,00000013,00000000), ref: 000826F3
                                                                                                          Strings
                                                                                                          • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 0007FF72
                                                                                                          • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 0007FE25
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHttpLast$InfoQueryRequestSend
                                                                                                          • String ID: Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls
                                                                                                          • API String ID: 3042603112-4203213909
                                                                                                          • Opcode ID: fc3b7f0459becaa1f29009fedbf0155a311b7626a5798d63b79af9166ac06d25
                                                                                                          • Instruction ID: 3eb8f411ea03faa1dfce1a87de5bb3729339da7fa6b94d26aeb0dc44315b7676
                                                                                                          • Opcode Fuzzy Hash: fc3b7f0459becaa1f29009fedbf0155a311b7626a5798d63b79af9166ac06d25
                                                                                                          • Instruction Fuzzy Hash: 79412532E001139BEB388A68CC11B7A32D4EF06751F15C139F909AB1D2DE6C9D0093EA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007CD7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(000000B8), ref: 0007CD99
                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0007CDA9
                                                                                                          • VariantClear.OLEAUT32(?), ref: 0007CE8A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$AllocClearInitString
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 2213243845-1270936966
                                                                                                          • Opcode ID: a046df37288615bd9d63b573b3fd1b5d17f6a32beb07e72cf04af3cf6b468085
                                                                                                          • Instruction ID: c1f72fcf37014ac290fdf706e14dde1974f28e7e166463992247b3237fe51200
                                                                                                          • Opcode Fuzzy Hash: a046df37288615bd9d63b573b3fd1b5d17f6a32beb07e72cf04af3cf6b468085
                                                                                                          • Instruction Fuzzy Hash: D4419675D00615ABDB21DFA4C888EAEBBF8EF05710F0581A9FC09EB211D639DD008BA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078C81 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegEnumKeyExW.ADVAPI32(00000000,000000B8,000002F0,00000002,00000000,00000000,00000000,00000000,000002F0,00000002,00000001,00000000,00000000,?,?,00063EA1), ref: 00078CDC
                                                                                                          • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00063EA1,00000000), ref: 00078CFE
                                                                                                          • RegEnumKeyExW.ADVAPI32(00000000,000000B8,000002F0,00000002,00000000,00000000,00000000,00000000,000002F0,00000003,?,?,00063EA1,00000000,00000000,00000000), ref: 00078D4C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Enum$InfoQuery
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 73471667-955085611
                                                                                                          • Opcode ID: 3ac8fdb87227171106bf8fc486f22a6fd78bfaf182bb1a3dc7ba7168b881ef57
                                                                                                          • Instruction ID: 7ce0e2ea101be7e61956308bf542a6826f76411c5e10688541af95873d500b57
                                                                                                          • Opcode Fuzzy Hash: 3ac8fdb87227171106bf8fc486f22a6fd78bfaf182bb1a3dc7ba7168b881ef57
                                                                                                          • Instruction Fuzzy Hash: 5231C2B6D40629BBEB218A94CD88AAFB7EDEF54350F118125FD08E7150DB399E0097A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008166C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081751
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0008175C
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00081767
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeString$Heap$AllocateProcess
                                                                                                          • String ID: atomutil.cpp
                                                                                                          • API String ID: 2724874077-4059165915
                                                                                                          • Opcode ID: 32998a973a41b36261f450ff9ce243dd4d840e3794bfeb5ce3c32417b18bb2ca
                                                                                                          • Instruction ID: 293155e60e04ad5fb568e4c4fd61c585665a8bb47a605680d0be6cfc269e8ede
                                                                                                          • Opcode Fuzzy Hash: 32998a973a41b36261f450ff9ce243dd4d840e3794bfeb5ce3c32417b18bb2ca
                                                                                                          • Instruction Fuzzy Hash: 7631D476D0452ABFCB22BBA4C885FDEB7BCBF00750F014164EA44AB211DB75DD029B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D9F2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0007DAF5: _memset.LIBCMT ref: 0007DB20
                                                                                                            • Part of subcall function 0007DAF5: FindFirstFileW.KERNEL32(00000003,?,00000000,00000000,00000000), ref: 0007DB30
                                                                                                            • Part of subcall function 0007DAF5: FindClose.KERNEL32(00000000), ref: 0007DB3C
                                                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,?), ref: 0007DAE5
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                            • Part of subcall function 0007902A: RegQueryValueExW.ADVAPI32(00000000,000000B8,00000000,000000B8,00000000,00000000,000000B8,BundleUpgradeCode,000002F0,000000B8,00000000,00000000,00052FA9,00000100,000000B0,00000088), ref: 00079052
                                                                                                            • Part of subcall function 0007902A: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,?), ref: 0007908B
                                                                                                          Strings
                                                                                                          • \, xrefs: 0007DA6E
                                                                                                          • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 0007DA24
                                                                                                          • PendingFileRenameOperations, xrefs: 0007DA50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseFindQueryValue$FileFirstOpen_memset
                                                                                                          • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\
                                                                                                          • API String ID: 2165656687-2982801162
                                                                                                          • Opcode ID: a2f643c3b0176e14ce21e948c23efd878f76b856df14aefe20d40201458086ec
                                                                                                          • Instruction ID: 9c21c0f6a3c64c975e59ba53618f63cf8aacbe02ef2f223eb48ff4610ae4c3c1
                                                                                                          • Opcode Fuzzy Hash: a2f643c3b0176e14ce21e948c23efd878f76b856df14aefe20d40201458086ec
                                                                                                          • Instruction Fuzzy Hash: B5319331E04209FADF61AF94CC41AAEB7B5FF00760F18C16BE50CA6151D7799A40CB6A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00045FEC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 00045FFE
                                                                                                            • Part of subcall function 000456A4: GetStringTypeW.KERNEL32(00000001,EB000876,00000001,?,00046039,000002C0,00000100,00000000), ref: 000456E9
                                                                                                          Strings
                                                                                                          • Failed to parse expression., xrefs: 00046041
                                                                                                          • Failed to read next symbol., xrefs: 00046027
                                                                                                          • Failed to expect end symbol., xrefs: 00046059
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: StringType_memset
                                                                                                          • String ID: Failed to expect end symbol.$Failed to parse expression.$Failed to read next symbol.
                                                                                                          • API String ID: 3037995546-1316734955
                                                                                                          • Opcode ID: fa92d27c44be0546da78cad43d39addf8f425acb59a4d348589d460d97c50774
                                                                                                          • Instruction ID: 7c70e869894ee6be85079bff89a0aa443d09dde4b20aa57187be5d4cf833e544
                                                                                                          • Opcode Fuzzy Hash: fa92d27c44be0546da78cad43d39addf8f425acb59a4d348589d460d97c50774
                                                                                                          • Instruction Fuzzy Hash: 2A1193B2D4162CBBDB21EA98DC81DDF77ACDF51750F100176F904BB242E6719E1087A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00063B9D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,000002C0,00000000,000000B8,000002F0,00020019,00000000,000000B8,00000000,?,?,?,00063EDD,00000000,00000000), ref: 00063C5A
                                                                                                          Strings
                                                                                                          • Failed to initialize package from related bundle id: %ls, xrefs: 00063C37
                                                                                                          • Failed to open uninstall key for potential related bundle: %ls, xrefs: 00063BC9
                                                                                                          • Failed to ensure there is space for related bundles., xrefs: 00063C04
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseOpen
                                                                                                          • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                          • API String ID: 47109696-1717420724
                                                                                                          • Opcode ID: 4d6bc8526e77c5be6a6e3faf5f8bcfbb8c9bceb9fafd5e7633a06642900382f3
                                                                                                          • Instruction ID: 1642c22bb960d8504a2ed9d5bd1f14a5e0f3a96ab6f3d34b2baf6ce700032992
                                                                                                          • Opcode Fuzzy Hash: 4d6bc8526e77c5be6a6e3faf5f8bcfbb8c9bceb9fafd5e7633a06642900382f3
                                                                                                          • Instruction Fuzzy Hash: 6A21CF72944619FBDF228E44CD06BEE7B7AEF00720F108151F904B6152D771AB20EBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00077A46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessHeap.KERNEL32(?,00000000,75C0B390,00000000,00000000,00000100,?,00079D35,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00079C7C), ref: 00077A62
                                                                                                          • HeapReAlloc.KERNEL32(00000000,?,00079D35,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00079C7C,?,00000100,?,75C0B390,00000000), ref: 00077A69
                                                                                                            • Part of subcall function 00077883: GetProcessHeap.KERNEL32(?,?,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077894
                                                                                                            • Part of subcall function 00077883: RtlAllocateHeap.NTDLL(00000000,?,0007AB6A,?,00000001,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 0007789B
                                                                                                            • Part of subcall function 00077AFF: GetProcessHeap.KERNEL32(00000000,?,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B07
                                                                                                            • Part of subcall function 00077AFF: HeapSize.KERNEL32(00000000,?,0007AACC,?,75C0B390,8000FFFF,?,?,00077288,?,?,00000000,00000000,8000FFFF), ref: 00077B0E
                                                                                                          • _memcpy_s.LIBCMT ref: 00077AB4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                                                          • String ID: memutil.cpp
                                                                                                          • API String ID: 3406509257-2429405624
                                                                                                          • Opcode ID: e5bdcb4ab5ae30fbf38401c0e149ea2cf28a88d8fa68be054e326ec19a0139aa
                                                                                                          • Instruction ID: 27cef207ecb6d8559052769108f432f49eb25a667104972c1f6be54670513700
                                                                                                          • Opcode Fuzzy Hash: e5bdcb4ab5ae30fbf38401c0e149ea2cf28a88d8fa68be054e326ec19a0139aa
                                                                                                          • Instruction Fuzzy Hash: 3E115931D04915BBEB226E68CC45DAF3A99DF847A0704C614F91C8F192D67DCE1047EA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007776F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00077035,?,?,00000000,00000000,0000FDE9), ref: 00077781
                                                                                                          • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,0000FDE9,00000000,?,?,00077035,?,?,00000000,00000000,0000FDE9), ref: 000777BD
                                                                                                          • GetLastError.KERNEL32(?,?,00077035,?,?,00000000,00000000,0000FDE9), ref: 000777C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastWritelstrlen
                                                                                                          • String ID: logutil.cpp
                                                                                                          • API String ID: 606256338-3545173039
                                                                                                          • Opcode ID: 009ec15f4c562e92e462ec2b48c8b351c8e33f8ac99ee8e771c132502ee12ef9
                                                                                                          • Instruction ID: d5a0cf5c302f6570856f19ce659e538fdf53a76256fb3cc5f7b369be9427198e
                                                                                                          • Opcode Fuzzy Hash: 009ec15f4c562e92e462ec2b48c8b351c8e33f8ac99ee8e771c132502ee12ef9
                                                                                                          • Instruction Fuzzy Hash: 62110A32E046246BD7219A69CC48EAFB6ACFB857A1B118224FD0DD7140EA249D00C6E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00076E4A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FormatMessageW.KERNEL32(00000900,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,0007750B,00000000,00000000,00000000,?,00000001), ref: 00076E69
                                                                                                          • GetLastError.KERNEL32(?,0007750B,00000000,00000000,00000000,?,00000001,?,00042081,00000000,00000000,00000000,?,?,00055B97,00000002), ref: 00076E75
                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000000,?,?,0007750B,00000000,00000000,00000000,?,00000001,?,00042081,00000000,00000000), ref: 00076EDD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                          • String ID: logutil.cpp
                                                                                                          • API String ID: 1365068426-3545173039
                                                                                                          • Opcode ID: c21354de7713bda2f0f25fde68da839c5b902ca991a857153a8f8d0973b08a9e
                                                                                                          • Instruction ID: d7e9a4e0dcdfef224fd4cc7a2baeb4f36f5bf5013bda4e28aad4f673cb229bbf
                                                                                                          • Opcode Fuzzy Hash: c21354de7713bda2f0f25fde68da839c5b902ca991a857153a8f8d0973b08a9e
                                                                                                          • Instruction Fuzzy Hash: 97119D39A00518ABEF219F94CD05EEF3AA9EF54710F008019FD0696160D7368E20D7B5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00062D1F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          • IGNOREDEPENDENCIES, xrefs: 00062D25
                                                                                                          • Failed to add "%ls" to the string dictionary., xrefs: 00062D87
                                                                                                          • Failed to check the dictionary of unique dependencies., xrefs: 00062D51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _wcstok_s
                                                                                                          • String ID: Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.$IGNOREDEPENDENCIES
                                                                                                          • API String ID: 86363921-844748263
                                                                                                          • Opcode ID: 41240e4086428547be1ce91c8df0ef312e35664429c9e737b80e433ce0741d71
                                                                                                          • Instruction ID: b8a9aa2c1c0cd4b9eb401a256d6db3a5cd4a8fbbb114fe9167f72c5a39826939
                                                                                                          • Opcode Fuzzy Hash: 41240e4086428547be1ce91c8df0ef312e35664429c9e737b80e433ce0741d71
                                                                                                          • Instruction Fuzzy Hash: CB017673D0592CBACB20A5409C05DEF7B6EDB81BF2F114175FC08AB102EA665E0091E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E449 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(0004B8B4,40000000,00000001,00000000,00000002,?,00000000,?,00000000,?,0004B8B4,?,00000080,?,00000000), ref: 0007E461
                                                                                                          • GetLastError.KERNEL32(?,0004B8B4,?,00000080,?,00000000,?,?,?,?,?,?), ref: 0007E46E
                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,?,0004B8B4,?,00000080,?,00000000,?,?,?,?,?,?), ref: 0007E4C2
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 2528220319-2967768451
                                                                                                          • Opcode ID: 8b05f6c203eb6299020891d4d2719d7b7b558450f7d240510220ba7108bef097
                                                                                                          • Instruction ID: 5238a4e1be778ddea01242a1c773b1056986dfa377c5fa23c6fc5ddf9891a6f1
                                                                                                          • Opcode Fuzzy Hash: 8b05f6c203eb6299020891d4d2719d7b7b558450f7d240510220ba7108bef097
                                                                                                          • Instruction Fuzzy Hash: D401F732A4266077EB315A69CC05F9B3A95AB49771F114310FE28AB1E1C7399C1097F8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E020 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000000B8,00000000,?,00063CFE,00000000,000002C0,000000B8,BundleCachePath,00000000), ref: 0007E054
                                                                                                          • GetLastError.KERNEL32(?,00063CFE,00000000,000002C0,000000B8,BundleCachePath,00000000,000000B8,BundleVersion,00000108,000000B8,EngineVersion,000000B8,00000100), ref: 0007E061
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateErrorFileLast
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 1214770103-2967768451
                                                                                                          • Opcode ID: b09c02f98ca24100073b70596012583754336c1898564ba9bca9789767d56c75
                                                                                                          • Instruction ID: dfefc3d4f0cc3511b91239baa504c2723693b59eede6ffb7d450e6d9438971eb
                                                                                                          • Opcode Fuzzy Hash: b09c02f98ca24100073b70596012583754336c1898564ba9bca9789767d56c75
                                                                                                          • Instruction Fuzzy Hash: CE014932A81720BBEB302664DC09FAB7598EB05770F018120FE49EA0D1C6AD4D8057EC
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00061CD8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48serviceCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ControlService.ADVAPI32(00061BE8,00000001,?,00000001,00000000,?,?,?,?,?,?,00061BE8,00000000), ref: 00061D00
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,00061BE8,00000000), ref: 00061D0A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ControlErrorLastService
                                                                                                          • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                          • API String ID: 4114567744-2259829683
                                                                                                          • Opcode ID: 87c9b7ff8209d2fab8bfc5d8d1a07bcc7f8db88c2df6b79a078886010487ef07
                                                                                                          • Instruction ID: 3306c35d62a0be8b92937318e8d3be8ab98f370dd77a3d7e87863d0077432823
                                                                                                          • Opcode Fuzzy Hash: 87c9b7ff8209d2fab8bfc5d8d1a07bcc7f8db88c2df6b79a078886010487ef07
                                                                                                          • Instruction Fuzzy Hash: B101DB32B446286BE7109BB99C05FEBB7E8EF48751F01412AFD04EB181D9359D0186E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A604 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 0005A62C
                                                                                                          • GetLastError.KERNEL32 ref: 0005A636
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005A65A
                                                                                                          • Failed to post elevate message., xrefs: 0005A664
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessagePostThread
                                                                                                          • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                          • API String ID: 2609174426-4098423239
                                                                                                          • Opcode ID: c2a77c870a8355cb9846f37c238b04194acb30b17d47742b5eb4aa5c540bba78
                                                                                                          • Instruction ID: bbb0e52beb8b75cc8c349eb4587d989c87bde2c47dc97c901456491f44f30aa9
                                                                                                          • Opcode Fuzzy Hash: c2a77c870a8355cb9846f37c238b04194acb30b17d47742b5eb4aa5c540bba78
                                                                                                          • Instruction Fuzzy Hash: 95F08B36790730AFD7201A689C09A8337C8FF00761F118229FE19EB0D2CB25CC0187D8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00049DAE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 00049DD5
                                                                                                          • FreeLibrary.KERNEL32(?,?,00041530,?), ref: 00049DE4
                                                                                                          • GetLastError.KERNEL32(?,00041530,?), ref: 00049DEE
                                                                                                          Strings
                                                                                                          • BootstrapperApplicationDestroy, xrefs: 00049DCD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressErrorFreeLastLibraryProc
                                                                                                          • String ID: BootstrapperApplicationDestroy
                                                                                                          • API String ID: 1144718084-3186005537
                                                                                                          • Opcode ID: 26488dac6f095c33f59a52fb42fca9caa59802201f46e89ef4396ae7d6de09ac
                                                                                                          • Instruction ID: 796169ccfd3a4bc6ce361a71ef1d353fdfc9dbd713cb552497bd45e2baa43a7a
                                                                                                          • Opcode Fuzzy Hash: 26488dac6f095c33f59a52fb42fca9caa59802201f46e89ef4396ae7d6de09ac
                                                                                                          • Instruction Fuzzy Hash: E7F06D32200B009FE720AF67DC04A67B7E9BF80762B05C93DE556C6520DB75E800CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006EABC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 0006EACA
                                                                                                            • Part of subcall function 0006EB72: __mtinitlocknum.LIBCMT ref: 0006EB84
                                                                                                            • Part of subcall function 0006EB72: EnterCriticalSection.KERNEL32(00000008,?,0006C037,0000000D), ref: 0006EB9D
                                                                                                          • _free.LIBCMT ref: 0006EAFB
                                                                                                          • _free.LIBCMT ref: 0006EB04
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$CriticalEnterSection__lock__mtinitlocknum
                                                                                                          • String ID: h?
