Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 27, 2021, 2:21 p.m.	Oct. 27, 2021, 2:23 p.m.

Size	12.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`9f869aecfc2c65dc3a0c170ebcd4d429`
SHA256	`4f3ab21915ecedde2ddde10abeab7969f31ef640fff698bad0973649b5dce1a1`
CRC32	`5F83C7A3`
ssdeep	`196608:plLjrWYmNp6Upyji3J7/kRXK6LY9LEfIG7jiYlxgA01BwQX17SY8S3F:plzTg6Hi3eRXprf/ji0xgAuvF7NF`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

GOMAUDIOKORSETUP_NEW.EXE "C:\Users\test22\AppData\Local\Temp\GOMAUDIOKORSETUP_NEW.EXE"
2532
- KillGom.exe "C:\Program Files (x86)\GOM\GOMAudio\KillGom.exe" popup.EXE
  1572
- regsvr32.exe "regsvr32" /s "C:\Program Files (x86)\GOM\GOMAudio\MiniBand.dll"
  2744
  - regsvr32.exe /s "C:\Program Files (x86)\GOM\GOMAudio\MiniBand.dll"
    832
- regsvr32.exe "regsvr32" /s "C:\Program Files (x86)\Common Files\GOM & Company\VSUtil.dll"
  1192
- Goma.exe "C:\Program Files (x86)\GOM\GOMAudio\GOMA.exe" /regassoc
  2572
- Goma.exe "C:\Program Files (x86)\GOM\GOMAudio\GOMA.exe" /regassocdef
  2260
- nsb9EA1.tmp C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\nsb9EA1.tmp /silent
  1488
  - avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.bf47894bd73193d0\avast_free_antivirus_setup_online_x64.exe" /silent /cookie:mmm_gom_ppi_003_434_m /ga_clientid:905df8e6-a617-4af7-9057-633a8b368fbc /edat_dir:C:\Windows\Temp\asw.bf47894bd73193d0
    3032
    - Instup.exe "C:\Windows\Temp\asw.60b8d26201f36095\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.60b8d26201f36095 /edition:1 /prod:ais /guid:f67aa09e-bd89-4ed5-8e92-1707c1a27e97 /ga_clientid:905df8e6-a617-4af7-9057-633a8b368fbc /silent /cookie:mmm_gom_ppi_003_434_m /ga_clientid:905df8e6-a617-4af7-9057-633a8b368fbc /edat_dir:C:\Windows\Temp\asw.bf47894bd73193d0
      812
      - instup.exe "C:\Windows\Temp\asw.60b8d26201f36095\New_15020997\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.60b8d26201f36095 /edition:1 /prod:ais /guid:f67aa09e-bd89-4ed5-8e92-1707c1a27e97 /ga_clientid:905df8e6-a617-4af7-9057-633a8b368fbc /silent /cookie:mmm_gom_ppi_003_434_m /edat_dir:C:\Windows\Temp\asw.bf47894bd73193d0 /online_installer
        2040
explorer.exe C:\Windows\Explorer.EXE
1264
explorer.exe explorer.exe
1708
dotnetfx.exe C:\Users\test22\AppData\Local\Temp\dotnetfx.exe /q /c:"install /q"
2676
SetupUtility.exe SetupUtility.exe /aupause
880
SetupUtility.exe SetupUtility.exe /screboot
1144

Name	Response	Post-Analysis Lookup
shepherd.ff.avast.com	CNAME shepherd.ns1.ff.avast.com	69.94.69.113
s-vps18tiny.avcdn.net	CNAME fallbackupdates.avcdn.net.edgekey.net CNAME e9229.dscd.akamaiedge.net AAAA 2600:1410:4000:18f::240d AAAA 2600:1410:4000:1a6::240d	23.40.45.32
cdn2.gomlab.com	A 14.0.114.117 CNAME cdn2.gomlab.com.cdnga.net A 14.0.114.116	14.0.114.116
l4691727.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.75 A 23.43.165.50	23.43.165.50
c3978047.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a532 AAAA 2600:1410:1000::172b:a54b	23.43.165.50
bits.avcdn.net	CNAME e9229.dscd.akamaiedge.net CNAME bits.avcdn.net.edgekey.net A 23.53.224.176	23.40.45.32
m0658849.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.75 A 23.43.165.50	23.43.165.75
r0965026.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net AAAA 2600:1410:1000::172b:a50a AAAA 2600:1410:1000::172b:a53b	23.43.165.59
h4444966.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.75
ana.gomtv.com	A 183.110.10.189	183.110.10.189
r3802239.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.50
s-iavs9x.avcdn.net	CNAME fallbackupdates.avcdn.net.edgekey.net CNAME e9229.dscd.akamaiedge.net AAAA 2600:1410:4000:1a6::240d AAAA 2600:1410:4000:18f::240d	23.40.45.32
g1928587.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net A 23.43.165.59 A 23.43.165.10	23.43.165.59
r4427608.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net A 23.43.165.10 A 23.43.165.59	23.43.165.59
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 142.250.199.78	172.217.31.142
h4444966.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net AAAA 2600:1410:1000::172b:a50a AAAA 2600:1410:1000::172b:a53b	23.43.165.59
z4055813.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.50
y8002308.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.50
n4291289.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net A 23.43.165.10 A 23.43.165.59	23.43.165.59
h4444966.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.75
r4427608.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net AAAA 2600:1410:1000::172b:a50a AAAA 2600:1410:1000::172b:a53b	23.43.165.59
p9854759.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.50
download.visualstudio.microsoft.com	CNAME cs10.wpc.v0cdn.net CNAME 4316b.wpc.azureedge.net CNAME 2-01-5830-0005.cdx.cedexis.net A 192.229.232.200	192.229.232.200
s-vps18tiny.avcdn.net	CNAME fallbackupdates.avcdn.net.edgekey.net CNAME e9229.dscd.akamaiedge.net A 23.40.45.32	23.40.45.32
r6726306.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a532 AAAA 2600:1410:1000::172b:a54b	23.43.165.50
ncube.gomtv.com	A 183.110.10.192	183.110.10.192
iavs9x.u.avast.com	A 96.7.251.218 CNAME a117.dscd