                                                                                                          • API String ID: 3990512260-26116264
                                                                                                          • Opcode ID: 489c90aa6be48118e0492f4ed389b63e299c7ee978f8cb5600d1e6a285a8a775
                                                                                                          • Instruction ID: 3cff7e12c1efe94ca79746205088f316d39a8cbc7dfc15ab65295740ebc2f7a3
                                                                                                          • Opcode Fuzzy Hash: 489c90aa6be48118e0492f4ed389b63e299c7ee978f8cb5600d1e6a285a8a775
                                                                                                          • Instruction Fuzzy Hash: B0F0F039A41382AFEB24AF64C5037AFB3A2AF01710F10C16DF4069B682DB78E900CB00
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005AC10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 0005AC25
                                                                                                          • GetLastError.KERNEL32 ref: 0005AC2F
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005AC53
                                                                                                          • Failed to post plan message., xrefs: 0005AC5D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessagePostThread
                                                                                                          • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                          • API String ID: 2609174426-2952114608
                                                                                                          • Opcode ID: 5f09fdc8b466005cc1eea9006fd9eea1be5e3b9838e458dd8d19de2a6f24732e
                                                                                                          • Instruction ID: 72d1bc2f7c5f0c586670fdd672e2ebfb66120d8ec03a47f884c72ca75e7ff3d9
                                                                                                          • Opcode Fuzzy Hash: 5f09fdc8b466005cc1eea9006fd9eea1be5e3b9838e458dd8d19de2a6f24732e
                                                                                                          • Instruction Fuzzy Hash: 7AF0A732B907346FE7616A79AC09A877ED8EF04BA1F014121FD0CEA191D955C90086E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A512 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 0005A527
                                                                                                          • GetLastError.KERNEL32 ref: 0005A531
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005A555
                                                                                                          • Failed to post apply message., xrefs: 0005A55F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessagePostThread
                                                                                                          • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                          • API String ID: 2609174426-1304321051
                                                                                                          • Opcode ID: c841a86a93a6a26859d15c37900b3af8ffe5e132dd2d07631ea0f55406ff6112
                                                                                                          • Instruction ID: 7696f0a392f536c8534ef18e45c083eb6117aa44deb4c24cb2a1d5019d747430
                                                                                                          • Opcode Fuzzy Hash: c841a86a93a6a26859d15c37900b3af8ffe5e132dd2d07631ea0f55406ff6112
                                                                                                          • Instruction Fuzzy Hash: 54F0A732B907346FE6216AA9AC09E877EC8EF057A1B414111FD08EA192D955C9108AE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005AD1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 0005AD31
                                                                                                          • GetLastError.KERNEL32 ref: 0005AD3B
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005AD5F
                                                                                                          • Failed to post shutdown message., xrefs: 0005AD69
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessagePostThread
                                                                                                          • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                          • API String ID: 2609174426-188808143
                                                                                                          • Opcode ID: eacce50aaa6f3e53c751604ad78a3d69f2069cf50c1f60fd7af6da0ea1d4575a
                                                                                                          • Instruction ID: 2e6b1a6ec4cf3aabc4173f09581dad5ecc0f965c5ffc6324768efa91f7533a49
                                                                                                          • Opcode Fuzzy Hash: eacce50aaa6f3e53c751604ad78a3d69f2069cf50c1f60fd7af6da0ea1d4575a
                                                                                                          • Instruction Fuzzy Hash: 95F0A732790B346FE7112AA95C09B877AD8FF057A1F018115FE48EA192E955DD009AE8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005A5A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 0005A5B8
                                                                                                          • GetLastError.KERNEL32 ref: 0005A5C2
                                                                                                          Strings
                                                                                                          • EngineForApplication.cpp, xrefs: 0005A5E6
                                                                                                          • Failed to post detect message., xrefs: 0005A5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastMessagePostThread
                                                                                                          • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                          • API String ID: 2609174426-598219917
                                                                                                          • Opcode ID: 09153727a9b191d8a29d99f39d9ae8fafdbf0cca72df1ad65cf6e125c58cda1f
                                                                                                          • Instruction ID: 98476466683736b517497328b4268de698d2217cd7a83cae2a3ff8fb90bb2eb9
                                                                                                          • Opcode Fuzzy Hash: 09153727a9b191d8a29d99f39d9ae8fafdbf0cca72df1ad65cf6e125c58cda1f
                                                                                                          • Instruction Fuzzy Hash: B0F0A732B907346FE6216A695C09F877ED8EF047A1F014125FD0CEA191D965DD0086E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005BE99 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetEvent.KERNEL32(2798E857,00000000,?,0005CDB8,0004230A,00000000,?,000487D1,0004230A,00041F6E,?,00053517,?,00041E2E,00041E76,?), ref: 0005BEA3
                                                                                                          • GetLastError.KERNEL32(?,0005CDB8,0004230A,00000000,?,000487D1,0004230A,00041F6E,?,00053517,?,00041E2E,00041E76,?,00041EB6,WixBundleElevated), ref: 0005BEAD
                                                                                                          Strings
                                                                                                          • cabextract.cpp, xrefs: 0005BED1
                                                                                                          • Failed to set begin operation event., xrefs: 0005BEDB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorEventLast
                                                                                                          • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                          • API String ID: 3848097054-4159625223
                                                                                                          • Opcode ID: 023503053ce557a5a17e755e76bec0e051287a66517c87f4e168afb84b1a4494
                                                                                                          • Instruction ID: 8f682e18d3969d528acd8badde5d8c01a578a0bbbee7e8ca67294d939ebfb926
                                                                                                          • Opcode Fuzzy Hash: 023503053ce557a5a17e755e76bec0e051287a66517c87f4e168afb84b1a4494
                                                                                                          • Instruction Fuzzy Hash: 95F0EC33A417346FF71166B65C06BD776C8EF05792F014125FE08E7191DB559D0046E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006C134 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,000A2730,?,?,0006C173,?,?,0006E7ED,000000FF,0000001E,00000000,00000000,00000000,?,0006ED4F), ref: 0006C143
                                                                                                          • GetProcAddress.KERNEL32(000A2730,CorExitProcess), ref: 0006C155
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                          • API String ID: 1646373207-1276376045
                                                                                                          • Opcode ID: 53350040a236b85526a3d36cfaa8ba56f2c2961b759ef8a51bd3c4bc96d37074
                                                                                                          • Instruction ID: 66648a125ff84d929f7c40e7d7afb9b92a600b5ede41b92f3dce4424f9d4cb45
                                                                                                          • Opcode Fuzzy Hash: 53350040a236b85526a3d36cfaa8ba56f2c2961b759ef8a51bd3c4bc96d37074
                                                                                                          • Instruction Fuzzy Hash: E9D01270740708BBEF509F92DC06F6E7BADAB42B46F000154B949E8090DA619A14DAA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00072451 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 0007246C
                                                                                                            • Part of subcall function 0006EB72: __mtinitlocknum.LIBCMT ref: 0006EB84
                                                                                                            • Part of subcall function 0006EB72: EnterCriticalSection.KERNEL32(00000008,?,0006C037,0000000D), ref: 0006EB9D
                                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 0007247C
                                                                                                            • Part of subcall function 0006F0D9: ___addlocaleref.LIBCMT ref: 0006F0F5
                                                                                                            • Part of subcall function 0006F0D9: ___removelocaleref.LIBCMT ref: 0006F100
                                                                                                            • Part of subcall function 0006F0D9: ___freetlocinfo.LIBCMT ref: 0006F114
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterEx_nolockSection___addlocaleref___freetlocinfo___removelocaleref__lock__mtinitlocknum__updatetlocinfo
                                                                                                          • String ID: p$$p$
                                                                                                          • API String ID: 547918592-3440707669
                                                                                                          • Opcode ID: 3547de56117fb161fdc22228b589d4566b801cb23df7afe3c7f53efd811b94ea
                                                                                                          • Instruction ID: b0dd5e47a975d3beaea39319216b0a1ebf875ce822a8e3f4fa7f7e7b77bc50d5
                                                                                                          • Opcode Fuzzy Hash: 3547de56117fb161fdc22228b589d4566b801cb23df7afe3c7f53efd811b94ea
                                                                                                          • Instruction Fuzzy Hash: 48E0C232D45300AAE620BBFCEC0BB9E3690AB07721F20817AF04C5A0D3CBBC15408B15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00072275 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 000722AB
                                                                                                          • __isleadbyte_l.LIBCMT ref: 000722D9
                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00072307
                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0007233D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: ee88b59b76b58853e37fe533e2233b1b69862af6ce7ad0d11bff69dc943a98b3
                                                                                                          • Instruction ID: 5b3649ce49169351a1ac93628b4949573d8f8c6ae35e3805952a88a9f905596b
                                                                                                          • Opcode Fuzzy Hash: ee88b59b76b58853e37fe533e2233b1b69862af6ce7ad0d11bff69dc943a98b3
                                                                                                          • Instruction Fuzzy Hash: 9831CD30A0424AFFDB218E75C844BBE7BE9BF41310F158029E858971A1E738E991DBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007C8F4 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0007C907
                                                                                                          • VariantInit.OLEAUT32(?), ref: 0007C913
                                                                                                          • VariantClear.OLEAUT32(?), ref: 0007C987
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007C992
                                                                                                            • Part of subcall function 0007CB49: SysAllocString.OLEAUT32(?), ref: 0007CB5E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocVariant$ClearFreeInit
                                                                                                          • String ID:
                                                                                                          • API String ID: 347726874-0
                                                                                                          • Opcode ID: 7d5cc4b9d8ee493d4f6402e0e149659c86a3eead8661485588d4e46f4c8c7b9f
                                                                                                          • Instruction ID: af3a75abbb37297c1a973106747ed67e7bc19af6d2a6fb39c6a902a498278071
                                                                                                          • Opcode Fuzzy Hash: 7d5cc4b9d8ee493d4f6402e0e149659c86a3eead8661485588d4e46f4c8c7b9f
                                                                                                          • Instruction Fuzzy Hash: 5F216031E01219EBDB54DBA4D848EAEBBB8BF48B12F01419CEA09A7210D7359E00CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000419D9 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0004BD09: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,?,?,?,000419F8,?,?), ref: 0004BD59
                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?), ref: 00041A5F
                                                                                                            • Part of subcall function 00078792: _memset.LIBCMT ref: 000787A7
                                                                                                            • Part of subcall function 00078792: CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000512D9,?,?,?,?,00000000,00000000), ref: 000787FE
                                                                                                            • Part of subcall function 00078792: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00078808
                                                                                                            • Part of subcall function 00078792: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00078851
                                                                                                            • Part of subcall function 00078792: CloseHandle.KERNEL32(000512D9,?,?,?,?,00000000,00000000,00000000), ref: 0007885E
                                                                                                          Strings
                                                                                                          • Unable to get resume command line from the registry, xrefs: 000419FE
                                                                                                          • Failed to get current process path., xrefs: 00041A15
                                                                                                          • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00041A49
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Close$Handle$CreateErrorLastProcess_memset
                                                                                                          • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                          • API String ID: 3706487244-642631345
                                                                                                          • Opcode ID: 878bad0078a1a414f25531c99c324c7e5de20ad141db55b067f4a96d1ef525cf
                                                                                                          • Instruction ID: f0fefeb5a1171cb54d09a983da465adc97a8c37dbb14eef77df75ad611b40c42
                                                                                                          • Opcode Fuzzy Hash: 878bad0078a1a414f25531c99c324c7e5de20ad141db55b067f4a96d1ef525cf
                                                                                                          • Instruction Fuzzy Hash: 921172B5D01518FBCF12AB94DC018DDBBB8EF54711B1081B2F844B6211E7358B609B4A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00073DAD Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                          • Instruction ID: f6a9984c36de201ebc3f8ada675323b2e64b56f33c77520dfe926b6840c51399
                                                                                                          • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                          • Instruction Fuzzy Hash: F9014C7680014EBBDF225E84DC42CEE3F66BB1C354B588415FA1D59071C33ACAB1BB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043DE4 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00043DF0
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00043E57
                                                                                                          Strings
                                                                                                          • Failed to get value of variable: %ls, xrefs: 00043E2A
                                                                                                          • Failed to get value as numeric for variable: %ls, xrefs: 00043E46
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                          • API String ID: 3168844106-4270472870
                                                                                                          • Opcode ID: 15fa6c9ec0d78140508811527d7242f2c0cf1c03831edc2ee1c9cd39cc118287
                                                                                                          • Instruction ID: 00ec5f77c7bd311a99ab531efb360e94fc45f7eccad61278fdce37f25941bd5c
                                                                                                          • Opcode Fuzzy Hash: 15fa6c9ec0d78140508811527d7242f2c0cf1c03831edc2ee1c9cd39cc118287
                                                                                                          • Instruction Fuzzy Hash: 7501D4B2901129FBCF216F85CC05A9E7B64FF10725F114171FD04AA151C7369F209BD8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043E66 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0004E6CC,00000001,WixBundleLayoutDirectory,00000001,00000000), ref: 00043E72
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000001,00000000,?,0004E6CC,00000001,WixBundleLayoutDirectory,00000001,00000000), ref: 00043ED9
                                                                                                          Strings
                                                                                                          • Failed to get value of variable: %ls, xrefs: 00043EAC
                                                                                                          • Failed to get value as string for variable: %ls, xrefs: 00043EC8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls
                                                                                                          • API String ID: 3168844106-2100416246
                                                                                                          • Opcode ID: eaa94cde0aafc392e2435cb007dd05687b3c5ad573c2f62bb45156c42047ad5d
                                                                                                          • Instruction ID: 5a1d7ae12ba7f9ce2892ddc1fcb5bd9434946202801cbea36befa48c75989e91
                                                                                                          • Opcode Fuzzy Hash: eaa94cde0aafc392e2435cb007dd05687b3c5ad573c2f62bb45156c42047ad5d
                                                                                                          • Instruction Fuzzy Hash: CE01B1B2901129FBDF225E40CC05A9E7B64FF00361F014171FD04AA1A1D73A9B109BD8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043F59 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00043F65
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00043FCC
                                                                                                          Strings
                                                                                                          • Failed to get value of variable: %ls, xrefs: 00043F9F
                                                                                                          • Failed to get value as version for variable: %ls, xrefs: 00043FBB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                          • API String ID: 3168844106-1851729331
                                                                                                          • Opcode ID: 8b412942516db4bd8b200c27bea2a8fd0ce6077642e2d4bc62d2668c2605e5dc
                                                                                                          • Instruction ID: 314d8c884c935adcd9a314af76c3090e00e67d6214d8411eaa26bec90d837b34
                                                                                                          • Opcode Fuzzy Hash: 8b412942516db4bd8b200c27bea2a8fd0ce6077642e2d4bc62d2668c2605e5dc
                                                                                                          • Instruction Fuzzy Hash: EB017CB6D44129FBCF216E54CC05B9E7B68BF00761F015171FD18AA251CB36DA249BD8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00043EE8 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00045F8B,00000000,?,00000000,00000000,00000000,?,00045DCC,00000000,?,00000000,00000000), ref: 00043EF4
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,?,00045F8B,00000000,?,00000000,00000000,00000000,?,00045DCC,00000000,?), ref: 00043F4A
                                                                                                          Strings
                                                                                                          • Failed to get value of variable: %ls, xrefs: 00043F1A
                                                                                                          • Failed to copy value of variable: %ls, xrefs: 00043F39
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                          • API String ID: 3168844106-2936390398
                                                                                                          • Opcode ID: 7c0a8eb00304f6a918caf33023cf71e5ed024e93a514beac3d32af1cf5def116
                                                                                                          • Instruction ID: 671c194745f02cd71d91d5088fafb7b107d5fb9d9f5f92938907c187f535d1fb
                                                                                                          • Opcode Fuzzy Hash: 7c0a8eb00304f6a918caf33023cf71e5ed024e93a514beac3d32af1cf5def116
                                                                                                          • Instruction Fuzzy Hash: 5DF0AF76904128FBCF126F94CC05EDE7B69FF24361F008170FD54AA221DB369A249BD8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00082377 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00082474
                                                                                                          • GetLastError.KERNEL32 ref: 0008247E
                                                                                                            • Part of subcall function 00074A32: wcstoxl.LIBCMT ref: 00074A40
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$ErrorFileLastSystemwcstoxl
                                                                                                          • String ID: timeutil.cpp
                                                                                                          • API String ID: 3330575103-3204814302
                                                                                                          • Opcode ID: 9d3761771f9faaac38d4a8e34a75a135c5c81f452ac167a79f98cdfbdf62f4d1
                                                                                                          • Instruction ID: 3c964086544cd78a606706992f72ca16a77cc5d5d866868b19897de37d786590
                                                                                                          • Opcode Fuzzy Hash: 9d3761771f9faaac38d4a8e34a75a135c5c81f452ac167a79f98cdfbdf62f4d1
                                                                                                          • Instruction Fuzzy Hash: EB411971F50305B6EB20BBB48C41BBF73B5FF91701F509129BA85A7191E6388E018776
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007DE41 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000000), ref: 0007DFA2
                                                                                                            • Part of subcall function 0007902A: RegQueryValueExW.ADVAPI32(00000000,000000B8,00000000,000000B8,00000000,00000000,000000B8,BundleUpgradeCode,000002F0,000000B8,00000000,00000000,00052FA9,00000100,000000B0,00000088), ref: 00079052
                                                                                                            • Part of subcall function 0007902A: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,?), ref: 0007908B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue$CloseOpen
                                                                                                          • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                          • API String ID: 1586453840-3023217399
                                                                                                          • Opcode ID: 7fc4986f2ae8ba937e1d55781fcde8ca22bced3cf3248a4d0455ec730bc7e32c
                                                                                                          • Instruction ID: 613a61e5397dca3c29abfd41ea47f1d48441f3aed39e42cbc5d73ab6516ea5be
                                                                                                          • Opcode Fuzzy Hash: 7fc4986f2ae8ba937e1d55781fcde8ca22bced3cf3248a4d0455ec730bc7e32c
                                                                                                          • Instruction Fuzzy Hash: C1419D71E00119EBCF61EF84C8809AEBBF5EF44710F2580ABF50AAB251D7399E00DB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078AB3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00078C05
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseOpen
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 47109696-955085611
                                                                                                          • Opcode ID: 13b4e94339a1ed2de823e62a4230e9b26ba4153c9ad4116bea6b4e1ff23f7850
                                                                                                          • Instruction ID: 247be5c3c89715319038f9aa252340dd80cd5228d8c953b359a0cc14e88a1dde
                                                                                                          • Opcode Fuzzy Hash: 13b4e94339a1ed2de823e62a4230e9b26ba4153c9ad4116bea6b4e1ff23f7850
                                                                                                          • Instruction Fuzzy Hash: 1341E572D80129FBDF215A948C48BAEBBE4EB04760F10C165FE09AA161DB7D8D5097DC
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078ED3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00078F49
                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00078F84
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 3660427363-955085611
                                                                                                          • Opcode ID: e11e5d90e5b4897404421b9c40869ad79be1b7c81015115b548bb35b9c9836b7
                                                                                                          • Instruction ID: ddf81a38d6ee136d60ed0066f805b5c0f6ce9e5ec2a0c49cbca8ca8587496bfc
                                                                                                          • Opcode Fuzzy Hash: e11e5d90e5b4897404421b9c40869ad79be1b7c81015115b548bb35b9c9836b7
                                                                                                          • Instruction Fuzzy Hash: 9B418131D4012AEFDF219EA8C9459AEBBB9FF44310F10C169F918E7251DB398E10AB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00082FE8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00082A97: lstrlenW.KERNEL32(00000100,?,?,?,00082E60,000000B8,00000001,00000001,00000100,?,?,?,00062E16,?,?,000000BD), ref: 00082ABC
                                                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 000830CD
                                                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 000830E7
                                                                                                            • Part of subcall function 00078A3F: RegCreateKeyExW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?,?,0004C951,00000000,00000000,00020006), ref: 00078A64
                                                                                                            • Part of subcall function 000792ED: RegSetValueExW.ADVAPI32(00020006,00000001,00000000,00000001,00000001,00000002,00000001,000000FF,00000002,00000000,?,?,0004B6E4,00000002,?,?), ref: 00079320
                                                                                                            • Part of subcall function 000792ED: RegDeleteValueW.ADVAPI32(00020006,00000001,00000000,?,?,0004B6E4,00000002,?,?,00000001,00000001,00020006,00000002,00020006,00000000,?), ref: 00079350
                                                                                                            • Part of subcall function 0007929F: RegSetValueExW.ADVAPI32(?,00000000,00000000,00000004,00020006,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0004B63C,00000005,Resume,?,?,00020006,00000000,?), ref: 000792B4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value$Close$CreateDeletelstrlen
                                                                                                          • String ID: %ls\%ls
                                                                                                          • API String ID: 3924016894-2125769799
                                                                                                          • Opcode ID: 08047848b7867a7d9f75ad5896e44e8e8f4da103c003e5a98f5f9982f8ab073b
                                                                                                          • Instruction ID: a8f6c16432246160b8a8c585f106e3068e14cff38f93299a38748de0aa31fa52
                                                                                                          • Opcode Fuzzy Hash: 08047848b7867a7d9f75ad5896e44e8e8f4da103c003e5a98f5f9982f8ab073b
                                                                                                          • Instruction Fuzzy Hash: AA310772C0012ABBDF21AFD48C418DEFBB9BB44750B04816AEA4466222D7358F11AF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadFile.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,?,?,000541E5,?,00000000,?,00000000,00000000,?), ref: 0007D639
                                                                                                          • GetLastError.KERNEL32(?,000541E5,?,00000000,?,00000000,00000000,?,00000000), ref: 0007D69C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastRead
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 1948546556-2967768451
                                                                                                          • Opcode ID: 59c6518dd4802e006413d221b798c449308180b8900b5c3cd96a2e692a1511dd
                                                                                                          • Instruction ID: fd8f089052d719476c3823e615634c3f431eee22bc115ccde20aee4e5e535493
                                                                                                          • Opcode Fuzzy Hash: 59c6518dd4802e006413d221b798c449308180b8900b5c3cd96a2e692a1511dd
                                                                                                          • Instruction Fuzzy Hash: FA415271E002699BDB21CE54CD407EAB3B5FF48741F0085ABE94D97240D6B89DC48FA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007B880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • #171.MSI(00000000,?,00085570,?), ref: 0007B8D0
                                                                                                          • #171.MSI(00000000,?,?,?,?,?,00000000,?,00085570,?), ref: 0007B910
                                                                                                            • Part of subcall function 0007B569: #115.MSI(?), ref: 0007B59A
                                                                                                            • Part of subcall function 0007B569: #116.MSI(?,00000001,?), ref: 0007B5B8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: #171$#115#116
                                                                                                          • String ID: wiutil.cpp
                                                                                                          • API String ID: 2532461077-4248292292
                                                                                                          • Opcode ID: f677059cb8d87611437a34d216f80c7a388f578f5864f51c0b11ffc066b27bcd
                                                                                                          • Instruction ID: 259e671b6b32610005ab876e22993849437afc50f03062a7af444ef24ae7fde0
                                                                                                          • Opcode Fuzzy Hash: f677059cb8d87611437a34d216f80c7a388f578f5864f51c0b11ffc066b27bcd
                                                                                                          • Instruction Fuzzy Hash: 5421B071E00218BADB159AA5CD45FFFBBECDF45710F10802AFA19D6051D7398E00D668
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078629 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove_s
                                                                                                          • String ID: \\?\$\\?\UNC
                                                                                                          • API String ID: 800865076-2523517826
                                                                                                          • Opcode ID: 767830bbb308e5b949ce50b0fd0b896a8e43425d17af89bbfa59ba2857339228
                                                                                                          • Instruction ID: 83a46f99ac641fc7d9ff8f6207a60fd5564318a13b23bb1c0ab614a8d8a1ccc6
                                                                                                          • Opcode Fuzzy Hash: 767830bbb308e5b949ce50b0fd0b896a8e43425d17af89bbfa59ba2857339228
                                                                                                          • Instruction Fuzzy Hash: 0911E961B80211B9F63066119C49FFA7398EB50B74F90C416F68C9D0C4EA69BAC1C76D
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000799F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: d$srputil.cpp
                                                                                                          • API String ID: 2102423945-1161740003
                                                                                                          • Opcode ID: ba65892ee9aede08654b7c8d8fd3f4af5e0c11ad2a8cb8314de6843080f3dad6
                                                                                                          • Instruction ID: 0d8827d6c3a32d119bd96004ab1acca6c6ef7c538511d84bcd706035c8adf1ae
                                                                                                          • Opcode Fuzzy Hash: ba65892ee9aede08654b7c8d8fd3f4af5e0c11ad2a8cb8314de6843080f3dad6
                                                                                                          • Instruction Fuzzy Hash: 9F11D532E00228BAEB20DAA5DC46FEBB3B8EB44700F00856EE909E7141D635CD058AD4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004FC16 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000009,?,?,?,000501A8,00000009,?,00000000,?,?,?,000417CF), ref: 0004FCB2
                                                                                                            • Part of subcall function 00078ED3: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00078F49
                                                                                                            • Part of subcall function 00078ED3: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00078F84
                                                                                                          Strings
                                                                                                          • SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 0004FC27
                                                                                                          • Logging, xrefs: 0004FC44
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue$CloseOpen
                                                                                                          • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
                                                                                                          • API String ID: 1586453840-387823766
                                                                                                          • Opcode ID: c29b9ae96a0ba3088066a85001daf79296863b162e9d172514e09c138adcd9be
                                                                                                          • Instruction ID: 45cb668bc5e0a3559d0ccb137d3fa22ff927305211103d9133b2adc6abc08e4e
                                                                                                          • Opcode Fuzzy Hash: c29b9ae96a0ba3088066a85001daf79296863b162e9d172514e09c138adcd9be
                                                                                                          • Instruction Fuzzy Hash: 7111D3B2A4020DBBDB21AB94DEC6EBFBBB8AB04741F404071E9009B091E2715E81D728
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000792ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExW.ADVAPI32(00020006,00000001,00000000,00000001,00000001,00000002,00000001,000000FF,00000002,00000000,?,?,0004B6E4,00000002,?,?), ref: 00079320
                                                                                                          • RegDeleteValueW.ADVAPI32(00020006,00000001,00000000,?,?,0004B6E4,00000002,?,?,00000001,00000001,00020006,00000002,00020006,00000000,?), ref: 00079350
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value$Delete
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 1738766685-955085611
                                                                                                          • Opcode ID: 1ddbe2552ee143964951b31d501e132b319e03de2d6b129ce47db455208b300f
                                                                                                          • Instruction ID: 7a19ef3a9d034f312ea7f33c7a2e799499d7dc7804d5ede4d766b5e5ef6c23ab
                                                                                                          • Opcode Fuzzy Hash: 1ddbe2552ee143964951b31d501e132b319e03de2d6b129ce47db455208b300f
                                                                                                          • Instruction Fuzzy Hash: D711CA36D41635BBEF319D698C05FAA76D5EB04750F018321FD04EA1E0D765CE1097E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004A284 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,00062720,00000000,IGNOREDEPENDENCIES,00000000,?,?), ref: 0004A2D5
                                                                                                          Strings
                                                                                                          • IGNOREDEPENDENCIES, xrefs: 0004A28C
                                                                                                          • Failed to copy the property value., xrefs: 0004A309
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CompareString
                                                                                                          • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                          • API String ID: 1825529933-1412343224
                                                                                                          • Opcode ID: de5a6a4a76fc46943bc05cdf99d3b888bb3e8836a090f427ca64ad7ed2e3c57c
                                                                                                          • Instruction ID: fe49e57eea4b437f0fef31caa6541825d6e5ad4e62a1259e5fbc95520ed90640
                                                                                                          • Opcode Fuzzy Hash: de5a6a4a76fc46943bc05cdf99d3b888bb3e8836a090f427ca64ad7ed2e3c57c
                                                                                                          • Instruction Fuzzy Hash: A9110A72784215AFDB104F48CC84F9A73E5BF06332F214275FA189B292D7B16950D79A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006928D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0006D42C
                                                                                                          • ___raise_securityfailure.LIBCMT ref: 0006D513
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                          • String ID: 8<
                                                                                                          • API String ID: 3761405300-1176501723
                                                                                                          • Opcode ID: d734340b6b4b615dd9f01361eebfe38fb8b219fad3eab1b331873b89df95b443
                                                                                                          • Instruction ID: ecd33a7588c9dda80742972b815791fba0ac4193925c1cff6b97b83571158af0
                                                                                                          • Opcode Fuzzy Hash: d734340b6b4b615dd9f01361eebfe38fb8b219fad3eab1b331873b89df95b443
                                                                                                          • Instruction Fuzzy Hash: E221D5B4500A04EBF714CF59FD96754BBB4BB4A720F10842AF9099B7A1E7789B80CF45
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0005193C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 00051958
                                                                                                          • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 000519B2
                                                                                                          Strings
                                                                                                          • Failed to initialize COM on cache thread., xrefs: 00051964
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeUninitialize
                                                                                                          • String ID: Failed to initialize COM on cache thread.
                                                                                                          • API String ID: 3442037557-3629645316
                                                                                                          • Opcode ID: 3d19ffd317ca743c08f25da9f5c73fc0ce7337cb469072e8ac2db6f678d01fe3
                                                                                                          • Instruction ID: 056cd0553930f9c3143c5350e595ab719b16fe153855e68ed36a50b9dbccf846
                                                                                                          • Opcode Fuzzy Hash: 3d19ffd317ca743c08f25da9f5c73fc0ce7337cb469072e8ac2db6f678d01fe3
                                                                                                          • Instruction Fuzzy Hash: 4401AD72604619BFDB008BA4DC80EDAF7ECFF08355B004126FA08C7121CB31AD548794
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007F2E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53sleepCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,00000000,?,000548E2,00000000,00000001,20000004,00000000,00000000,00000000,00000000), ref: 0007F312
                                                                                                          • SetNamedSecurityInfoW.ADVAPI32(00000000,00000000,000007D0,00000003,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000548E2,00000000), ref: 0007F32D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InfoNamedSecuritySleep
                                                                                                          • String ID: aclutil.cpp
                                                                                                          • API String ID: 2352087905-2159165307
                                                                                                          • Opcode ID: 360b23cf8d24773c160182e783815f32349508c9aaa9c9626fc9069b28fa18d2
                                                                                                          • Instruction ID: c1c45a2f28b6b0a9a3991c98b7ce0544f2631a73ae2e5a33d746bd49a8c64a99
                                                                                                          • Opcode Fuzzy Hash: 360b23cf8d24773c160182e783815f32349508c9aaa9c9626fc9069b28fa18d2
                                                                                                          • Instruction Fuzzy Hash: D1017033D0022ABBCF125E94DD059EE7B65FF84751F018121FD0866110D73A8E20EBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00079E3E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LCMapStringW.KERNEL32(0000007F,00000000,00000000,00000410,00000000,00000410,00000000,00000000,00000410,00000000,00000000,00000000,?,0007AC13,00000000,00000000), ref: 00079E82
                                                                                                          • GetLastError.KERNEL32(?,0007AC13,00000000,00000000,00000410,00000200,?,0007EF5F,00000000,00000410,00000000,00000410,00000000,00000000,00000000), ref: 00079E8C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastString
                                                                                                          • String ID: strutil.cpp
                                                                                                          • API String ID: 3728238275-3612885251
                                                                                                          • Opcode ID: b4dc95f21880a194b6ae8ad6464f2e582ba568cf45561cc25d13114921105ff1
                                                                                                          • Instruction ID: db78f6ae6c749381318c48cc8e60fe83348b6072febaf5a8c311cbe43ec0a16e
                                                                                                          • Opcode Fuzzy Hash: b4dc95f21880a194b6ae8ad6464f2e582ba568cf45561cc25d13114921105ff1
                                                                                                          • Instruction Fuzzy Hash: DB01B533A006356BDB129E958C00E9B7AE9EF46760B014124FE189B251D735DC1087E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006F3DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0006BF67: __getptd_noexit.LIBCMT ref: 0006BF68
                                                                                                          • __lock.LIBCMT ref: 0006F41C
                                                                                                          • _free.LIBCMT ref: 0006F449
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd_noexit__lock_free
                                                                                                          • String ID: 0'
                                                                                                          • API String ID: 1533244847-3778701305
                                                                                                          • Opcode ID: 4a10cb048c4eddcf1f56b69b06250f3ad78f4afad52e96b23cf1ae64a9fa03dd
                                                                                                          • Instruction ID: c4c0949a7674d0c6c24720e5837b68ef3424e4f3015b36f3ba2e4cc63e79eb91
                                                                                                          • Opcode Fuzzy Hash: 4a10cb048c4eddcf1f56b69b06250f3ad78f4afad52e96b23cf1ae64a9fa03dd
                                                                                                          • Instruction Fuzzy Hash: 10118231E417239BC751AF68A40167EB3E2AF05B20B15413AE854A7A92CF285D429BC1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D065 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0007D0AB
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007D0DE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 344208780-1270936966
                                                                                                          • Opcode ID: b1b0b9b9f8d46d46c13119195cc1002cc2ef9eb375978203336a35a8b3476985
                                                                                                          • Instruction ID: 325de9bebc3a98e124c323a10858816b945594a3b8584ff1b0d63346e378b96b
                                                                                                          • Opcode Fuzzy Hash: b1b0b9b9f8d46d46c13119195cc1002cc2ef9eb375978203336a35a8b3476985
                                                                                                          • Instruction Fuzzy Hash: 4301F231A40615B7DF205AA4CC08FAA77F8EF05761F008527FD48AB250C6BCDC01ABE9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D2A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,0007D145,?), ref: 0007D315
                                                                                                            • Part of subcall function 00078E51: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,?,00000000,?,?,?,0007F4DA,00000000,?,?,?,00000000), ref: 00078E75
                                                                                                          Strings
                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 0007D2BF
                                                                                                          • EnableLUA, xrefs: 0007D2E3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                          • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                          • API String ID: 3677997916-3551287084
                                                                                                          • Opcode ID: 631d7e20861fb6f0d930ce7c34638c5808cfc685278e482e3b8fa32c1dcc2ef9
                                                                                                          • Instruction ID: d2f506bbf130e7fa522cf4038cef986ffd4f4b4c6ede9cdaadeb75c1ed7921b3
                                                                                                          • Opcode Fuzzy Hash: 631d7e20861fb6f0d930ce7c34638c5808cfc685278e482e3b8fa32c1dcc2ef9
                                                                                                          • Instruction Fuzzy Hash: 7C01D432C50228FBD7209AA4CC0ABEDF7B8DF14721F208566AD08A7051D3785E50D7D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007CFDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0007D024
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007D057
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 344208780-1270936966
                                                                                                          • Opcode ID: 28144bc4555639a0477aa8572329a82810cd820afa5292ac5ef75301c73a5da6
                                                                                                          • Instruction ID: 0be5131d159ff3de37bc201c1114ef5124ef80e093edcec8dee917e8a0a43f60
                                                                                                          • Opcode Fuzzy Hash: 28144bc4555639a0477aa8572329a82810cd820afa5292ac5ef75301c73a5da6
                                                                                                          • Instruction Fuzzy Hash: 5B01A731A40659ABDB215A68CC08FAA77F8EF45761F008036FD49AB251C6BDCC419BE9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006FE52 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __calloc_crt
                                                                                                          • String ID: p*
                                                                                                          • API String ID: 3494438863-604935284
                                                                                                          • Opcode ID: 18b710972d064b9bd37748e5b150cc338e8c49cf81bccd64b6899b6ce412aef4
                                                                                                          • Instruction ID: 6ccfb4cc31410c96a1da47ec1e4a532764f2344275257133a8a3f2a3c2b99d3a
                                                                                                          • Opcode Fuzzy Hash: 18b710972d064b9bd37748e5b150cc338e8c49cf81bccd64b6899b6ce412aef4
                                                                                                          • Instruction Fuzzy Hash: B6F04476204B129AFB249B5DFC116B52B96F752760B50403AF501CE1E3E7B98A415644
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00042F3B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 00042F4D
                                                                                                            • Part of subcall function 0007891F: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,000428DA,00000000), ref: 00078933
                                                                                                            • Part of subcall function 0007891F: GetProcAddress.KERNEL32(00000000), ref: 0007893A
                                                                                                            • Part of subcall function 0007891F: GetLastError.KERNEL32(?,?,?,000428DA,00000000), ref: 00078951
                                                                                                            • Part of subcall function 0004273B: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 000427C2
                                                                                                          Strings
                                                                                                          • Failed to set variant value., xrefs: 00042F8A
                                                                                                          • Failed to get 64-bit folder., xrefs: 00042F70
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                          • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                          • API String ID: 3109562764-2681622189
                                                                                                          • Opcode ID: 68ceff1899ae669468a30af6ae44f096080cda42781b708a507c0647110c3fde
                                                                                                          • Instruction ID: b8950a751f09a5c21ac4e123badbbd189b6be540b8a72a3cb50689f38b8f19fe
                                                                                                          • Opcode Fuzzy Hash: 68ceff1899ae669468a30af6ae44f096080cda42781b708a507c0647110c3fde
                                                                                                          • Instruction Fuzzy Hash: C701DBB2E0462CFFCB11A790CC05AEDBA78EF00721F9041B5F944A6111EB71AE549798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E4D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,0007D660,?,?,?,?,000541E5), ref: 0007E4F4
                                                                                                          • GetLastError.KERNEL32(?,?,0007D660,?,?,?,?,000541E5,?,00000000,?,00000000,00000000,?,00000000), ref: 0007E4FE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 442123175-2967768451
                                                                                                          • Opcode ID: 563de24e7afde497f473d695f325d8ef18ca8c2e61647e1c3ba93dd5c1fed730
                                                                                                          • Instruction ID: e2fa5cce7930e68dbd6e424330ba1732e58e4c91fbb123dec54212721ec7ec92
                                                                                                          • Opcode Fuzzy Hash: 563de24e7afde497f473d695f325d8ef18ca8c2e61647e1c3ba93dd5c1fed730
                                                                                                          • Instruction Fuzzy Hash: 8CF0D132A01669BBD720DE9ADC44E9BBBACFB44761F008162F908D7100EA30AD0087E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000784DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameW.KERNEL32(00047A22,?,00000104,?,00000104,?,00000000,?,?,00047A22,?,00000000,?,?,?,?), ref: 000784FC
                                                                                                          • GetLastError.KERNEL32(?,00047A22,?,00000000,?,?,?,?,76EEC3F0), ref: 00078513
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                          • String ID: pathutil.cpp
                                                                                                          • API String ID: 2776309574-741606033
                                                                                                          • Opcode ID: c02dc00c3202a667265459f3af331627e959120decd5a857dee542c462fecfca
                                                                                                          • Instruction ID: b6d720d7a118e81fadd889a3717a5c826fea88fb59007e452fb7fbeeb3f70dd0
                                                                                                          • Opcode Fuzzy Hash: c02dc00c3202a667265459f3af331627e959120decd5a857dee542c462fecfca
                                                                                                          • Instruction Fuzzy Hash: 7DF0FC72E80E3067D73156699C48A97BADCEF817A0711C121FD0CEB151DB69DC0083F4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0004CA4F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00078DA4: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,0007F484,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00078DB7
                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,00000001,00000000,?,?,00020006,00000000,?,00000000,?,?,00066E53,?,?), ref: 0004CAA6
                                                                                                          Strings
                                                                                                          • Failed to open registration key., xrefs: 0004CA76
                                                                                                          • Failed to update resume mode., xrefs: 0004CA90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseOpen
                                                                                                          • String ID: Failed to open registration key.$Failed to update resume mode.
                                                                                                          • API String ID: 47109696-3366686031
                                                                                                          • Opcode ID: 30a945987be8ab5197ecf4f97068420de8ff9c645a3cac4b9a692cc0f4aebef4
                                                                                                          • Instruction ID: ae54f2914126d5e5a224e48970c38724d64f33c995cec336a8247088e568eb74
                                                                                                          • Opcode Fuzzy Hash: 30a945987be8ab5197ecf4f97068420de8ff9c645a3cac4b9a692cc0f4aebef4
                                                                                                          • Instruction Fuzzy Hash: C8F02872A4162CF7EB21D684CC06FDEBB6CAF00714F100161F600AA191C772DE20D7D9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007DFB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000001,?,?,00000000,?,?,?,0007FFC2,?,00000001,?,00000000,00000000,00000001), ref: 0007DFCB
                                                                                                          • GetLastError.KERNEL32(?,0007FFC2,?,00000001,?,00000000,00000000,00000001,00000000,?,?,?,0007F885,?,?,?), ref: 0007DFD5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 2976181284-2967768451
                                                                                                          • Opcode ID: a0f33474a0e16e8a1245608f3f047c2e11a0c304f996d33b243bd2cff1323e6f
                                                                                                          • Instruction ID: e9350e8d0361441a61237b4a7cf142656f12175e45f06a3c7b7856d352254070
                                                                                                          • Opcode Fuzzy Hash: a0f33474a0e16e8a1245608f3f047c2e11a0c304f996d33b243bd2cff1323e6f
                                                                                                          • Instruction Fuzzy Hash: 11F08131A00269ABEB209F55CC08EAB7BE8EF09350B014159FD09DB210E6759C50DBE8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007E0AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,74DF34C0,?,?,?,00047F7C,?,?,?,00000000,00000000), ref: 0007E0C3
                                                                                                          • GetLastError.KERNEL32(?,?,?,00047F7C,?,?,?,00000000,00000000,?,?,?,?,76EEC3F0), ref: 0007E0CD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastSize
                                                                                                          • String ID: fileutil.cpp
                                                                                                          • API String ID: 464720113-2967768451
                                                                                                          • Opcode ID: 7d99def3824776de84d65e7fcb6de66255ba3f9b10b2997b46866f95a7a12b0c
                                                                                                          • Instruction ID: 057481544d2188bf2073f3d9f89746a0d9073ff1084fd4114f8cd50fdbf0af24
                                                                                                          • Opcode Fuzzy Hash: 7d99def3824776de84d65e7fcb6de66255ba3f9b10b2997b46866f95a7a12b0c
                                                                                                          • Instruction Fuzzy Hash: 10F0AF72A11625ABA7109F59CC05AAAFBECFF08750B01811AFC08E7200D775AC10CBE8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0008265A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpQueryInfoW.WININET(00000000,20000005,00000000,00000004,00000000), ref: 0008267A
                                                                                                          • GetLastError.KERNEL32(?,?,?,0007F9CA,?,000801FA,?,00000000,HEAD,00000000,00000000,000801FA,00000000,?,?,00000000), ref: 00082684
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHttpInfoLastQuery
                                                                                                          • String ID: inetutil.cpp
                                                                                                          • API String ID: 4218848986-2900720265
                                                                                                          • Opcode ID: 1154bc80220b01c37913a1302fa74f43fb1ae25bf3b59eef8cccbadebd934817
                                                                                                          • Instruction ID: 7957aca67c58b25edbff975b5bfcc46464269e90d6d633958d8393d745b248d1
                                                                                                          • Opcode Fuzzy Hash: 1154bc80220b01c37913a1302fa74f43fb1ae25bf3b59eef8cccbadebd934817
                                                                                                          • Instruction Fuzzy Hash: 9DF06272900629BBE711AF94DC09FABBBACFB04351F014255FD41E7200E6759A1087E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 000826C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • HttpQueryInfoW.WININET(00000004,?,?,00000004,00000000), ref: 000826E9
                                                                                                          • GetLastError.KERNEL32(?,?,?,0007FE4F,?,00000013,00000000), ref: 000826F3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHttpInfoLastQuery
                                                                                                          • String ID: inetutil.cpp
                                                                                                          • API String ID: 4218848986-2900720265
                                                                                                          • Opcode ID: 3b8909b9f4f5a9b2a93bcb6cab07389b664207f10d7b356d28c1be6df115ac45
                                                                                                          • Instruction ID: f5938abd9456b4e4909795ca38fc8adf31bb43bcd112d1f43d751adb947f2657
                                                                                                          • Opcode Fuzzy Hash: 3b8909b9f4f5a9b2a93bcb6cab07389b664207f10d7b356d28c1be6df115ac45
                                                                                                          • Instruction Fuzzy Hash: BBF06DB2A00229BBEB209FA5DC05BAB7AECFB04690F014125FD05E7210E6759E0086E4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007D433 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36comCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,?,?,00000000), ref: 0007D45A
                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000001,0009F300,00000000), ref: 0007D472
                                                                                                          Strings
                                                                                                          • Microsoft.Update.AutoUpdate, xrefs: 0007D455
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                          • String ID: Microsoft.Update.AutoUpdate
                                                                                                          • API String ID: 2151042543-675569418
                                                                                                          • Opcode ID: 4b84c9fbbd1cd34e871da488ee220239be2ab9fc0dd9a60b0328031544b2a4f4
                                                                                                          • Instruction ID: 11cf0cfb30f6cf686f6eeb6cfbb1d77d53b93ddb5a04527d67443136e313ea6c
                                                                                                          • Opcode Fuzzy Hash: 4b84c9fbbd1cd34e871da488ee220239be2ab9fc0dd9a60b0328031544b2a4f4
                                                                                                          • Instruction Fuzzy Hash: C1F03071A00609BBEB00DBB8DD05AEFB7B8EB49711F004166AA01E7150D674AE0486A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00048709 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?,00041EFA,5050C033,00041EFA,?,?), ref: 00048739
                                                                                                          • _memset.LIBCMT ref: 0004874B
                                                                                                            • Part of subcall function 0005CC9F: SetEvent.KERNEL32(2798E857,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?), ref: 0005CCBC
                                                                                                            • Part of subcall function 0005CC9F: GetLastError.KERNEL32(?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000,?,00041EFA,5050C033,00041EFA), ref: 0005CCC6
                                                                                                            • Part of subcall function 0005CC9F: CloseHandle.KERNEL32(50E87D8B,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD55
                                                                                                            • Part of subcall function 0005CC9F: CloseHandle.KERNEL32(2798E857,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD64
                                                                                                            • Part of subcall function 0005CC9F: CloseHandle.KERNEL32(F08B0000,00041EFA,0004230A,00000000,?,0004871F,0004230A,00041E2E,00000000,?,00053612,?,000420DE,00041EEA,00041EEA,00000000), ref: 0005CD73
                                                                                                          Strings
                                                                                                          • Failed to close cabinet., xrefs: 00048725
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$ErrorEventLast_memset
                                                                                                          • String ID: Failed to close cabinet.
                                                                                                          • API String ID: 1352847294-2920093955
                                                                                                          • Opcode ID: c1c0e7fe68ad9512015e6a32f01ae5853a7f3ed1dccfb8e7eff13b95deb1888b
                                                                                                          • Instruction ID: c6596e6458d2b41b099c1bab4e3b9fe0c4de36d3d0e5ead9f3a0c5bbfaa83e70
                                                                                                          • Opcode Fuzzy Hash: c1c0e7fe68ad9512015e6a32f01ae5853a7f3ed1dccfb8e7eff13b95deb1888b
                                                                                                          • Instruction Fuzzy Hash: B3F02732944A267BD21126189C42D5FBB98DF62B71B608321FA18AA1E1DF61EC2283D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007C89A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0007C8AF
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007C8DF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 344208780-1270936966
                                                                                                          • Opcode ID: 837d7941a716674d588be14eb88f51c4fe9669bf4a977c5e95e874ca697ad758
                                                                                                          • Instruction ID: db74fae157e6697137ec39581c4ab3d72973c070c47a2bfb0fa20cea60559a0e
                                                                                                          • Opcode Fuzzy Hash: 837d7941a716674d588be14eb88f51c4fe9669bf4a977c5e95e874ca697ad758
                                                                                                          • Instruction Fuzzy Hash: CCF0BB31900A14E7D7615A54DC08F9A7BA5BF40B61F148129F80D9B210CB7CDC1097A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007CB49 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0007CB5E
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0007CB8E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree
                                                                                                          • String ID: xmlutil.cpp
                                                                                                          • API String ID: 344208780-1270936966
                                                                                                          • Opcode ID: e5b3b61feebfc50bf6796e1f1561b83b3d72a8a1b7b6ccac26f8b1f3dc3115c3
                                                                                                          • Instruction ID: 6e7bdb2bdb42447c9544b4f835078c3e96a5bbd75671fd328fade4ff839fd8ef
                                                                                                          • Opcode Fuzzy Hash: e5b3b61feebfc50bf6796e1f1561b83b3d72a8a1b7b6ccac26f8b1f3dc3115c3
                                                                                                          • Instruction Fuzzy Hash: 09F09031900754E7EB214E549C09E4A7BA8EB45761F108119F90C9B210C77CD9009AD8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0007929F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000004,00020006,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0004B63C,00000005,Resume,?,?,00020006,00000000,?), ref: 000792B4
                                                                                                          Strings
                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 000792A2
                                                                                                          • regutil.cpp, xrefs: 000792DC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$regutil.cpp
                                                                                                          • API String ID: 3702945584-2416625845
                                                                                                          • Opcode ID: 682c1314be6b12214bcdfefa22064cb92b2e725d1ecfbf1bd35afaad2b7ac8df
                                                                                                          • Instruction ID: 67a8a1a01f815d19d16d23638dc788168495297fcb16df9163bfa1ab243300b7
                                                                                                          • Opcode Fuzzy Hash: 682c1314be6b12214bcdfefa22064cb92b2e725d1ecfbf1bd35afaad2b7ac8df
                                                                                                          • Instruction Fuzzy Hash: FEE01B72B4063477E72159AA9C49F977EDCDF056E0F414121BF08EA190D665CD10D6E8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0006D88F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DecodePointer.KERNEL32(?,0006D8C6,00000000,00000000,00000000,00000000,00000000,0006CC7F,?,0006CA24,00000003,0006E7DC,00000000,00000000,00000000), ref: 0006D898
                                                                                                          • __invoke_watson.LIBCMT ref: 0006D8B4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DecodePointer__invoke_watson
                                                                                                          • String ID: PNv
                                                                                                          • API String ID: 4034010525-4070351811
                                                                                                          • Opcode ID: 3b05aa6ddf2eccbbdfa0aa70d77bdf43dbbfbfaadd346c202831f085fff5946a
                                                                                                          • Instruction ID: f9eeb10e8c8c024c4421519cb0935dac1a41152a221694c9fab0c308dfc8060e
                                                                                                          • Opcode Fuzzy Hash: 3b05aa6ddf2eccbbdfa0aa70d77bdf43dbbfbfaadd346c202831f085fff5946a
                                                                                                          • Instruction Fuzzy Hash: 0CE0EC32A1050EAFDF052F60DC099AA3B6ABB54240B440461FD1485031DB36C970AB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00076DE6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FreeLibrary.KERNEL32(75A70000,?,00041FE8,?,?,?,?,?,?), ref: 00076DF3
                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00041FE8,?,?,?,?,?,?), ref: 00076E15
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeLibrary
                                                                                                          • String ID: `+?s
                                                                                                          • API String ID: 3664257935-3215494052
                                                                                                          • Opcode ID: 22b32c41d1c831ea89f65b2d1268e8802ce37a11bfbb2f19492aced0e4a8ada6
                                                                                                          • Instruction ID: f65e7a84bbb2e28bb58ff64f87b7768f572c6786fe9f5c62757233d7d8350626
                                                                                                          • Opcode Fuzzy Hash: 22b32c41d1c831ea89f65b2d1268e8802ce37a11bfbb2f19492aced0e4a8ada6
                                                                                                          • Instruction Fuzzy Hash: 1EE04EB9A01A019EB7108F5AFC55902BAE8BBE6291364452BE549C2231C7F984818A60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00078C36 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00078C57
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2918756953.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2918684705.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918861811.0000000000085000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918925842.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.00000000000A8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000146000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2918954617.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_40000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc
                                                                                                          • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                          • API String ID: 190572456-850864035
                                                                                                          • Opcode ID: f5bfe2de707dbc3c178ef20917dd1cb88bd4c1f79201be0aba0418684e27a6af
                                                                                                          • Instruction ID: c2863ca3d51b91c349c44f507016211e342a8ca25155a934e37f805a9e484939
                                                                                                          • Opcode Fuzzy Hash: f5bfe2de707dbc3c178ef20917dd1cb88bd4c1f79201be0aba0418684e27a6af
                                                                                                          • Instruction Fuzzy Hash: A1E0867C701A11DBE7049F64FC1AA543E50A7A6744711C01AE90597270D7F94C858B94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Executed Functions

                                                                                                          Function 6CB01646 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,?,BootstrapperCore.config,00000000,?,?), ref: 6CB0166C
                                                                                                          • SetErrorMode.KERNEL32(00000000,?,BootstrapperCore.config,00000000,?,?), ref: 6CB01682
                                                                                                          • GetProcAddress.KERNEL32(?,CLRCreateInstance), ref: 6CB016AA
                                                                                                          • GetProcAddress.KERNEL32(?,CorBindToCurrentRuntime), ref: 6CB016B8
                                                                                                          • GetLastError.KERNEL32(?,BootstrapperCore.config,00000000,?,?), ref: 6CB016BE
                                                                                                          • FreeLibrary.KERNEL32(?,?,BootstrapperCore.config,00000000), ref: 6CB0188B
                                                                                                          • SetErrorMode.KERNEL32(00000000,?,BootstrapperCore.config,00000000), ref: 6CB01892
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Error$Mode$AddressProc$FreeLastLibrary
                                                                                                          • String ID: CLRCreateInstance$CorBindToCurrentRuntime$host.cpp$mscoree.dll$v4.0.30319
                                                                                                          • API String ID: 416724594-388369516
                                                                                                          • Opcode ID: d70c2030257805e8d0e4fb888b9f74d992be0d6515007ff5c028a1270d834c0a
                                                                                                          • Instruction ID: 5f98d119a86e0e348b50da819863a1d07ed4bff0fa4f669b3d9bd93da74bec8e
                                                                                                          • Opcode Fuzzy Hash: d70c2030257805e8d0e4fb888b9f74d992be0d6515007ff5c028a1270d834c0a
                                                                                                          • Instruction Fuzzy Hash: 6B616E75E052A5AFDB158BA4C848EAE7FB8FF45329F154664E804FBA50DB70CA008BD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB02E2C Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00000000,00000000,00000000,?,?,?,6CB010B0,?,?,00000000,00000000,6CB014A6,00000000), ref: 6CB02E46
                                                                                                          • GetLastError.KERNEL32(?,?,?,6CB010B0,?,?,00000000,00000000,6CB014A6,00000000,?,BootstrapperCore.config,00000000,?,?), ref: 6CB02E52
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 6CB02E92
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 6CB02E9E
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 6CB02EA9
                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 6CB02EB3
                                                                                                          • CoCreateInstance.OLE32(6CB1713C,00000000,00000001,6CB10268,?,?,?,?,6CB010B0,?,?,00000000,00000000,6CB014A6,00000000,?), ref: 6CB02EED
                                                                                                          • ExitProcess.KERNEL32 ref: 6CB02F9C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                          • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                          • API String ID: 2124981135-499589564
                                                                                                          • Opcode ID: 7de72a65d39affc5e00d12b7445664f1cd2582f01a1da4b6c350a235320d514b
                                                                                                          • Instruction ID: fbdc1ca9b226db3d345befc1095058ffa310c82230a460562928e941029a2eff
                                                                                                          • Opcode Fuzzy Hash: 7de72a65d39affc5e00d12b7445664f1cd2582f01a1da4b6c350a235320d514b
                                                                                                          • Instruction Fuzzy Hash: 7741CF35B05295AFDF149FA9C848FAEBBB4EF05364F110169F904EBA40D770CE548B92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB0122D Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 102memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 95 6cb0122d-6cb01256 SysAllocString 97 6cb01258-6cb01265 95->97 98 6cb0126a-6cb01275 SysAllocString 95->98 99 6cb012ee-6cb012f3 call 6cb01d18 97->99 100 6cb01286-6cb01291 98->100 101 6cb01277-6cb01284 98->101 103 6cb012f8-6cb01307 VariantClear 99->103 121 6cb01292 call 309d01d 100->121 122 6cb01292 call 309d007 100->122 101->99 105 6cb01313-6cb01315 103->105 106 6cb01309-6cb0130f 103->106 104 6cb01298-6cb0129c 107 6cb012a6-6cb012ae 104->107 108 6cb0129e-6cb012a4 104->108 109 6cb01317-6cb01318 SysFreeString 105->109 110 6cb0131e-6cb01320 105->110 106->105 123 6cb012b0 call 309d01d 107->123 124 6cb012b0 call 309d007 107->124 108->99 109->110 113 6cb01322-6cb01323 SysFreeString 110->113 114 6cb01329-6cb01331 110->114 112 6cb012b3-6cb012b7 115 6cb012c1-6cb012c6 112->115 116 6cb012b9-6cb012bf 112->116 113->114 117 6cb012d5-6cb012e6 115->117 118 6cb012c8-6cb012d3 115->118 116->99 117->103 120 6cb012e8-6cb012e9 117->120 118->99 120->99 121->104 122->104 123->112 124->112
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6CB0123F
                                                                                                          • SysAllocString.OLEAUT32(BootstrapperCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=ce35f76fcda82bad), ref: 6CB01250
                                                                                                          • SysAllocString.OLEAUT32(Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperApplicationFactory), ref: 6CB0126F
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6CB012FC
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6CB01318
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6CB01323
                                                                                                          Strings
                                                                                                          • host.cpp, xrefs: 6CB012EE
                                                                                                          • p=<u, xrefs: 6CB0123F
                                                                                                          • Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperApplicationFactory, xrefs: 6CB0126A
                                                                                                          • BootstrapperCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=ce35f76fcda82bad, xrefs: 6CB0124B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFreeVariant$ClearInit
                                                                                                          • String ID: BootstrapperCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=ce35f76fcda82bad$Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperApplicationFactory$host.cpp$p=<u
                                                                                                          • API String ID: 2225245433-1388903073
                                                                                                          • Opcode ID: 1787f0b274471cbb3c7003e1aba6d5c4c3af8e59a3b9fbf7e14e6d2ff2f503b7
                                                                                                          • Instruction ID: f2295ac2b96c4a54f6575c754feee093d72b5ef94135d4fb4de524163d97f62b
                                                                                                          • Opcode Fuzzy Hash: 1787f0b274471cbb3c7003e1aba6d5c4c3af8e59a3b9fbf7e14e6d2ff2f503b7
                                                                                                          • Instruction Fuzzy Hash: 6D31DB35B85299BBD724CAD9C848E9B7FB8DF46728B150159FC05EBB00DA74CD10C7A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB01431 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 197memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 125 6cb01431-6cb0145d call 6cb0203e 128 6cb0146d-6cb01470 125->128 129 6cb0145f-6cb0146b call 6cb020ad 125->129 131 6cb01472-6cb01475 call 6cb02cb1 128->131 132 6cb0147a-6cb0147d 128->132 129->128 131->132 135 6cb01483-6cb01498 call 6cb01fd7 132->135 136 6cb01604-6cb01609 132->136 135->136 144 6cb0149e-6cb014aa call 6cb01070 135->144 137 6cb01613-6cb01617 136->137 138 6cb0160b-6cb0160e call 6cb02cb1 136->138 141 6cb01621-6cb01626 137->141 142 6cb01619-6cb0161c call 6cb02cb1 137->142 138->137 146 6cb01632-6cb01634 141->146 147 6cb01628-6cb0162e 141->147 142->141 144->136 153 6cb014b0-6cb014c3 call 6cb01646 144->153 149 6cb01636-6cb01638 146->149 150 6cb0163c-6cb01643 146->150 147->146 149->150 153->136 156 6cb014c9-6cb014d3 153->156 158 6cb014d5-6cb014d6 156->158 159 6cb014ea-6cb014f8 156->159 160 6cb014db-6cb014e5 call 6cb01d18 158->160 163 6cb01502-6cb01517 159->163 164 6cb014fa-6cb01500 159->164 160->136 167 6cb01521-6cb01526 163->167 168 6cb01519-6cb0151f 163->168 164->160 169 6cb01532-6cb01544 SysAllocString 167->169 170 6cb01528-6cb0152e 167->170 168->160 171 6cb01555-6cb0155a 169->171 172 6cb01546-6cb01553 169->172 170->169 194 6cb0155c call 309d01d 171->194 195 6cb0155c call 309d007 171->195 172->160 174 6cb0155f-6cb01563 175 6cb01565-6cb01566 174->175 176 6cb0157a-6cb01583 SysAllocString 174->176 179 6cb0156b-6cb01575 call 6cb01d18 175->179 177 6cb01594-6cb015a2 176->177 178 6cb01585-6cb01592 176->178 184 6cb015a4-6cb015aa 177->184 185 6cb015ac-6cb015bc 177->185 178->179 183 6cb015fb-6cb015fe SysFreeString 179->183 183->136 186 6cb015ea-6cb015ef call 6cb01d18 184->186 188 6cb015c0-6cb015c4 185->188 189 6cb015f4-6cb015f5 SysFreeString 186->189 190 6cb015c6-6cb015cc 188->190 191 6cb015ce-6cb015e2 188->191 189->183 190->186 191->189 193 6cb015e4-6cb015e5 191->193 193->186 194->174 195->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 6CB0203E: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,00000000,?,?,?,6CB01459,?), ref: 6CB0205F
                                                                                                          • SysAllocString.OLEAUT32(?), ref: 6CB0153B
                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6CB0157D
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6CB015F5
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 6CB015FE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree$FileModuleName
                                                                                                          • String ID: BootstrapperCore.config$MBA$host.cpp
                                                                                                          • API String ID: 1371041548-1101837331
                                                                                                          • Opcode ID: b4a0e68600b9a67ea77b58e86351e6d7fc6f9c0828968d5aea1c06b7cecba942
                                                                                                          • Instruction ID: eb8d273ce8e29cc73e46bba7e0c4da7a4ce3aef3bf6cb56a640a74f6a17c38a8
                                                                                                          • Opcode Fuzzy Hash: b4a0e68600b9a67ea77b58e86351e6d7fc6f9c0828968d5aea1c06b7cecba942
                                                                                                          • Instruction Fuzzy Hash: 2F519331E41695ABDB25CB94CC44EAE7FB8EF45729F180255F902BBA60DB30CD00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB01070 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 154registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 196 6cb01070-6cb0109e call 6cb0314f 199 6cb010a4-6cb010b4 call 6cb031ad 196->199 200 6cb011cc-6cb011cf 196->200 199->200 210 6cb010ba-6cb010cf call 6cb034c2 199->210 201 6cb011d1-6cb011da RegCloseKey 200->201 202 6cb011dd-6cb011e0 200->202 201->202 204 6cb011e2-6cb011e5 call 6cb02cb1 202->204 205 6cb011ea-6cb011ed 202->205 204->205 208 6cb011f7-6cb011fc 205->208 209 6cb011ef-6cb011f2 call 6cb02cb1 205->209 212 6cb01204-6cb01209 208->212 213 6cb011fe-6cb01200 208->213 209->208 210->200 218 6cb010d5-6cb010e6 210->218 215 6cb01211-6cb01216 212->215 216 6cb0120b-6cb0120d 212->216 213->212 219 6cb01218-6cb0121a 215->219 220 6cb0121e-6cb0122a call 6cb03707 215->220 216->215 218->200 224 6cb010ec-6cb010ef 218->224 219->220 224->200 225 6cb010f5 224->225 226 6cb01170-6cb0117f call 6cb032f4 225->226 229 6cb01185 226->229 230 6cb010f7-6cb0110c call 6cb03021 226->230 232 6cb01189-6cb0118c 229->232 230->200 236 6cb01112-6cb0112a call 6cb02a20 230->236 234 6cb011a5-6cb011b8 call 6cb0189f 232->234 235 6cb0118e-6cb011a3 call 6cb01d18 232->235 234->200 242 6cb011ba-6cb011bd 234->242 235->200 236->200 245 6cb01130-6cb01148 call 6cb0218d 236->245 242->200 244 6cb011bf-6cb011ca call 6cb03459 242->244 244->200 250 6cb01160-6cb01165 245->250 251 6cb0114a-6cb01156 call 6cb021e9 245->251 250->226 252 6cb01167-6cb0116d 250->252 254 6cb0115b-6cb0115e 251->254 252->226 254->250 255 6cb01187 254->255 255->232
                                                                                                          APIs
                                                                                                            • Part of subcall function 6CB0314F: CoInitialize.OLE32(00000000), ref: 6CB0315E
                                                                                                            • Part of subcall function 6CB0314F: InterlockedIncrement.KERNEL32(6CB1714C), ref: 6CB0317B
                                                                                                            • Part of subcall function 6CB0314F: CLSIDFromProgID.OLE32(Msxml2.DOMDocument,6CB1713C,?,?), ref: 6CB03196
                                                                                                            • Part of subcall function 6CB0314F: CLSIDFromProgID.OLE32(MSXML.DOMDocument,6CB1713C,?,?), ref: 6CB031A2
                                                                                                          • RegCloseKey.ADVAPI32(?,00000000,00000000,6CB014A6,00000000,?,BootstrapperCore.config,00000000,?,?), ref: 6CB011D4
                                                                                                            • Part of subcall function 6CB03459: VariantInit.OLEAUT32(?), ref: 6CB03465
                                                                                                            • Part of subcall function 6CB03459: SysAllocString.OLEAUT32(?), ref: 6CB03475
                                                                                                            • Part of subcall function 6CB03459: VariantClear.OLEAUT32(?), ref: 6CB034B2
                                                                                                          Strings
                                                                                                          • host.cpp, xrefs: 6CB01199
                                                                                                          • /configuration/wix.bootstrapper/host/supportedFramework, xrefs: 6CB010BE
                                                                                                          • Install, xrefs: 6CB0114E
                                                                                                          • SOFTWARE\Microsoft\NET Framework Setup\NDP\%ls, xrefs: 6CB01118
                                                                                                          • version, xrefs: 6CB010FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FromProgVariant$AllocClearCloseIncrementInitInitializeInterlockedString
                                                                                                          • String ID: /configuration/wix.bootstrapper/host/supportedFramework$Install$SOFTWARE\Microsoft\NET Framework Setup\NDP\%ls$host.cpp$version
                                                                                                          • API String ID: 126564746-712564890
                                                                                                          • Opcode ID: 6785656cf4e766425dbbfc01c9b0ddce69bd1897a12b5b61a4e572b40f33ec31
                                                                                                          • Instruction ID: 8b7ac85c2a4e0e9e2d71e87b14f5733621f691ce0135654136db3b5f850d50d7
                                                                                                          • Opcode Fuzzy Hash: 6785656cf4e766425dbbfc01c9b0ddce69bd1897a12b5b61a4e572b40f33ec31
                                                                                                          • Instruction Fuzzy Hash: 32518D75E4269AABCF19CF95CC449EEBFB8EF44358B14016AE814B7A21D731CE04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB031C1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 257 6cb031c1-6cb031f6 SysAllocString 259 6cb03212-6cb0322f call 6cb02e2c 257->259 260 6cb031f8-6cb0320d call 6cb01d18 257->260 265 6cb032c8-6cb032d4 VariantClear 259->265 266 6cb03235-6cb03239 259->266 260->265 267 6cb032d6-6cb032d8 265->267 268 6cb032dc-6cb032e1 265->268 269 6cb0323b-6cb0324a 266->269 270 6cb0324c-6cb0325a 266->270 267->268 271 6cb032e3-6cb032e5 268->271 272 6cb032e9-6cb032f1 268->272 269->265 269->270 270->265 275 6cb0325c-6cb0326a 270->275 271->272 275->265 277 6cb0326c-6cb03288 275->277 279 6cb0328f-6cb0329e 277->279 280 6cb032a0-6cb032af 279->280 281 6cb032bb-6cb032c0 279->281 280->265 285 6cb032b1-6cb032b9 call 6cb02cf0 280->285 282 6cb032c2-6cb032c4 281->282 283 6cb032c6 281->283 282->283 283->265 285->265
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6CB031DB
                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6CB031EB
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6CB032CC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$AllocClearInitString
                                                                                                          • String ID: p=<u$xmlutil.cpp
                                                                                                          • API String ID: 2213243845-519869810
                                                                                                          • Opcode ID: cb86f6ca3458ee397160928700e65e172690e7f1e51c079025e7b84482d72cda
                                                                                                          • Instruction ID: dce185d3b574ef3019bd201b279e5ca939e912d83aa49d2a013e614a959f4c2a
                                                                                                          • Opcode Fuzzy Hash: cb86f6ca3458ee397160928700e65e172690e7f1e51c079025e7b84482d72cda
                                                                                                          • Instruction Fuzzy Hash: 8F41A271A01669ABCB119FA9C88CE9E7FB8EF06760F0546A5FC05EB611D734D900CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB01D2F Relevance: 6.1, APIs: 4, Instructions: 79libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 323 6cb01d2f-6cb01d76 call 6cb03d90 GetSystemDirectoryW 326 6cb01d78-6cb01d83 323->326 327 6cb01dcd-6cb01de3 GetLastError 323->327 328 6cb01da4-6cb01db8 call 6cb01bfb 326->328 329 6cb01d85-6cb01d9d call 6cb01bac 326->329 330 6cb01e04-6cb01e16 call 6cb03d78 327->330 331 6cb01de5-6cb01dea 327->331 328->330 339 6cb01dba-6cb01dcb LoadLibraryW 328->339 329->330 338 6cb01d9f 329->338 331->330 338->328 339->327 340 6cb01dec-6cb01dee 339->340 340->330 341 6cb01df0-6cb01e02 call 6cb02a4b 340->341 341->330
                                                                                                          APIs
                                                                                                          • _memset.LIBCMT ref: 6CB01D59
                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6CB01D6E
                                                                                                          • LoadLibraryW.KERNEL32(?,?,00000104,?), ref: 6CB01DC1
                                                                                                          • GetLastError.KERNEL32 ref: 6CB01DCD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryErrorLastLibraryLoadSystem_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1376650706-0
                                                                                                          • Opcode ID: df663db24c9e21d7f5114be263ad3fd64e8164b3f0693b1dbc1d5e463cbbb2cd
                                                                                                          • Instruction ID: c807bfbca8a0f24094f84f6a0bb3e7bafbe8266e7256760bc21e0e668dc3088e
                                                                                                          • Opcode Fuzzy Hash: df663db24c9e21d7f5114be263ad3fd64e8164b3f0693b1dbc1d5e463cbbb2cd
                                                                                                          • Instruction Fuzzy Hash: 7921C4B6F02669ABDB10DA649C48FDE7BACDB00718F1502A1ED14E7640EA30DD44C6E0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F7688 Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 523 73f7688-73f76b9 526 73f76bb-73f76bd 523->526 527 73f7717-73f773c 523->527 528 73f7743-73f77b5 526->528 529 73f76c3-73f76c5 526->529 527->528 546 73f77f8-73f780b 528->546 547 73f77b7 528->547 576 73f76c7 call 73f7688 529->576 577 73f76c7 call 73f7780 529->577 532 73f76cd-73f7714 549 73f78cf-73f78d3 546->549 552 73f77c0-73f77cd 547->552 550 73f78de 549->550 551 73f78d5 549->551 553 73f78df 550->553 551->550 555 73f77d3-73f77e9 552->555 556 73f78b1-73f78c8 552->556 553->553 561 73f77eb-73f77f6 555->561 562 73f7810-73f78aa 555->562 556->549 561->546 561->547 562->556 576->532 577->532
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$(bq$4'^q
                                                                                                          • API String ID: 0-3890177232
                                                                                                          • Opcode ID: bd52120f81ae0daaa32e099163909dd2df5e25ff6dd7c2569cafcbdc7d4f9293
                                                                                                          • Instruction ID: f53670ed1fac19015c085de4d1677a3e446719efe7d2bce4b2452e84cffe833c
                                                                                                          • Opcode Fuzzy Hash: bd52120f81ae0daaa32e099163909dd2df5e25ff6dd7c2569cafcbdc7d4f9293
                                                                                                          • Instruction Fuzzy Hash: 8D41AD75B002058FDB05AB69D4586AEBBF6EFC8350F50852AD50AEB7A0DE309C45CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB021E9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 604 6cb021e9-6cb02229 RegQueryValueExW 605 6cb0222b-6cb0222d 604->605 606 6cb0222f-6cb02231 604->606 607 6cb02262-6cb02268 605->607 608 6cb02233-6cb02245 606->608 609 6cb02247-6cb0224b 606->609 610 6cb02258-6cb0225d call 6cb01d18 608->610 609->607 611 6cb0224d-6cb02253 609->611 610->607 611->610
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(00000004,00000000,00000000,?,80000002,00020019,00000000,?,?,?,6CB0115B,?,Install,?,80000002,00000000), ref: 6CB0220D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 3660427363-955085611
                                                                                                          • Opcode ID: 4b073cf0a3162491a3f04550ba057a54d5fc239efe7650d9466d2885293ba4cc
                                                                                                          • Instruction ID: 788cb0f2c65b7cfdde41d51d36e3f05949f4b90952d52b73c272f3134bff8df2
                                                                                                          • Opcode Fuzzy Hash: 4b073cf0a3162491a3f04550ba057a54d5fc239efe7650d9466d2885293ba4cc
                                                                                                          • Instruction Fuzzy Hash: CC01DB71B46165FFEF148A958D0CBAF7EA8EF41674F104269FC04E7A10D2718D04D6D2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6CB0218D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExW.KERNEL32(00020019,00000000,00000000,80000002,6CB01146,00000000,?,6CB01146,80000002,00000000,00020019,?,?,?,?,version), ref: 6CB021A0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2936503180.000000006CB01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                          • Associated: 00000001.00000002.2936467601.000000006CB00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936570975.000000006CB16000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                          • Associated: 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_6cb00000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open
                                                                                                          • String ID: regutil.cpp
                                                                                                          • API String ID: 71445658-955085611
                                                                                                          • Opcode ID: c07e95390790cd14d7fe80ccc919cbf1c94024d4e428d6de807296edf1cab818
                                                                                                          • Instruction ID: 39100134c3406ace895a4be2b2aa0e47238d4ec7c4349da6e58305170c94bc79
                                                                                                          • Opcode Fuzzy Hash: c07e95390790cd14d7fe80ccc919cbf1c94024d4e428d6de807296edf1cab818
                                                                                                          • Instruction Fuzzy Hash: 61F0EC32741175BBDF2459668C04B9B7DD6EF556B0F218524FE09DBA51D231CC10D3E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86ACE3 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LR^q$P
                                                                                                          • API String ID: 0-1877556667
                                                                                                          • Opcode ID: 5c7606bfe37538b3f129548147890c9a25296a1853ca9b6c8ca60f290ef888f8
                                                                                                          • Instruction ID: 17a5cd15460bf437359da7067e3df0551546de5e30d22e50a138f46c6766086b
                                                                                                          • Opcode Fuzzy Hash: 5c7606bfe37538b3f129548147890c9a25296a1853ca9b6c8ca60f290ef888f8
                                                                                                          • Instruction Fuzzy Hash: 64916F70E002189FCB18DFA9D8946AEBBF5FF88310F14856AE419EB251D7349941CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86AD0B Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LR^q$P
                                                                                                          • API String ID: 0-1877556667
                                                                                                          • Opcode ID: dd0527cb83e578eeefb9e4850549b3fee68b7ed612b1ede9ff3adfd1497d3dee
                                                                                                          • Instruction ID: aa5e5831b2fc26f9d2ef602af959d2fcf43184329449bd87e46dd7960edaf688
                                                                                                          • Opcode Fuzzy Hash: dd0527cb83e578eeefb9e4850549b3fee68b7ed612b1ede9ff3adfd1497d3dee
                                                                                                          • Instruction Fuzzy Hash: 4D21C175A052159FCF09CBA4DC44AFFBBB9FB89311F14445AE109EB260D734DA04CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8680FF Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0oAp$DqAp
                                                                                                          • API String ID: 0-3838729942
                                                                                                          • Opcode ID: 3a8920403dd2a02e2bbe9178ecf1229a3c0a534c09c269a50a9d33e7f28c8e54
                                                                                                          • Instruction ID: 301aae4f5e76b5eba962b3607009dd6530b94615738b8546cace6491da1991b5
                                                                                                          • Opcode Fuzzy Hash: 3a8920403dd2a02e2bbe9178ecf1229a3c0a534c09c269a50a9d33e7f28c8e54
                                                                                                          • Instruction Fuzzy Hash: E111E730710205DFD700DB68D8657ADBBF6FB88314F2044A9E105EB394DF759D458B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869A40 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: f01e326608e8ab0c1dc1a23e7498bbcaa7c1b01a5d36639201f107b27c24829d
                                                                                                          • Instruction ID: 87650991a454fa9059b1ec96e9e7fe51162e5e82814bfa5c6171b62e11f5a3ea
                                                                                                          • Opcode Fuzzy Hash: f01e326608e8ab0c1dc1a23e7498bbcaa7c1b01a5d36639201f107b27c24829d
                                                                                                          • Instruction Fuzzy Hash: E8127D74D01218CFCB68DF64D959A9DBBB2FF49305F2084AAD50AA7350DB35AE82CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 04323D9A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2924283742.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_4320000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttachConsole
                                                                                                          • String ID:
                                                                                                          • API String ID: 986699043-0
                                                                                                          • Opcode ID: bd0a5f35eec163e128a30e599ede845ca8c8230856be521018ba480f73e81a16
                                                                                                          • Instruction ID: e66afa3d5fd2d41799c4106747a886a6d8e2b95e53889a545245ec13665c070f
                                                                                                          • Opcode Fuzzy Hash: bd0a5f35eec163e128a30e599ede845ca8c8230856be521018ba480f73e81a16
                                                                                                          • Instruction Fuzzy Hash: 7131AD355003118FCB04DF64D985B9EBFF0EF85314F1485A9C5989B266CB78EA48CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869A2F Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: d042d558339461e1ae9f29b0412e73b1a9663587973cd15d7c1a6448f9f4c66b
                                                                                                          • Instruction ID: 3c21e3bf57693e8be67e7f70ada61d5dac0387cd5d4c2f2260163bf42b967d5f
                                                                                                          • Opcode Fuzzy Hash: d042d558339461e1ae9f29b0412e73b1a9663587973cd15d7c1a6448f9f4c66b
                                                                                                          • Instruction Fuzzy Hash: 2D028E74901228CFCB69DF64D959B9CBBB2FF49301F1084AAD50AA7750DB35AE82CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 04323CF2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2924283742.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_4320000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttachConsole
                                                                                                          • String ID:
                                                                                                          • API String ID: 986699043-0
                                                                                                          • Opcode ID: a03322a2780b7e1e956a84fddda8d39285b68ec4c5feeadb4f32ce7eed59bfdf
                                                                                                          • Instruction ID: cc5692b9b4061774d549d00578f7ffa4136b93f9761bbfad1f1e8342f9775c99
                                                                                                          • Opcode Fuzzy Hash: a03322a2780b7e1e956a84fddda8d39285b68ec4c5feeadb4f32ce7eed59bfdf
                                                                                                          • Instruction Fuzzy Hash: 601134B5800209CFCB10CF9AC945BDEFBF4EF48324F20842AD568A3290D738A944CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0432324C Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2924283742.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_4320000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttachConsole
                                                                                                          • String ID:
                                                                                                          • API String ID: 986699043-0
                                                                                                          • Opcode ID: d3fa4c4032542ada60e9e260d18141efe7d5c22c2d37d7772cf64f0977c51abe
                                                                                                          • Instruction ID: 587e64b03e1bdaa73457485cf216f5bb372da572dbcc455d8b271aebba6951ea
                                                                                                          • Opcode Fuzzy Hash: d3fa4c4032542ada60e9e260d18141efe7d5c22c2d37d7772cf64f0977c51abe
                                                                                                          • Instruction Fuzzy Hash: 181179B5800219CFCB10DF9AC5447EEFBF4EF48320F20802AD918A7240D738A940CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865328 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: fd7bc54ec02e2145660469112f9c05bf665021c73e1b0eb23be94835b43304c7
                                                                                                          • Instruction ID: c268c1fd05244edcd63a8996a3be0b733d3890ea6db9c870775c5dbc69c009ca
                                                                                                          • Opcode Fuzzy Hash: fd7bc54ec02e2145660469112f9c05bf665021c73e1b0eb23be94835b43304c7
                                                                                                          • Instruction Fuzzy Hash: 0D81F574B002059FDB18DF68D998AAEBBB6FF88714F1180A9E506DB360DB35DC41CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FE7B0 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: fd3a92c8d88a0b79f62b5c040e6aa30c6e1eef2da80aa881897faf3fa411eccb
                                                                                                          • Instruction ID: f99baba71a8be2ad321422ce555cb5a78215e26759a41c5eca655761118b78fb
                                                                                                          • Opcode Fuzzy Hash: fd3a92c8d88a0b79f62b5c040e6aa30c6e1eef2da80aa881897faf3fa411eccb
                                                                                                          • Instruction Fuzzy Hash: 6B514E75A093A55FD706AF7CD4601AE7FB1EF82250B0840E7D484CF292DA24DD46C7D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861448 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !
                                                                                                          • API String ID: 0-2657877971
                                                                                                          • Opcode ID: b58d4e488e82b20412f11125d5c2192d94fd1ab632b3872e34b5ae62d8f56fdd
                                                                                                          • Instruction ID: d63f5eff3620bad335fa718c83b0adaad0bcd9255d1dd9f4b79b401a984dfeb1
                                                                                                          • Opcode Fuzzy Hash: b58d4e488e82b20412f11125d5c2192d94fd1ab632b3872e34b5ae62d8f56fdd
                                                                                                          • Instruction Fuzzy Hash: 50511031A002048FCB10EFB8D8486ADBBB6EF89320F15446EE505E7281DB34D90AC7B2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8653D2 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: c86ee0bbc674a53e8f812ff23920edffebfa96474529863b6ab5a2da116f1c25
                                                                                                          • Instruction ID: fffe3223c4c5b33176577bbb1ec010dd8ade492f7b70e5e0dbdaaf094677dd1f
                                                                                                          • Opcode Fuzzy Hash: c86ee0bbc674a53e8f812ff23920edffebfa96474529863b6ab5a2da116f1c25
                                                                                                          • Instruction Fuzzy Hash: 6261A274A002159FCB18DF68D598A6DBBF6FF88725F1580A8E906DB360EB35DC41CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F7780 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Hbq
                                                                                                          • API String ID: 0-1245868
                                                                                                          • Opcode ID: 51d1432576f5bc0e474f64e9f4b228723f39e190c9c06484139a965a9257aab4
                                                                                                          • Instruction ID: 4f6156d6adfc57c72f4c619ba5b9d874c1c0aac60f03d4e44ba454b32c59f0fa
                                                                                                          • Opcode Fuzzy Hash: 51d1432576f5bc0e474f64e9f4b228723f39e190c9c06484139a965a9257aab4
                                                                                                          • Instruction Fuzzy Hash: 18314F70A002098FDB14EF78D4586AEBBF6FF88750F504529D506AB7A4DF349C41CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8624C8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: `Q^q
                                                                                                          • API String ID: 0-1948671464
                                                                                                          • Opcode ID: 334f292cb4f4d81f15c5d971aef3db31194dbb3064e79440e29ef8569512bd48
                                                                                                          • Instruction ID: b919ad4acf60a536d30ce71a44c6638e322c50e28a40e524b7a649741bc23616
                                                                                                          • Opcode Fuzzy Hash: 334f292cb4f4d81f15c5d971aef3db31194dbb3064e79440e29ef8569512bd48
                                                                                                          • Instruction Fuzzy Hash: 36311B74B102189FCB44DF68D895A9EBBF5EB88324F1081AAE909EB351DB31AC41CF51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FE7A2 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: 762eef0d40b0bb43b2680133ef787eb1860dd879f804fb5fbcb874c37dd37ad2
                                                                                                          • Instruction ID: 553445967307246929e5d2f40117749253c7decc6ad97ffad4d0082ba0907dcd
                                                                                                          • Opcode Fuzzy Hash: 762eef0d40b0bb43b2680133ef787eb1860dd879f804fb5fbcb874c37dd37ad2
                                                                                                          • Instruction Fuzzy Hash: 03119175B0020ACBCB14DFACD9948AEBBFAFF84250B144465E905D7354DB30DD418792
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862439 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ;
                                                                                                          • API String ID: 0-64651642
                                                                                                          • Opcode ID: 24932fd667c4a4ef9db6ed4a0e8bf2fcca91acd95ed7be00e4e48c6608b05b28
                                                                                                          • Instruction ID: d6214e339f58c97c4f3cd4f69026d3239bbf144122feab77a91c17adb4c7bc8d
                                                                                                          • Opcode Fuzzy Hash: 24932fd667c4a4ef9db6ed4a0e8bf2fcca91acd95ed7be00e4e48c6608b05b28
                                                                                                          • Instruction Fuzzy Hash: A611A1713053009FC715DB28E891EA6BB65EF85324B1485AAED49CB356CB31EC47CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86245F Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ;
                                                                                                          • API String ID: 0-64651642
                                                                                                          • Opcode ID: 39395b7f3fd00c25bd35999c35cbe4bb71d129d86a6097f8724982b5cebdea76
                                                                                                          • Instruction ID: ad2f2f0060c26d6c29bba68e87c45b03a3179cec087057b2058c550e099289e4
                                                                                                          • Opcode Fuzzy Hash: 39395b7f3fd00c25bd35999c35cbe4bb71d129d86a6097f8724982b5cebdea76
                                                                                                          • Instruction Fuzzy Hash: DCF0AF71204300AFC311DB24E881E96FB66EF88324B1485A6ED498B746CB30BC5ACBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8623E8 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ;
                                                                                                          • API String ID: 0-64651642
                                                                                                          • Opcode ID: 610cc0911bb37c9df53121fed919c84b14da63d1e7af8d3c6dccd90ad9f4ca69
                                                                                                          • Instruction ID: 6d3c544d910c6a8c7bea6b57fc93f4ea78e4d86b0188582d9e49b8e43aed8ad7
                                                                                                          • Opcode Fuzzy Hash: 610cc0911bb37c9df53121fed919c84b14da63d1e7af8d3c6dccd90ad9f4ca69
                                                                                                          • Instruction Fuzzy Hash: FAF0A0767042109FC311CF5DE48488ABBE4EF9966070081BAE95ACB361DA20EC05C7E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D863700 Relevance: .4, Instructions: 442COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 25e06a284f86cce61cb5de9bfa334b411775166fba7ef44a42d0950e7bc6d3f9
                                                                                                          • Instruction ID: da9fad3ecca73ffa50e32b132982a9291c7cdb832c4b99b04787cef43527cfaa
                                                                                                          • Opcode Fuzzy Hash: 25e06a284f86cce61cb5de9bfa334b411775166fba7ef44a42d0950e7bc6d3f9
                                                                                                          • Instruction Fuzzy Hash: 4D0206747146048FC725DF38C498A7A7BF6BF89725B1988A9E446CB3A1CB35EC45CB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864CB8 Relevance: .3, Instructions: 288COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b7220f68b76d370b7a85985ea17a5e634c36e4491e07991b1ca3e93b9dd17688
                                                                                                          • Instruction ID: 492f09a12bfa0373942f8af85ae821662948226a73d46ad1a4b8a675c31acb9e
                                                                                                          • Opcode Fuzzy Hash: b7220f68b76d370b7a85985ea17a5e634c36e4491e07991b1ca3e93b9dd17688
                                                                                                          • Instruction Fuzzy Hash: 48B18F346013049FD719DB38D890A6AB7A2EF85724F2489ADE45A8F3A1CF31EC46CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F4430 Relevance: .2, Instructions: 237COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 861b8cedeb3f9e5d8636fb81d7d24539632853837db812152628e3570a6ffac3
                                                                                                          • Instruction ID: a40cd0e2f9cabe2d2a1a9299d6e56371f095a6e771a65249ba0cfecd6fa0b699
                                                                                                          • Opcode Fuzzy Hash: 861b8cedeb3f9e5d8636fb81d7d24539632853837db812152628e3570a6ffac3
                                                                                                          • Instruction Fuzzy Hash: 1C816EF4B102569FFB04EB69C85466F77E6BB89280F008429D61ADB794EF34DC05CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A9A8 Relevance: .2, Instructions: 189COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 52d0d766bfabf0f669e754c5fab4d0eb62d642dbff910eea6774de2db2e7d8a6
                                                                                                          • Instruction ID: 4e10ceaf3b4861ab9a27c936739cdbf6a43ddc55ee5c175f75fab3250bc58e62
                                                                                                          • Opcode Fuzzy Hash: 52d0d766bfabf0f669e754c5fab4d0eb62d642dbff910eea6774de2db2e7d8a6
                                                                                                          • Instruction Fuzzy Hash: 8A91BF74D05218CFCB58DFB8C5947ADBBB2BF49315F2080A9D109BB250DB3A9985CF61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A560 Relevance: .2, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c7259d1431c381fbafec6ff1978d74db5bf9f893c38197833d3d99c21e66f3c7
                                                                                                          • Instruction ID: ff60888c7287bb7013a57496548fae32c70d0e58fe10660abcb112d1fc34718e
                                                                                                          • Opcode Fuzzy Hash: c7259d1431c381fbafec6ff1978d74db5bf9f893c38197833d3d99c21e66f3c7
                                                                                                          • Instruction Fuzzy Hash: 1F71E3B0D05218CFCB19EFB4D4546ADBBB2FF49315F208429D116BB2A0DB7A9941CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F9640 Relevance: .2, Instructions: 177COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 458db670e71d6eada4a478b556064504430e884d01d93eb70778452f6b5fcf7e
                                                                                                          • Instruction ID: 64b1056805cd496e9d3eed3e31a1842bf29b2c5e734e31fc6db377a477b70dcf
                                                                                                          • Opcode Fuzzy Hash: 458db670e71d6eada4a478b556064504430e884d01d93eb70778452f6b5fcf7e
                                                                                                          • Instruction Fuzzy Hash: F7611AB5A00209DFEB14DFA5D894BAEBBB5EF88350F148029E909E7360DB30AC45CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864409 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3cb02dc88c71f88698524ee0bc88042ac967d72fd1be5fccd5ed4073b8f86c10
                                                                                                          • Instruction ID: 2f79eac607e72d7f3d55575639e924162a1bf8ea1c703dff91f193b1fdbf8932
                                                                                                          • Opcode Fuzzy Hash: 3cb02dc88c71f88698524ee0bc88042ac967d72fd1be5fccd5ed4073b8f86c10
                                                                                                          • Instruction Fuzzy Hash: C2713C346002198FCB49DF68D9909DDBBF2FF88310B1185A9D44AAB365DB35ED46CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864418 Relevance: .2, Instructions: 173COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c6bdb60ba7ef7c339dfe9d86b9a365e38de5c24f677a9cfcc88c233d9f829431
                                                                                                          • Instruction ID: c141e6a26dfee2a3d6dc6126db534262f4f732c550eb17d74aa2ea58fbaa5856
                                                                                                          • Opcode Fuzzy Hash: c6bdb60ba7ef7c339dfe9d86b9a365e38de5c24f677a9cfcc88c233d9f829431
                                                                                                          • Instruction Fuzzy Hash: D8714E306002198FCB09DF68D9909DDBBF2FF88310B1185A9D44AAB365DB35ED46CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D868678 Relevance: .2, Instructions: 169COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d370007603dad755b8a8f564ed08272fd5f2c0f3b8decf776ef0b582c848b236
                                                                                                          • Instruction ID: 4a77e77a85214dae9b86259416327eac458320bb6c077146988ca5823e833394
                                                                                                          • Opcode Fuzzy Hash: d370007603dad755b8a8f564ed08272fd5f2c0f3b8decf776ef0b582c848b236
                                                                                                          • Instruction Fuzzy Hash: 626117347142048FD769DB24D889B69B7F6FF88724F148499E80A8B391CB75EC82CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862628 Relevance: .2, Instructions: 154COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 86a26d6ac5031d6ea9e6781f8b42c1516be80bd031300970e7868662b04f78cb
                                                                                                          • Instruction ID: acb913374ff9ee137614764ce39150bc8d77a5e6b7a4adf5ec95da55fba59699
                                                                                                          • Opcode Fuzzy Hash: 86a26d6ac5031d6ea9e6781f8b42c1516be80bd031300970e7868662b04f78cb
                                                                                                          • Instruction Fuzzy Hash: 4D518C74B002049FDB14DB68C954F6EBBF6AF88724F1580A9E906DB3A1DB31EC40CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869729 Relevance: .1, Instructions: 146COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bdaa855f7acf71f554ea1327a2bb484652db84d6c5791bdf6c0bfc0d92e43866
                                                                                                          • Instruction ID: 7b536120da04bea53a340f23becffab270330bb1ad195d85cff03c4651476ffc
                                                                                                          • Opcode Fuzzy Hash: bdaa855f7acf71f554ea1327a2bb484652db84d6c5791bdf6c0bfc0d92e43866
                                                                                                          • Instruction Fuzzy Hash: 1751B2B4E00249CFCB04DFA4D999AAEBBB2FF89311F204429E505B7394DB359941CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F95D6 Relevance: .1, Instructions: 146COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 63238c6b6bf771c7e864b0540b6a8fb5d3e63e53247239634798300246452fa2
                                                                                                          • Instruction ID: 7e1b4cfaa9b9c5cd37272aacc6c7bc44a60ea36023df0597b4c018ea0dbda32c
                                                                                                          • Opcode Fuzzy Hash: 63238c6b6bf771c7e864b0540b6a8fb5d3e63e53247239634798300246452fa2
                                                                                                          • Instruction Fuzzy Hash: FA511CB5B002059FEB14DFA9D598BAEB7F5EF88350F148029E50AE7260DB31EC45CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86AE08 Relevance: .1, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ccf1d7c73e82ede811b4698c21d95fb78c85ccde0fa61dce494fc38847ee3d7a
                                                                                                          • Instruction ID: 6e3f6de5f94dcfa85d9a6c574308a9f5539502f4a68e333a58b1c852e0965ff2
                                                                                                          • Opcode Fuzzy Hash: ccf1d7c73e82ede811b4698c21d95fb78c85ccde0fa61dce494fc38847ee3d7a
                                                                                                          • Instruction Fuzzy Hash: 3B51F7B1D003189FDB18DFA9D8947AEBBB5FF48324F148129E819BB250DB74A941CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869370 Relevance: .1, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ef8dac3cf1f8ced31f01a4c508c096e588ca54d5ce99e7054e86fb3dc65943bb
                                                                                                          • Instruction ID: d018171d9e6791427e73c873edcf398f11d7862b26777660cde1007d6e016528
                                                                                                          • Opcode Fuzzy Hash: ef8dac3cf1f8ced31f01a4c508c096e588ca54d5ce99e7054e86fb3dc65943bb
                                                                                                          • Instruction Fuzzy Hash: A1513735600200CFCB14EF28D584A59B7F2FF88725B1589A9E91A8B761CB31FC46CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862618 Relevance: .1, Instructions: 133COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c74c9fdd834fa17d6b31a66cd918dfae5492d182b8e0574553a587d5755810e3
                                                                                                          • Instruction ID: 63f394b83383f729786b68b01567ed367adcf31d2b84dc3c31137961095473ae
                                                                                                          • Opcode Fuzzy Hash: c74c9fdd834fa17d6b31a66cd918dfae5492d182b8e0574553a587d5755810e3
                                                                                                          • Instruction Fuzzy Hash: 23516974A002049FDB14DF69C954F7ABBF6AF88724F1580A9E906DB3A1DB31EC41CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869548 Relevance: .1, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 263f55607e5f561013e3f68187648312c8164dffd916281f8da7dddd0ee10ecc
                                                                                                          • Instruction ID: 7fcdd3b634ed83cfbdcca70213fcac16491dcce3ace9a770292cfa68bc26fd12
                                                                                                          • Opcode Fuzzy Hash: 263f55607e5f561013e3f68187648312c8164dffd916281f8da7dddd0ee10ecc
                                                                                                          • Instruction Fuzzy Hash: 54411875900218EFCF15DFA4D880E99BBB6FF49314F1241AAE608AB222D731D955CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F9630 Relevance: .1, Instructions: 118COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e9b8b79021c5951d1de339fa4b6de77b42f785192fde5756d990c9f48a16798c
                                                                                                          • Instruction ID: 9eebc29599564243880cf00a9eb1a693b95035bc0155011f353154b9eb934ae9
                                                                                                          • Opcode Fuzzy Hash: e9b8b79021c5951d1de339fa4b6de77b42f785192fde5756d990c9f48a16798c
                                                                                                          • Instruction Fuzzy Hash: E541FEB4A00209DFEB14DFA5D998B9DBBB5FF88350F144029E915E7260DB30AD45CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A821 Relevance: .1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f67e926e866db01fc376e5d4e11e8e11504045b81142c543cbb4340924609cfa
                                                                                                          • Instruction ID: 256c4477f19614410a614b989b2777c9c5731217fbb097ebbd4eba2b47fd8e88
                                                                                                          • Opcode Fuzzy Hash: f67e926e866db01fc376e5d4e11e8e11504045b81142c543cbb4340924609cfa
                                                                                                          • Instruction Fuzzy Hash: 2D41F7B4E002198FCB04DFA8D5547EEBBF1EB49311F10802AE815B7390CB78A945CFA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A550 Relevance: .1, Instructions: 115COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 64805c328c0b09551e923df484d20170680271e0975af5a02dcc04711d7e057c
                                                                                                          • Instruction ID: 1872973ee3c69a96266c7c40c39b60011fadbf3264aedb481a9848380193f355
                                                                                                          • Opcode Fuzzy Hash: 64805c328c0b09551e923df484d20170680271e0975af5a02dcc04711d7e057c
                                                                                                          • Instruction Fuzzy Hash: D7410E70D05218CFCB19EFB4D4546ADBBB2FF09315F204429D116BB290DB7A9841CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86935F Relevance: .1, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c22930c2def7245cbe12b2d87c382b3ccc57afacec4eada14828a8794b25d22
                                                                                                          • Instruction ID: 58718bc01744ad4b8e915dbe0e06d16df9a4adc6a82a19a91dec5055303f1618
                                                                                                          • Opcode Fuzzy Hash: 9c22930c2def7245cbe12b2d87c382b3ccc57afacec4eada14828a8794b25d22
                                                                                                          • Instruction Fuzzy Hash: 92413734600601DFCB14EF28D584A59B7F2FF89724B158AA9E8198B761DB31FC46CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D868929 Relevance: .1, Instructions: 107COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 060cb0e15cad9d2a88f39b24f5498023f065deeb5231ba81b111ce08aad319af
                                                                                                          • Instruction ID: b2f93bde250e26b63665c036426d9edba1e18dfe62732717556ae2b7664bf946
                                                                                                          • Opcode Fuzzy Hash: 060cb0e15cad9d2a88f39b24f5498023f065deeb5231ba81b111ce08aad319af
                                                                                                          • Instruction Fuzzy Hash: D1412B39310740CFC309DF28E09996ABBB6FB887157518599EC0687795CB39EC82CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F16F0 Relevance: .1, Instructions: 102COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9579cb3a5590ca20c162cade5dad2a2c41582d00c1cca55f46684a4322af0ec3
                                                                                                          • Instruction ID: 62fde78a64ebe7ca85cc1c66beb1b4ee121139bdf2990a022a02a1f0bad3bd63
                                                                                                          • Opcode Fuzzy Hash: 9579cb3a5590ca20c162cade5dad2a2c41582d00c1cca55f46684a4322af0ec3
                                                                                                          • Instruction Fuzzy Hash: 8C413379E00309CFDB15CFA8C548AAEB7F2BF89310F158059E909AB350DB75AC06CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F8788 Relevance: .1, Instructions: 98COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b7cf8fc4316b324120fbe5beccb23b610e16346ff3e59d2e6a44c92b95e6321
                                                                                                          • Instruction ID: a111a83b816530269853d2de3e09741c9cb93afb4a3f772eddaa805039a06dd8
                                                                                                          • Opcode Fuzzy Hash: 6b7cf8fc4316b324120fbe5beccb23b610e16346ff3e59d2e6a44c92b95e6321
                                                                                                          • Instruction Fuzzy Hash: FC31E8B53006019FE7289775E9596AB77EAEFC4690B054839D15FCB780DF24DC468780
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A3B0 Relevance: .1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 747bf69c5a1c1985173ee8e9c40c1afb96898c9574b907ed6c4a73aa397807e5
                                                                                                          • Instruction ID: 7f5d27916d8f5834ae39a7404c7db1ff171b7f54eb3e4a6638049c3c2a031c4e
                                                                                                          • Opcode Fuzzy Hash: 747bf69c5a1c1985173ee8e9c40c1afb96898c9574b907ed6c4a73aa397807e5
                                                                                                          • Instruction Fuzzy Hash: ED41D074E11208DFCB18DFA9D9859ADBBB6FF49714F20802AE409BB354DB359841CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A3C0 Relevance: .1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 21bf4f84517fc83abd21c02898de38a2b72c69d5b580e51bebce7a5fcbf45f7d
                                                                                                          • Instruction ID: 3318caac9495ca69a3a8d2a4614cea29972816f6d614211716f6b791de941aff
                                                                                                          • Opcode Fuzzy Hash: 21bf4f84517fc83abd21c02898de38a2b72c69d5b580e51bebce7a5fcbf45f7d
                                                                                                          • Instruction Fuzzy Hash: 4E41DF74E11308DFCB08DFA8D9819ADBBB6FF49704F20802AE809AB354DB35A945CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A231 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 872dcb84c310ac40638174538830c02995cb9e99a7ea8b7a72a8a202a9969125
                                                                                                          • Instruction ID: 4d61e09e7242f43e376a5ab9cfd282373e4ab0324a72f6cef154ba2f3285d9ac
                                                                                                          • Opcode Fuzzy Hash: 872dcb84c310ac40638174538830c02995cb9e99a7ea8b7a72a8a202a9969125
                                                                                                          • Instruction Fuzzy Hash: 2031787480A3889FCB06DFB499145ADBFB1AF0B211F1441DAD444E72A2C7384A49CB62
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861640 Relevance: .1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 733fb060a00d1d3fcf1a87ca5e34c4aeb45cec785034ff43ae4206e763db4813
                                                                                                          • Instruction ID: 3faa89aa14e4f2d23bebebdc2cf874564e61f27976283b21d19640331a760174
                                                                                                          • Opcode Fuzzy Hash: 733fb060a00d1d3fcf1a87ca5e34c4aeb45cec785034ff43ae4206e763db4813
                                                                                                          • Instruction Fuzzy Hash: EA31B231A006188FCF01EFA4D8545EEFBB5FF89344F12459AD946B3290EF369922CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B1C8 Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c135a99558eef2e529084f1ec0df083023b585c671be70d8068da9019ea6c9a
                                                                                                          • Instruction ID: e87c018449028c89c2050759686f43fc04a766656d9c8fe2daab810e56ee6a25
                                                                                                          • Opcode Fuzzy Hash: 3c135a99558eef2e529084f1ec0df083023b585c671be70d8068da9019ea6c9a
                                                                                                          • Instruction Fuzzy Hash: 3A3116B1D012089FCB14DF99D584ADEBBF9EF48324F20842AE819E7314C734A945CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8642B0 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cba4d60a3ed94efbe9147410795d2f4e574b0cd98cecf548bd5474a56beee82f
                                                                                                          • Instruction ID: 8462dacc396f0890eda2ea85c2839faa77df6ba48acaaad62309725af5c19704
                                                                                                          • Opcode Fuzzy Hash: cba4d60a3ed94efbe9147410795d2f4e574b0cd98cecf548bd5474a56beee82f
                                                                                                          • Instruction Fuzzy Hash: 0D314A74700314DFCB04EF68C854A6EBBEAEB88710F148469E909DB3A5CB35ED41CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861650 Relevance: .1, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 059d7d6f6fd797be4332c9e107477ae7b75cb9929a7ce51cb8b194df4f2f2812
                                                                                                          • Instruction ID: a2071c61af1f55ec50502e73cabd27a6bb7e9f8a895fcb9067dbabc68785f4b1
                                                                                                          • Opcode Fuzzy Hash: 059d7d6f6fd797be4332c9e107477ae7b75cb9929a7ce51cb8b194df4f2f2812
                                                                                                          • Instruction Fuzzy Hash: 3331A031A006188FCF01EFA4C8545EEFBB5FF89314F02459AD94AB7250EF369922CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865200 Relevance: .1, Instructions: 82COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ade111b04b8ce11da4e26f4abb6704b773a04810c091a98744c271ddebc24616
                                                                                                          • Instruction ID: 350dfd473166ee6e6d0ab0246069e4f4624b02e9002881c72f652e9c86196a9b
                                                                                                          • Opcode Fuzzy Hash: ade111b04b8ce11da4e26f4abb6704b773a04810c091a98744c271ddebc24616
                                                                                                          • Instruction Fuzzy Hash: 2421753A3507158BC70AE714EA9586EBB6BEBC4F14F108654E4098F744DF39AD0B87C6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861F70 Relevance: .1, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c39d8efe06010d9ef26e1a460f7ab2115555723a19776eb41310fde7f5c5dee2
                                                                                                          • Instruction ID: f2531874e79c8e1baddcf79c62775dd6bfb9a176d7bc2a0a9070aeafec49fc10
                                                                                                          • Opcode Fuzzy Hash: c39d8efe06010d9ef26e1a460f7ab2115555723a19776eb41310fde7f5c5dee2
                                                                                                          • Instruction Fuzzy Hash: CB3116B5D01258DFCB14CFA9D984BDEFBB4BF48320F20806AE409B7240C775A945CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B1B6 Relevance: .1, Instructions: 80COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ff65bdae169e9c1f6d7540144c58ede2b692bb23bcdbce978b7ad1c1876b9a77
                                                                                                          • Instruction ID: a2442fdf097c31cd6c169d2794ba1d1bddd0fe9deb10884cdc6088dadab68070
                                                                                                          • Opcode Fuzzy Hash: ff65bdae169e9c1f6d7540144c58ede2b692bb23bcdbce978b7ad1c1876b9a77
                                                                                                          • Instruction Fuzzy Hash: EF3133B1C01248DFCB14CFA9C594ADEBFF5AF48314F24802AE419EB351CB74A945CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F15D1 Relevance: .1, Instructions: 80COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1e06f555e25406b485f6b32729c2fcacfce93df8c237b032e00253264e4ac20f
                                                                                                          • Instruction ID: ec70a2f3c2874b73e02c2e881308813634874de7e379e3174935dd4466a0cb91
                                                                                                          • Opcode Fuzzy Hash: 1e06f555e25406b485f6b32729c2fcacfce93df8c237b032e00253264e4ac20f
                                                                                                          • Instruction Fuzzy Hash: 3E21D1B5B00209DBDB18DB74E0686AE77FAAB8C340F14842DE51AE7340CF349C418BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8620B0 Relevance: .1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d769330ca40b366a16f5402a14b6b34067a5aa8243f3de696aac37c2a6db0284
                                                                                                          • Instruction ID: 38863ec8e8479f1cad648606df95921e91da1b67c6ec87a08d46fe2598a48c3a
                                                                                                          • Opcode Fuzzy Hash: d769330ca40b366a16f5402a14b6b34067a5aa8243f3de696aac37c2a6db0284
                                                                                                          • Instruction Fuzzy Hash: EB3125B5D00218DFCB14CFA9D980BDEBBF5BF48310F20806AE909B7250C734A945CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0309D764 Relevance: .1, Instructions: 77COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2922302538.000000000309D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0309D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_309d000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bbdbd9e12bc78c5ef61bcf0d0c30357ca4695f4845acd01f74de9647bc113ab2
                                                                                                          • Instruction ID: 9dc0824cd66caf2a513461e94c66b1194b340c0f0b024646481cc147e399e65e
                                                                                                          • Opcode Fuzzy Hash: bbdbd9e12bc78c5ef61bcf0d0c30357ca4695f4845acd01f74de9647bc113ab2
                                                                                                          • Instruction Fuzzy Hash: 5E21F4B1544240DFEF05DF14D9C4B2BBFA5FB88314F24C6AAE9094B256C33AD416DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F15E0 Relevance: .1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e4d5062dc3034c1b6835d9d4b1a53e97d39b1c49d22c770e979d32108817557d
                                                                                                          • Instruction ID: 7ff38890f4e7decfde098b99b4d42cf84cbc9fc55f1e365ad87b86040aa6e3ab
                                                                                                          • Opcode Fuzzy Hash: e4d5062dc3034c1b6835d9d4b1a53e97d39b1c49d22c770e979d32108817557d
                                                                                                          • Instruction Fuzzy Hash: AA2180B1B00109DBDB18DF75E0586AE77FAAB8C740F14842DD51AE7380DF349C018BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861F64 Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f5b906960e093b068900affaa35edd0390ff926bad8a6c018f0f95b7439db98a
                                                                                                          • Instruction ID: d3989ae24f59e2cced4bc056ea9779d553862b419f8dd7b1e7b6a65ff01395ae
                                                                                                          • Opcode Fuzzy Hash: f5b906960e093b068900affaa35edd0390ff926bad8a6c018f0f95b7439db98a
                                                                                                          • Instruction Fuzzy Hash: 0B21F5B0D00258DFDB14CFA9C994BDEBBB5AB48310F208469E809BB240DB759946CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865110 Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 80111c3d804e305cf8c9c41b5d6b1d20695d024243e8a4b805618ca4237c0d59
                                                                                                          • Instruction ID: 49e1071e2bbe5306acaff3b21ad73af66085d4dc28c36e41f3c7303406672545
                                                                                                          • Opcode Fuzzy Hash: 80111c3d804e305cf8c9c41b5d6b1d20695d024243e8a4b805618ca4237c0d59
                                                                                                          • Instruction Fuzzy Hash: 221103317002155BCA31BA3895141AEB7A7FFC11A07648A6FD053CB758FF70DD4A87A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B4A8 Relevance: .1, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 339ce677b0ca65fd0f1490b62e67ad7719e3b3c97c697472ed96ba4b8ffdad32
                                                                                                          • Instruction ID: 933edfe75324d27b84523b09a41a68e1055acd41fd5ee1d1a31601a7f94fb53d
                                                                                                          • Opcode Fuzzy Hash: 339ce677b0ca65fd0f1490b62e67ad7719e3b3c97c697472ed96ba4b8ffdad32
                                                                                                          • Instruction Fuzzy Hash: 4211E6353002005BD708AB35E855B6EB76BEBC4728F104529E9498B391DF31EC56CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8620A5 Relevance: .1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: df49180d93a0f8d2a2a49a08617c780aa82f5d8f00a0bf033eba2fa659d728ec
                                                                                                          • Instruction ID: 7f2e883b0e6590191862c298bcd19e669ccf7515ab38cb5d50cade2a7a3728e1
                                                                                                          • Opcode Fuzzy Hash: df49180d93a0f8d2a2a49a08617c780aa82f5d8f00a0bf033eba2fa659d728ec
                                                                                                          • Instruction Fuzzy Hash: BC2115B0D00248DFCB14DFA9C994BEEBBF5BF48310F248069E509AB250D774A945CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FF7A1 Relevance: .1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c25efd6730d296bfe7993d5fe537a23ab3b0e5eb7d51c6de013458343f5c8ed8
                                                                                                          • Instruction ID: 2bad844adcdc214cbac9e046d4fc861f99d10ce2f3b02e09865a808e4e8b007f
                                                                                                          • Opcode Fuzzy Hash: c25efd6730d296bfe7993d5fe537a23ab3b0e5eb7d51c6de013458343f5c8ed8
                                                                                                          • Instruction Fuzzy Hash: 602102F0E0429A9FEB10CB69D4547EEBFF0AF49340F04846AC945BB281CB745909CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B028 Relevance: .1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8b92cb9814a6064ca5a095d61fa7a71cb85d37e7796dade6c2b2145be419ff0d
                                                                                                          • Instruction ID: 00304a958397e959f417672d34fc98c4f60d60668ec7656174af0f2db213dc26
                                                                                                          • Opcode Fuzzy Hash: 8b92cb9814a6064ca5a095d61fa7a71cb85d37e7796dade6c2b2145be419ff0d
                                                                                                          • Instruction Fuzzy Hash: E0110B70A10249DFCB44DF64D841AEABBF9FF8D320F14406AE404EB250D731A941CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0309D75F Relevance: .1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2922302538.000000000309D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0309D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_309d000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c99225f2f40b98ee6a4b35ea42840dc2873d4073495a8fd267fcd2d10c7254b
                                                                                                          • Instruction ID: 104115629fc801e476818abffde7f798c43bfca69c5f2ba372965ae3e829a701
                                                                                                          • Opcode Fuzzy Hash: 8c99225f2f40b98ee6a4b35ea42840dc2873d4073495a8fd267fcd2d10c7254b
                                                                                                          • Instruction Fuzzy Hash: 7A218E76544280DFDF16CF10D9C4B16BFA2FB88314F28C6EAD9480A266C33AD416DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F5518 Relevance: .1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 40ee6680a41344f837a2ceeba21f4dcd0310d31654e4a3603f945009900f8d84
                                                                                                          • Instruction ID: 70066876b77919107fc3565433a7372807ee281f4b0f9b6949952d97560abbe1
                                                                                                          • Opcode Fuzzy Hash: 40ee6680a41344f837a2ceeba21f4dcd0310d31654e4a3603f945009900f8d84
                                                                                                          • Instruction Fuzzy Hash: 501190749053489FCB15EBB8C4142AD7FB2EF81204F5485EED04A9B2A2CA359D86CB41
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FE69B Relevance: .1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d3d0f4bd9d430c030e5701b306a4cfdfdfb55bd415e58a0cbddf00abc6ac4c6b
                                                                                                          • Instruction ID: 5e807e88f85b7db06db62eafae137916bc6ada484d5fc0925676e9a636b00595
                                                                                                          • Opcode Fuzzy Hash: d3d0f4bd9d430c030e5701b306a4cfdfdfb55bd415e58a0cbddf00abc6ac4c6b
                                                                                                          • Instruction Fuzzy Hash: 7C1153B0A042489FDB28CB74C0147EEBFFAAF88310F18406AD415E7391DB719D89CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B110 Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7fe6ad756cb60c1b32791e5189676a850fde02a07658bd5bfdfeae35e1c1b2bb
                                                                                                          • Instruction ID: 60541cbd72f8ba894ea77b06b706925c403df95031e722fd9869764dadbb91a8
                                                                                                          • Opcode Fuzzy Hash: 7fe6ad756cb60c1b32791e5189676a850fde02a07658bd5bfdfeae35e1c1b2bb
                                                                                                          • Instruction Fuzzy Hash: B71102719093859FCB41CF7889816EE7FF0BB4A314F1540AAC048DB292D7389906CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FF368 Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 50ae0118fc654f7e2a59b6caed11609fc5720ac5b11bb81a1d34a6810e542ff0
                                                                                                          • Instruction ID: 82d38f6ba028226d38e04306fbc9daacbbcb3fc1b54cbac083fb4b9e4c06bf37
                                                                                                          • Opcode Fuzzy Hash: 50ae0118fc654f7e2a59b6caed11609fc5720ac5b11bb81a1d34a6810e542ff0
                                                                                                          • Instruction Fuzzy Hash: 1B11C6B5A006259FEB14DF69C508AEEBBF5AF88310F14846AE446F7360CB755D44CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FF7B0 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e753f0fcc76ace12cbcd09fcb1a42d9968f10e9613fc3e3f78d36c1e07da8cac
                                                                                                          • Instruction ID: 4fb05e9cedb4aef59549041577f8ac5584e65b5a44cfa41d7f49955c0faccd81
                                                                                                          • Opcode Fuzzy Hash: e753f0fcc76ace12cbcd09fcb1a42d9968f10e9613fc3e3f78d36c1e07da8cac
                                                                                                          • Instruction Fuzzy Hash: CB11B2B1E0025A9FEF20CFA9C4147EEBFF5AF49350F14802AC945B7280CB745948CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B038 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 85cec49824da31b41ffbef099c55e069c7ddff4a5d9fe89b440279fdde1c0a65
                                                                                                          • Instruction ID: 250a119a52ef3e7493ef4e77d321e21af457466ea8b862d4ee424ce3488db39f
                                                                                                          • Opcode Fuzzy Hash: 85cec49824da31b41ffbef099c55e069c7ddff4a5d9fe89b440279fdde1c0a65
                                                                                                          • Instruction Fuzzy Hash: 4611EC70A102089FCB44DFA9D845AAEBBF9FF8C720F14416AE404EB350D731A941CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8622AF Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a8432569f5ce12c25312e298454807bc0a605cc67fbf3017727a0b3d599a21d2
                                                                                                          • Instruction ID: ececb77968f68693189313f77dec1fe2a1acce551581d88137e7836b712d820e
                                                                                                          • Opcode Fuzzy Hash: a8432569f5ce12c25312e298454807bc0a605cc67fbf3017727a0b3d599a21d2
                                                                                                          • Instruction Fuzzy Hash: B311A171604244AFD311CF25D844BAABBE5EF88324F05849AE808CB292D730E945CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D867378 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: efe25c23c44571399cd8280268e06d37fe3c2ea7b4d3974e1ed7d5c90f707594
                                                                                                          • Instruction ID: 4f95c6a75d2cdf0ab00fa250d63dbd92bf6d0acc3ba8fb075ce81d3a8917e68e
                                                                                                          • Opcode Fuzzy Hash: efe25c23c44571399cd8280268e06d37fe3c2ea7b4d3974e1ed7d5c90f707594
                                                                                                          • Instruction Fuzzy Hash: B911CB34D05349AFCB02DFA8D8057FDBBB0BF46324F1091E6D890AB292DB705A40CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FE6B0 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2b35595e0e72e7b7da2b6edd8c6c2cf5e9fc863cdcd5c6ffbcb5b97ba9c73394
                                                                                                          • Instruction ID: 9956c784ed2fe8cfb2806df51c46a689899d6d1d6e214449bd7dfdb13cbe5892
                                                                                                          • Opcode Fuzzy Hash: 2b35595e0e72e7b7da2b6edd8c6c2cf5e9fc863cdcd5c6ffbcb5b97ba9c73394
                                                                                                          • Instruction Fuzzy Hash: 361104B0B042489FDB15CB69C404BAEBFFAAF88350F184069D505E7391DB759D45CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866558 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b8e94dc6dec3771a55157e3bf4272c2f2c3d7b495b328fb7a5e186dee8f36707
                                                                                                          • Instruction ID: 3b27be429a1b7a76c651202e09369c0e23ddc7a3a0738fb4e02dee559b11ea54
                                                                                                          • Opcode Fuzzy Hash: b8e94dc6dec3771a55157e3bf4272c2f2c3d7b495b328fb7a5e186dee8f36707
                                                                                                          • Instruction Fuzzy Hash: 5F11A974D04249AFDB11DFA8D40ABFEBBB0BB45310F1081EAD854A7682EB749A40CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F16DF Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 64914aaa00b3f9de2bea2110ff65385ddbfb261012a519a3dd1bff486198afa9
                                                                                                          • Instruction ID: cb696a1f950bf9c4856f76ee07a86762cacac65bda89541eb82f5b6b0ed8dd98
                                                                                                          • Opcode Fuzzy Hash: 64914aaa00b3f9de2bea2110ff65385ddbfb261012a519a3dd1bff486198afa9
                                                                                                          • Instruction Fuzzy Hash: 83112338A00318CFCB24DB68D549A98BBF2FB49325F1180A9E40D9B351C73AEC45CF40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8622C0 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a99e00eba50a7afbb0fa5a0c1f42c9272b01824edcbc4156bf53ac5f278dbccd
                                                                                                          • Instruction ID: f8e3830d537dcf0988394337a097d2159b25726d3c32fbe142332f3496aff91f
                                                                                                          • Opcode Fuzzy Hash: a99e00eba50a7afbb0fa5a0c1f42c9272b01824edcbc4156bf53ac5f278dbccd
                                                                                                          • Instruction Fuzzy Hash: B2016DB06142449FD365CF19D844FAABBF5EB84324F05849AE849CB392D771E945CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8692E8 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b68e09077c1129fe5d46b777cb841b378dd18570af2507b244d14fe44d5393d
                                                                                                          • Instruction ID: 1df0499dd284f296b4a4e66b04056d2e532d5f4752a55b046a29bfb8455829c5
                                                                                                          • Opcode Fuzzy Hash: 0b68e09077c1129fe5d46b777cb841b378dd18570af2507b244d14fe44d5393d
                                                                                                          • Instruction Fuzzy Hash: D60140312552409FD351DB24E841F92FBB5AB85724F548296ED488F6D2C7B1FC81CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0309D01D Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2922302538.000000000309D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0309D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_309d000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6779717c6522b312fd879f69075684e63d00401cf5cc884b2524bd67bd74fbe1
                                                                                                          • Instruction ID: b73e9af88fd73d7f59f106cadc2ce56f099820b69b155535771e520bc7a30353
                                                                                                          • Opcode Fuzzy Hash: 6779717c6522b312fd879f69075684e63d00401cf5cc884b2524bd67bd74fbe1
                                                                                                          • Instruction Fuzzy Hash: 4A01F27044A3009AFB10CA29CD84B6BFFD8EF81324F0CC96BED080B286C279D841D6B1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865FD0 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bd0957e189ab816e8697537ba250789296b0441e1e31012194bab9927fb1f3c3
                                                                                                          • Instruction ID: 55de564b8497ba89a627cefca38278162bf7cb4d238214f9a4d7fb801aea9c14
                                                                                                          • Opcode Fuzzy Hash: bd0957e189ab816e8697537ba250789296b0441e1e31012194bab9927fb1f3c3
                                                                                                          • Instruction Fuzzy Hash: E701A970D00258EFCB04DFA8D446BBEBBB4AF44310F0085A9D414A7242E7749A40CF40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866680 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 412d2bc0b6f6645f3492f81d9ecd7a238c77c168edb38169235c2648407c93bb
                                                                                                          • Instruction ID: a9df7614c549368f663cf0ed10ae92f9d00f8f2da1665809ec41abce3153c127
                                                                                                          • Opcode Fuzzy Hash: 412d2bc0b6f6645f3492f81d9ecd7a238c77c168edb38169235c2648407c93bb
                                                                                                          • Instruction Fuzzy Hash: 9C118BB4D01249EFDB45DFA8D4067FDBBB0BB45310F1085E9D414A7241EB74AA40CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8696A0 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d9a0242466485257a0208ccdad7ec914366a79390517c18d8562e3afd3d7f72
                                                                                                          • Instruction ID: 69f2328a3f54148038d760e3688662796ebffec48f93b318369d5b6f727659bf
                                                                                                          • Opcode Fuzzy Hash: 5d9a0242466485257a0208ccdad7ec914366a79390517c18d8562e3afd3d7f72
                                                                                                          • Instruction Fuzzy Hash: 43016574A01209EFCB05DBA4DA44AEEBBB0FB85300F1081FAD804A7365DB345E49DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8656AF Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 112c89747f0be158ff9ab71695dedd88fa541261ad053da21182d6c1e2d96ff3
                                                                                                          • Instruction ID: c05f879e79ceee902fdf1b4c231db8c579d53437721dfa5e27aaf034a271d375
                                                                                                          • Opcode Fuzzy Hash: 112c89747f0be158ff9ab71695dedd88fa541261ad053da21182d6c1e2d96ff3
                                                                                                          • Instruction Fuzzy Hash: 680153B4D01219DFDB04DFA9D449BBEBBF0AB49310F1085EAE854A7282DB74AA40CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8669AF Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bbc8c21e4fc7a5d38efb76699e9e3b82f647a8e91509bf5108fb5f4b1fc1f381
                                                                                                          • Instruction ID: 288d32deb16b4aa4916492e5ea31a90d432f9a10e24af233ad65f6a2ada7e944
                                                                                                          • Opcode Fuzzy Hash: bbc8c21e4fc7a5d38efb76699e9e3b82f647a8e91509bf5108fb5f4b1fc1f381
                                                                                                          • Instruction Fuzzy Hash: F7115B74D00259DFDB04DFA9D806BBDBBB0BF45314F0085E9D854A7242EB745A44CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86807B Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a473736cae50adaad77e3ca2252e222ccd96f58c5fe58898f8d9f96b0e0dd847
                                                                                                          • Instruction ID: 6535338b85ae5b243cd85ec0c1658eded87f297b5eae890ed142732b509a0547
                                                                                                          • Opcode Fuzzy Hash: a473736cae50adaad77e3ca2252e222ccd96f58c5fe58898f8d9f96b0e0dd847
                                                                                                          • Instruction Fuzzy Hash: 64018F39214300DFC7519B74E985959FF7AEB8A324B61809AFA48DB351CE31EC45CF61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866BCF Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: afe494768cd0061c264bfbafb82f94447e4662e955ab18c3b71deb674d76821b
                                                                                                          • Instruction ID: 0db5c27c04b969b19ff09df7182567edb08ccfcae207cac3648aa36b982bfdaa
                                                                                                          • Opcode Fuzzy Hash: afe494768cd0061c264bfbafb82f94447e4662e955ab18c3b71deb674d76821b
                                                                                                          • Instruction Fuzzy Hash: E0118B70D05248AFCB05DFA8D806BBDBBB0EB45310F0485EAD454A7292E6749A40CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FF378 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08f98b4e373e48e935ccac16c494872d18c87f9ed5af4f3c9f261bf978fb1fe5
                                                                                                          • Instruction ID: 0d02ffaa19e6bc04587a0653adac57826b9a369ca6e33095ac88b7ac75fb25c6
                                                                                                          • Opcode Fuzzy Hash: 08f98b4e373e48e935ccac16c494872d18c87f9ed5af4f3c9f261bf978fb1fe5
                                                                                                          • Instruction Fuzzy Hash: A401D6B4A006258FDB14DF69C508A9EBBF5AF8C300F14806ED846E73A0CF795D44CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0309D007 Relevance: .0, Instructions: 44COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2922302538.000000000309D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0309D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_309d000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a00c2411ce43b5d3f47ae52260547642e56858954edc070136e10b4d93725b94
                                                                                                          • Instruction ID: 9bc217c7b04357457f17bc19dc9eef085be8bc434daa04340cde1372cddc1941
                                                                                                          • Opcode Fuzzy Hash: a00c2411ce43b5d3f47ae52260547642e56858954edc070136e10b4d93725b94
                                                                                                          • Instruction Fuzzy Hash: E7014C7144E3C09EE7128B25CC94B52BFB4EF43224F1D80CBD8888F2A3C2699849D772
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862344 Relevance: .0, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 73f4fffb8561024f71ba85ffb912c218fb40a6271d03772e888ae7cd00abf0a7
                                                                                                          • Instruction ID: 55b6d716a0dee45b95ec10ef32ef8233d4e0ef4131d948003f7cfb340c9a8003
                                                                                                          • Opcode Fuzzy Hash: 73f4fffb8561024f71ba85ffb912c218fb40a6271d03772e888ae7cd00abf0a7
                                                                                                          • Instruction Fuzzy Hash: ACF06271E002198BCF14DFB585552AE7AB6AB88B20F10816DDC56FB380CF7489418BEA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8696B0 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b09f28403acc07f98ebd292dee0cb84be857ffb3299eb15a1a469750b76ea48b
                                                                                                          • Instruction ID: 78544572bdb5edeae4a5dc8b8b9440478c188e77c73e462ca893a54186d0830d
                                                                                                          • Opcode Fuzzy Hash: b09f28403acc07f98ebd292dee0cb84be857ffb3299eb15a1a469750b76ea48b
                                                                                                          • Instruction Fuzzy Hash: 3C01F674A01209EFCB14EFA4D545AAEB7B1FB85300F1081B9D908A7354DB34AE45DF84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8688B1 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a8b79b73c5c435ef9a8ec72ffb8c0c1e4a972bcba3779d4370c68f2ff6619151
                                                                                                          • Instruction ID: e67eba6caefbc117d59310956cdb9b4aa360641a52f28571a5b38cd822d782ed
                                                                                                          • Opcode Fuzzy Hash: a8b79b73c5c435ef9a8ec72ffb8c0c1e4a972bcba3779d4370c68f2ff6619151
                                                                                                          • Instruction Fuzzy Hash: AE011974E04209EFCB04EBA4E9456EDBBB1EF85210F1091A6D844A7750DB349E45DF81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862350 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3a84f18bbe4c95cc45a33e01182429844172ba08107b199dea67287b8f3d68ce
                                                                                                          • Instruction ID: f3a95c6407628862b4843d7940f28bae2665abd6b32d06016b0375b00d00ad47
                                                                                                          • Opcode Fuzzy Hash: 3a84f18bbe4c95cc45a33e01182429844172ba08107b199dea67287b8f3d68ce
                                                                                                          • Instruction Fuzzy Hash: 04F04471E0421D8BCF14DF7585152AE79BAAB89A60F10826DD856FF384CF74890187EA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D867F51 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d4a86871eb93d25f26dff8b9c1e04bfabe9a9d9283bbca84e4ca9bfb1d2f7ce
                                                                                                          • Instruction ID: df55af25744b0a137788f631a1f98275e3a9ea1798a95082ce454811a1db84ab
                                                                                                          • Opcode Fuzzy Hash: 5d4a86871eb93d25f26dff8b9c1e04bfabe9a9d9283bbca84e4ca9bfb1d2f7ce
                                                                                                          • Instruction Fuzzy Hash: 72F0A07292864C9FCB15CBB4A951AFCBB34EB43121F1010DBD101A3A81CA314F88DBE2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8641C2 Relevance: .0, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 61ae3988e166f5daa0e307310ce1dec85bb594e4b6e7107b7d3bf78817de9b83
                                                                                                          • Instruction ID: 5f665c5840a4e9dd8d32c1f5c62ee3dd3b926442212422957731ffd7d564750d
                                                                                                          • Opcode Fuzzy Hash: 61ae3988e166f5daa0e307310ce1dec85bb594e4b6e7107b7d3bf78817de9b83
                                                                                                          • Instruction Fuzzy Hash: 02F0AE37F00128578B15DFBD94004EF76AADFC8A20751C069E946FB200C971CE1287E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D868088 Relevance: .0, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a972c530a64791aa20bd4b627b359d443bcdb4f63f7e08442d0b3dc83be612b8
                                                                                                          • Instruction ID: dc58c5239065a3dd503b0e293234c5e230ffba3138771894178a46c26c18a721
                                                                                                          • Opcode Fuzzy Hash: a972c530a64791aa20bd4b627b359d443bcdb4f63f7e08442d0b3dc83be612b8
                                                                                                          • Instruction Fuzzy Hash: 69F0F939210300DFC745DB65E586919FB6AEBC9364B619169FA059B360CE31EC45CF60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F5410 Relevance: .0, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2ad65b70b4b796dfc53beb83506894f7213c73347cf40d5e12d083917953635
                                                                                                          • Instruction ID: 22b6792ed30bad13240af92537b6c9ff8a74919441294a52efaf92f0c89637df
                                                                                                          • Opcode Fuzzy Hash: c2ad65b70b4b796dfc53beb83506894f7213c73347cf40d5e12d083917953635
                                                                                                          • Instruction Fuzzy Hash: 59F02772B04604EFC715EA66E800D9FBBEDEF88260711843AE20CC3250DA34D902CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8641C8 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c6c179953cb6ba0ccf6fdcf3b8b9e0eb47615fbeb91b4601df2e697e8956e4a
                                                                                                          • Instruction ID: f2416cf21ff0d507f682d8df561fd6d7be791ce1340756721773c1a420db6e21
                                                                                                          • Opcode Fuzzy Hash: 8c6c179953cb6ba0ccf6fdcf3b8b9e0eb47615fbeb91b4601df2e697e8956e4a
                                                                                                          • Instruction Fuzzy Hash: 14F03736F00128578B15AEBD54044EFB6AADBC8A20B558169E946FB204D971CE1287E2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F8778 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fc4f2aabd5f4d19e0ab13e8c30910b4d0a02436719a284338e70a1012dc6fd80
                                                                                                          • Instruction ID: 56332d4c508202bb50e6574e65ff1677a1e11b72c8b5a2235257639c123b8cf6
                                                                                                          • Opcode Fuzzy Hash: fc4f2aabd5f4d19e0ab13e8c30910b4d0a02436719a284338e70a1012dc6fd80
                                                                                                          • Instruction Fuzzy Hash: 09F027B22047015BE326927AED1474BBBD5DFC1650B048D3AD06DCB210EF65D8488690
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073FE758 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 16304321f839d907905b8ae33e2668ccb84d0fe31644c47f1a01ba1a470d03f8
                                                                                                          • Instruction ID: 72e461e8fdd01ec8998c411e4b95b6e8a275b8375930f7dd2c0a7b223e4b2b17
                                                                                                          • Opcode Fuzzy Hash: 16304321f839d907905b8ae33e2668ccb84d0fe31644c47f1a01ba1a470d03f8
                                                                                                          • Instruction Fuzzy Hash: C3F0ED363001904FC716AA1CF0448FE3BAADBCA63172440A7E12DCB661CB25CD42C7A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862470 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 46f62f29b4801a3664f385b09d95dc245a5a9c41a0ee592d7567e84b81728c70
                                                                                                          • Instruction ID: d15524fa4a1a5b77bd8d4a33a023d3e094491c400242e63ad02a83fd5141de56
                                                                                                          • Opcode Fuzzy Hash: 46f62f29b4801a3664f385b09d95dc245a5a9c41a0ee592d7567e84b81728c70
                                                                                                          • Instruction Fuzzy Hash: 76F09A313002019FC710DB24E880E5AFB6AEBC8724B148566EC094B346CB30FC86CBE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B148 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5148c62d42b657cc3d8e1f4e50d0ea143f54aa4fe443089f98b26c8c635094c6
                                                                                                          • Instruction ID: d9780b25d68f3ab7d9edb6b8d4f20c3ecaafc8e35591499e6f73b39071c6195c
                                                                                                          • Opcode Fuzzy Hash: 5148c62d42b657cc3d8e1f4e50d0ea143f54aa4fe443089f98b26c8c635094c6
                                                                                                          • Instruction Fuzzy Hash: 56F01771D1021AAFCB54EFA9C955AAFBBF5BF88314F104029D409E7350EB74AA41CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861590 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 324a0105e12ac8f1e1c43f401c236dc41b8437b52752716f1d83d06e4ec5f0d7
                                                                                                          • Instruction ID: 2606049f013bef4b0db2114b5764da2fadf5e444d97a95b51efc2d0f02176bc1
                                                                                                          • Opcode Fuzzy Hash: 324a0105e12ac8f1e1c43f401c236dc41b8437b52752716f1d83d06e4ec5f0d7
                                                                                                          • Instruction Fuzzy Hash: 6BE0923131421087CA286739A45967E77EEDBC9669B16046EE207C3380DF65EC07C6E6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8688C0 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ac06ae14bb057e17738a70c2fecaf89bd21c8d72ba01e66ee1029fd0cbef3fb7
                                                                                                          • Instruction ID: 21ded85e6d6c469f223c878cbad799d2f34ef8d30f1cd191d1fb92b59f6d4326
                                                                                                          • Opcode Fuzzy Hash: ac06ae14bb057e17738a70c2fecaf89bd21c8d72ba01e66ee1029fd0cbef3fb7
                                                                                                          • Instruction Fuzzy Hash: 63F0F974E00109EFCB44EFA8E545AADFBB1EF85300F1092A5D804A7750DB305E44DF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869289 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3b53db3c85c6c70f31782113e160e178b13aa2541bfd51479e675186ee84ab9d
                                                                                                          • Instruction ID: 5f8d5c44c658fc1bbe9f07e9f21ec3f45e688cc97e8cd7fd727ea62cb2da2a34
                                                                                                          • Opcode Fuzzy Hash: 3b53db3c85c6c70f31782113e160e178b13aa2541bfd51479e675186ee84ab9d
                                                                                                          • Instruction Fuzzy Hash: F6F01734908249EFC715DFB8A0587ECBFB5AB06214F0080EAD85497242E6349A94DB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8664B0 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: feb90b29e4979eecc8670457a33fd56a87b6479e67a18d501239b10a18ecaf6b
                                                                                                          • Instruction ID: 6cd34e19835869aee821ac5fbe14ad01cf992b41bf9e890bb1c2d2d8fc62948c
                                                                                                          • Opcode Fuzzy Hash: feb90b29e4979eecc8670457a33fd56a87b6479e67a18d501239b10a18ecaf6b
                                                                                                          • Instruction Fuzzy Hash: 1DF0A03090A3D08ED706DF78EA666AC7F30AF43214F0510DBD080AB1A2EA388D44C7A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86662B Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fad85ebecd6d3c0934b63e48f3dd0d4efd1234a689dec66c99209e5a08009b76
                                                                                                          • Instruction ID: adb3da880b0aaa8305afa3b51bdfef48ad61519e8b5c6d2e2d4a9a4d35062a90
                                                                                                          • Opcode Fuzzy Hash: fad85ebecd6d3c0934b63e48f3dd0d4efd1234a689dec66c99209e5a08009b76
                                                                                                          • Instruction Fuzzy Hash: 64F06530545349DFCB16DBB4E956AADBB74EF02210F0052EAE00867652DB346E84DBD2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8643B8 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e2c016d2f694165fcb6460ba92f89d488ea35bba6d880fdd4cdfcc020161a21b
                                                                                                          • Instruction ID: d97edfb2ed4c3951d03b5bcb077999da600b301d2114bd89ba99434453737378
                                                                                                          • Opcode Fuzzy Hash: e2c016d2f694165fcb6460ba92f89d488ea35bba6d880fdd4cdfcc020161a21b
                                                                                                          • Instruction Fuzzy Hash: 8EE0D1373001047BCB155B55E494D6D7B66FFC9275B10402BE9098B700CA315C53D791
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D868610 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8176386be08c7f60fae04210a61bb2384618b2c8c832a7e435c500f52c591845
                                                                                                          • Instruction ID: 7b1d3fad4befe8c014af6ec56c7ccfa19caf24e4bbadd8d46c5480573f4e82e0
                                                                                                          • Opcode Fuzzy Hash: 8176386be08c7f60fae04210a61bb2384618b2c8c832a7e435c500f52c591845
                                                                                                          • Instruction Fuzzy Hash: C8F0E5351053405FC312CB18E845F91BBF4AB05730F1980C7E8488B6A3C760FC44CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D868620 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: aaa2a1fbb94811a705b371785306b21866970aed96f79281c6e142fc6fcfbda8
                                                                                                          • Instruction ID: f37eb6ee29269be4c8d9b7d82d8709bd675b0f7c7c2f991222549069e91752b2
                                                                                                          • Opcode Fuzzy Hash: aaa2a1fbb94811a705b371785306b21866970aed96f79281c6e142fc6fcfbda8
                                                                                                          • Instruction Fuzzy Hash: 47F015352502009FC315DB18E489E96BBE9AB48B24F19858AE9098B7A2C7B1FC40CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8650B0 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dce66f97bf00bdbe008e240440b961c96c2575ece53ca6536cfc52963d357bc3
                                                                                                          • Instruction ID: f5577cb3d66ea8aed0b5a272828d7be15e507998d174d377ed88624900f4b511
                                                                                                          • Opcode Fuzzy Hash: dce66f97bf00bdbe008e240440b961c96c2575ece53ca6536cfc52963d357bc3
                                                                                                          • Instruction Fuzzy Hash: 61E092322247409FD308DB64EDC5F6277EAEB84724F54C489E94A87A92CB74BD50CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B568 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d1e04d1fcdffe530ad956ddbdcf3a66bd15c01cee6602d61c7a564b3c89d9e8f
                                                                                                          • Instruction ID: 531188aa2629c897665ecd4eff43d60753d3c350b7df281dc388df5a2304bd1f
                                                                                                          • Opcode Fuzzy Hash: d1e04d1fcdffe530ad956ddbdcf3a66bd15c01cee6602d61c7a564b3c89d9e8f
                                                                                                          • Instruction Fuzzy Hash: 7CE092343143408FC7089B74D855A697773BF85B08F1004E8E54E8F7E2EA22EC52C792
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8621BD Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 41e31a09b6a510cc6ee453958a88dd5c98b340c3c40ca3aba8a1b7c77e7cdeb3
                                                                                                          • Instruction ID: 11d41180aa364cfbd36aec68ce4e56b7e0784059c7321495be2e6bff5cdd0db3
                                                                                                          • Opcode Fuzzy Hash: 41e31a09b6a510cc6ee453958a88dd5c98b340c3c40ca3aba8a1b7c77e7cdeb3
                                                                                                          • Instruction Fuzzy Hash: 07F01274C4030EDFDB10DFA5C8956AEBBF5BB08320F108669D621E2284D77495808FD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8623F8 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08993cb3e985ca50cd1d73af743046d61a9b7f5bccbc67bc405f94ce7633c7bf
                                                                                                          • Instruction ID: 75ff798bc3e0f9ca7f60927e681d3b804608db839412716aece1c811f72e1f79
                                                                                                          • Opcode Fuzzy Hash: 08993cb3e985ca50cd1d73af743046d61a9b7f5bccbc67bc405f94ce7633c7bf
                                                                                                          • Instruction Fuzzy Hash: 84E01A763006109F8314DA5EE984C8BBBE9EFCD660311857AE55ECB720DA31EC44CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D867338 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6f7ab775525d8b11927d751b93fa1c949ae07549524fa112accd4ff62a868451
                                                                                                          • Instruction ID: eeac6ce565b777c1d499ceb87be9f4190a535876b0c74a7918af5292709d8278
                                                                                                          • Opcode Fuzzy Hash: 6f7ab775525d8b11927d751b93fa1c949ae07549524fa112accd4ff62a868451
                                                                                                          • Instruction Fuzzy Hash: 19E0DF30905388DBC714DBB4E906BE8BB34EB02515F20109ED40423A10CA351940D7D6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864C03 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 776375b6d5b3bc6c2b130965da88fefab5d57b43c738cf6287d6cb7043f0697b
                                                                                                          • Instruction ID: c53818aa438ad27eacadb9ef9846b4a3a4da67bba1c94316515472609666f0bb
                                                                                                          • Opcode Fuzzy Hash: 776375b6d5b3bc6c2b130965da88fefab5d57b43c738cf6287d6cb7043f0697b
                                                                                                          • Instruction Fuzzy Hash: E4E04F72C0D3A8AFCB039BB89C154AEBF7C9E07610B4680D7D440EB153C2745A15C7E2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861189 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e39492e8f8e6d22160bb5ed6ce22a695f049a981c60359d2294e96f000f1dd5c
                                                                                                          • Instruction ID: f82c1ec7dae9b28f4dc1877b7d812cf9713a59bd77a9832e9eaf512ca0f44c5f
                                                                                                          • Opcode Fuzzy Hash: e39492e8f8e6d22160bb5ed6ce22a695f049a981c60359d2294e96f000f1dd5c
                                                                                                          • Instruction Fuzzy Hash: 67E01A31102300CBC72A9B38D054516B3A6EF45BAD7515C7DE0478BAA1EF37F881CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866971 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b49b2dcb217152eab385c6723f0895075f2bd60fc57a1de2ac016cc32fd6edc6
                                                                                                          • Instruction ID: 1eaaf25b9af75410fa7e3f03f044f2e6f7e5cc1443aa73d89f773d1a07baed4b
                                                                                                          • Opcode Fuzzy Hash: b49b2dcb217152eab385c6723f0895075f2bd60fc57a1de2ac016cc32fd6edc6
                                                                                                          • Instruction Fuzzy Hash: EBE0D834905148EFC714CB70E916BA9FB34AF02110F0411DDD40823601DB356A50C7D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866B90 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9b03f4557d58d31496fcdb8979d6a8d714a86f11758c418578819fda8b60bb5e
                                                                                                          • Instruction ID: e06baec0f4d0ba7639b9de713dd77478695de385060d8d17786af719aa69ca9a
                                                                                                          • Opcode Fuzzy Hash: 9b03f4557d58d31496fcdb8979d6a8d714a86f11758c418578819fda8b60bb5e
                                                                                                          • Instruction Fuzzy Hash: 22E0863190D248DFD719CBB5ED16AAE7B34EB43221F0410EED049A7251DA785D40CBA6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D869298 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ab8cb282fc8de148bc6bb809d74083e5e06888b3bda43ee91c4db1205863d5f
                                                                                                          • Instruction ID: be930d1abb0c6c3a4ab3686dcc63beeeeea62627bf825899f7f7a1fcb5a85012
                                                                                                          • Opcode Fuzzy Hash: 1ab8cb282fc8de148bc6bb809d74083e5e06888b3bda43ee91c4db1205863d5f
                                                                                                          • Instruction Fuzzy Hash: 4DF0AE74D05209EFCB55EFA8E1497ADBBF8AB09215F1080E9E858A7380E6789A44DF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8621C8 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f4b735383f9f78c9b7476296fa3b69b4ea5171032ce1ea60b5525edfca0c9729
                                                                                                          • Instruction ID: e5f1ff41b38a137af8c7cfd2000894e6d73f86fa6b6feee6bb34366c10563316
                                                                                                          • Opcode Fuzzy Hash: f4b735383f9f78c9b7476296fa3b69b4ea5171032ce1ea60b5525edfca0c9729
                                                                                                          • Instruction Fuzzy Hash: A4F03070C4020EDFDB10DFA5C8456AEBEF9BB04320F108665D521E2284D73481808FE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865F90 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 48decbdb6be4430206e2f2bcffd9abda318d8d624536f6267b9858244b353217
                                                                                                          • Instruction ID: dedb390f6d52cd8ea2b3da7e23823a6079e2273d141889605736980c10590fc0
                                                                                                          • Opcode Fuzzy Hash: 48decbdb6be4430206e2f2bcffd9abda318d8d624536f6267b9858244b353217
                                                                                                          • Instruction Fuzzy Hash: 2CE08C30811108DBCB28CFA4E9A6BBDB378EB06621F10109DE00623650DB395A54CF97
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866638 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a2f4cd0f805ae0b55b1ce8f3d79eb29590450f96cf4030dc448c85c87c7e171c
                                                                                                          • Instruction ID: d18afe593044ce22fe0daff18ba48b1eab8285447361323abbed4f0a782df8c7
                                                                                                          • Opcode Fuzzy Hash: a2f4cd0f805ae0b55b1ce8f3d79eb29590450f96cf4030dc448c85c87c7e171c
                                                                                                          • Instruction Fuzzy Hash: 52E04F30A01209DFCB14DFA4E556AAEF774EB42315F1061E8E40867310DB30AE44DBC5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865670 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2084d0eeefbc91bc6958c0bb7f14cd7940df1ad99a9124c5d56c0781429496b7
                                                                                                          • Instruction ID: 7be728cdde3dc680ed6c28e6425fe1a5117b85cbd5b6fa7534deda8b3a421a38
                                                                                                          • Opcode Fuzzy Hash: 2084d0eeefbc91bc6958c0bb7f14cd7940df1ad99a9124c5d56c0781429496b7
                                                                                                          • Instruction Fuzzy Hash: 19E04F34900245DFD754DFA4D95ABBDB778EB06212F0060E8E909A7210DB345D41DF65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D8650C0 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 625325dff983b16c530ee95622808e8f6c1e4e412d3308f3f2de96c28f6effcb
                                                                                                          • Instruction ID: 69efa5f6e899486514045d49624595387cbdb7f0e654f587cda3f4a432061c1e
                                                                                                          • Opcode Fuzzy Hash: 625325dff983b16c530ee95622808e8f6c1e4e412d3308f3f2de96c28f6effcb
                                                                                                          • Instruction Fuzzy Hash: C4E026312243409FD304DB24E884F62BBDBAB80724F58C089F8498B692CB70FC40CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B578 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 94ced5d80d6994381523d61b2e4e58a5f6c23bd9030637b05000630e3230c412
                                                                                                          • Instruction ID: 988e45f5391982beface0b0a1cfb27f62a09c92626658d46b76c99ae5b945a8f
                                                                                                          • Opcode Fuzzy Hash: 94ced5d80d6994381523d61b2e4e58a5f6c23bd9030637b05000630e3230c412
                                                                                                          • Instruction Fuzzy Hash: E5E0BF703503455FC708DB74D856A2977A6AB84B08F104498E5098F7A1DE62EC52C791
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866522 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 97e8df1f2096c630c47b89fe5c4ff6b3c6698ad168c4bcc5be57f971153f2926
                                                                                                          • Instruction ID: 5a81c9a6a55daf5623047810139843c7f6fc86bb26fc90bcd6201fda0abf697b
                                                                                                          • Opcode Fuzzy Hash: 97e8df1f2096c630c47b89fe5c4ff6b3c6698ad168c4bcc5be57f971153f2926
                                                                                                          • Instruction Fuzzy Hash: FBD01770901208EFCB19DFA4EA5BA6DB738EB02615F1051D8E50563250EB356E00DB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861198 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f8ec9c11c4d984b2b0822fddd38553764867ae44bce0acc1bebf2963101c0f4e
                                                                                                          • Instruction ID: 9d4edd5f4640879afc41b8f600b069856d5dfac51aefdcca382f50f7efb1e3dd
                                                                                                          • Opcode Fuzzy Hash: f8ec9c11c4d984b2b0822fddd38553764867ae44bce0acc1bebf2963101c0f4e
                                                                                                          • Instruction Fuzzy Hash: A0E0B631101700CBC72A9B38D054416B3A6AF45A6D3910C6DE0478FA91EF37F881CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866528 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 31f6c140a6e4ce822dc72261720bdafc1a2ba16294394d2b35cbeadf33b53d8f
                                                                                                          • Instruction ID: 55cd6fc2c0b7dfd704c53746ebd6a1a143b45f0f335aad625cd2d842062a9dac
                                                                                                          • Opcode Fuzzy Hash: 31f6c140a6e4ce822dc72261720bdafc1a2ba16294394d2b35cbeadf33b53d8f
                                                                                                          • Instruction Fuzzy Hash: BDD05E70901208DBCB15DFA4E91BA6DB738EB02615F0011D8E50473250EB345E00DB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862C88 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dd9b2bb8248cf3468eed014c5bc6e2cf6085a2852b2b688b51e060bcf26e7d31
                                                                                                          • Instruction ID: f9136a203003c36ff0026b6d71e5f430940dc5baf68829116a9966614bb8be6a
                                                                                                          • Opcode Fuzzy Hash: dd9b2bb8248cf3468eed014c5bc6e2cf6085a2852b2b688b51e060bcf26e7d31
                                                                                                          • Instruction Fuzzy Hash: EFE0723910A2D02FC30AC720A12969C3FF15F92320F2A84CFC1C08F243CA212D8BC3A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865FA0 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 569ab99194eac1311e0e791e65686516a319d08a7735611321171b295a624471
                                                                                                          • Instruction ID: 49e53fae3beb29806654b30bcece015656b943c8edbeb10b8a4c3f04666b8a51
                                                                                                          • Opcode Fuzzy Hash: 569ab99194eac1311e0e791e65686516a319d08a7735611321171b295a624471
                                                                                                          • Instruction Fuzzy Hash: 1AD05E30912208DBC714DFA4E516AADB778DB02211F1010D8A40563250DB745E44DB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D867F60 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 44d44460a06284b94e55402157a068c7f959627b812313dba431ea0e394c9baf
                                                                                                          • Instruction ID: abbe06f52fe9a6462a838d3d0c41075345e9f7adca0c9ae8fce30d582ae98918
                                                                                                          • Opcode Fuzzy Hash: 44d44460a06284b94e55402157a068c7f959627b812313dba431ea0e394c9baf
                                                                                                          • Instruction Fuzzy Hash: F2D05E30911208EBC714DFB4E916EADB738DF42215F002098E50463250DB345E40DBD4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D865680 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b22f8e37b656c8fd1d1692f115e407258e50997d0aa875d23bce56813f8fb52e
                                                                                                          • Instruction ID: d3cc757c9f6e6e3f98726dbca108ac6d486a57093e3d22707f26191542d0b38e
                                                                                                          • Opcode Fuzzy Hash: b22f8e37b656c8fd1d1692f115e407258e50997d0aa875d23bce56813f8fb52e
                                                                                                          • Instruction Fuzzy Hash: 24D05E30901209DFC754DFA4E90AA6DB778EB07212F005098E509B7250CB345E00DFA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866980 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be79570c8b9fcce60650fe241045a6931bae8d057a9eef5a4eb14fdcd355a453
                                                                                                          • Instruction ID: 6bbf4b8d43d502356d835786cfe10132daae4d7c47ebec4f846c885508751f41
                                                                                                          • Opcode Fuzzy Hash: be79570c8b9fcce60650fe241045a6931bae8d057a9eef5a4eb14fdcd355a453
                                                                                                          • Instruction Fuzzy Hash: CCD05E34901208DBCB14DFA4E516A7EB738DB42211F0020A8A40463250DB345E40DB98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D866BA0 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d68835e2430f4213f730f6ddd3fd408a6fa7746915462f414a4608b273209306
                                                                                                          • Instruction ID: 1a9234beff066a6172559839ee84ccf718bd7b0644816b9298725993bd32f279
                                                                                                          • Opcode Fuzzy Hash: d68835e2430f4213f730f6ddd3fd408a6fa7746915462f414a4608b273209306
                                                                                                          • Instruction Fuzzy Hash: 71D05E30901208DBCB14DFA5E516AADB738EB02211F0010DCA40863350DF745E40DB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D867348 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 10cf73050ff3f2dd2b114c61c5a8eee42b64416cf963dded0c98cf1d923cda21
                                                                                                          • Instruction ID: 1afabcea1a3a909c3f28d14313fbebee74a274f53f8e80d0be84eec74f372c21
                                                                                                          • Opcode Fuzzy Hash: 10cf73050ff3f2dd2b114c61c5a8eee42b64416cf963dded0c98cf1d923cda21
                                                                                                          • Instruction Fuzzy Hash: 78D05E3091120CDBCB14DFA4EA56E6DB738EB02615F105098E50463250DB355E00DB98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864C81 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d93188f3cc1153fac927e5f24baa44d2a4213339d7be5245ea55539226f657c6
                                                                                                          • Instruction ID: 522c6b9bd72a7e9bad24efd9a1b3b85ecc46d6e6e27ca282cbee2b8c2740a1f6
                                                                                                          • Opcode Fuzzy Hash: d93188f3cc1153fac927e5f24baa44d2a4213339d7be5245ea55539226f657c6
                                                                                                          • Instruction Fuzzy Hash: BFD09E356160105FEB48CB49E890A6AB355AF8D210B18C09EE51AC7B51D665EC82C790
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862288 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c68104b0a9940ad30dd58e36ff0882cd084a83e84d92bf3c0542659551768d9a
                                                                                                          • Instruction ID: 712594ffa33f0468a6e97bbea9878dbaec5096567174f310af6ef1b67b15242f
                                                                                                          • Opcode Fuzzy Hash: c68104b0a9940ad30dd58e36ff0882cd084a83e84d92bf3c0542659551768d9a
                                                                                                          • Instruction Fuzzy Hash: DDD05E303020104BCB2CCE08E4D0FA9B394AF89210B25809EE815C3600C621EC83CBD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864C18 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 081e846108452426cf1ee44e544597346dde37ec292415cba708282302ff22a4
                                                                                                          • Instruction ID: dab83f4a5675e85b1145afd9eaf92cf5af707668db1dc56db07284704bbb8a70
                                                                                                          • Opcode Fuzzy Hash: 081e846108452426cf1ee44e544597346dde37ec292415cba708282302ff22a4
                                                                                                          • Instruction Fuzzy Hash: 72D0C972D0423D978B11ABE998050EFFB7CEE09A10B818156E915A7200D3745A118BD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86B001 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9fc3f16670038dfb0c71a4a0c76c193055ba098353b34636cdcfd3d561e57f7f
                                                                                                          • Instruction ID: efcf0bae0ae9ef1812ca87e56b3eb7a61742655f5fc4567581d13741eb80297c
                                                                                                          • Opcode Fuzzy Hash: 9fc3f16670038dfb0c71a4a0c76c193055ba098353b34636cdcfd3d561e57f7f
                                                                                                          • Instruction Fuzzy Hash: 1CD0A93A40D381AFD34A9770C018A91BFB0AF8624AF0488DEE1CA81023C2368063CB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86A370 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4d3c38fbb482820b0cf52bc079a9aaedd8c393ddb21d19210bd940c47f6d52be
                                                                                                          • Instruction ID: 966bee0c89450681c2b1be1b56b198c2ebfc0c6a9b549b98c4163e0b77cbad52
                                                                                                          • Opcode Fuzzy Hash: 4d3c38fbb482820b0cf52bc079a9aaedd8c393ddb21d19210bd940c47f6d52be
                                                                                                          • Instruction Fuzzy Hash: A8C08C10C4D28C5EC5094A70584AA31BB24A707022F0A21CAE88CA3803A52A841086C8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D864288 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e14de2b3b75b9a36bbbc6de747baeea2af291210c5388eb508ea5488a84fea1f
                                                                                                          • Instruction ID: 291b3c05b713ab5015ba8644757cfaeb0617e609092a89c7b70824ee2d651fb9
                                                                                                          • Opcode Fuzzy Hash: e14de2b3b75b9a36bbbc6de747baeea2af291210c5388eb508ea5488a84fea1f
                                                                                                          • Instruction Fuzzy Hash: 39C08C3031A0204BC70CCA4DE890CA6B399AFCD224328C0AEA80DC7301CA22EC43C6D0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861F40 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b082f52a4b164e9a91ea92a6df5fbb716ccabe1e9d361c7df5767262c28fc5c9
                                                                                                          • Instruction ID: 42fdc3ca85e695f91e67a11d3e9a863b6bf3b9ab218e239bd09bb6a03a222368
                                                                                                          • Opcode Fuzzy Hash: b082f52a4b164e9a91ea92a6df5fbb716ccabe1e9d361c7df5767262c28fc5c9
                                                                                                          • Instruction Fuzzy Hash: 59C08C38601280CED708CB30A2A47B83F33EBAD218F08808AC8890BA11CE795003CE04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862081 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e2ce7d4d595f1cb8708db439500cc0db31fcbc7d13853f5c745706932585551c
                                                                                                          • Instruction ID: 3479def6d2cd36577fffec555120b1d7ed30f1d548226c17bcde00d4a510269d
                                                                                                          • Opcode Fuzzy Hash: e2ce7d4d595f1cb8708db439500cc0db31fcbc7d13853f5c745706932585551c
                                                                                                          • Instruction Fuzzy Hash: 31C08C31100040CBC245867492108903B22DBA9221714A99B800DCAA65C32BEC06CA20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 073F1467 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2928903780.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_73f0000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 25666b962263aa954f589cf2e61cafd76de1680abdcfb3de90aa6c147d773849
                                                                                                          • Instruction ID: 87f1c5cc77281ffe2158d6c32703e4957895957e1710c6ccfe7155e0bfb8a748
                                                                                                          • Opcode Fuzzy Hash: 25666b962263aa954f589cf2e61cafd76de1680abdcfb3de90aa6c147d773849
                                                                                                          • Instruction Fuzzy Hash: 9FC04C3BE00009CBCF01DA94F8454DDF374EB98226B20C163D6256220097312929CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D861F50 Relevance: .0, Instructions: 7COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b561b3b5d7630453ee53befc559e97c402fae6533270762a9813dc6c408b017
                                                                                                          • Instruction ID: aa62753d76f3d5f5469c2783a9309b306b10ddd68ee2d294b28e6ba20171370a
                                                                                                          • Opcode Fuzzy Hash: 0b561b3b5d7630453ee53befc559e97c402fae6533270762a9813dc6c408b017
                                                                                                          • Instruction Fuzzy Hash: 73B012301003088792089765A54483177AEDBDC614744C054900D06501CE36F8028980
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D862090 Relevance: .0, Instructions: 6COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dbd90b79fad216b51d958f511a903dc68cf2cdaeed883fe34f727992b17353b8
                                                                                                          • Instruction ID: e9b311c43f331da4efabd4c3e26e30c57ff3af013f644adbe189213380114536
                                                                                                          • Opcode Fuzzy Hash: dbd90b79fad216b51d958f511a903dc68cf2cdaeed883fe34f727992b17353b8
                                                                                                          • Instruction Fuzzy Hash: E4A01230010208C781445644E40546077ACD7486257005054900D02511CB12BC418980
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0D86ACD0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000001.00000002.2935372282.000000000D860000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D860000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_1_2_d860000_as-installer-7.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9004477e49b7de5471ee7e38b059c2f000290295beb8ef1154ec1fb733b55925
                                                                                                          • Instruction ID: 049384de21060c05fc8c5701c472b73460ba6f2e7e3408021e3037b3f42d6641
                                                                                                          • Opcode Fuzzy Hash: 9004477e49b7de5471ee7e38b059c2f000290295beb8ef1154ec1fb733b55925
                                                                                                          • Instruction Fuzzy Hash: 74A00274101250DBD759AB78D0504147332BF8175D7F489ECC845092918BBBDC53CE02
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%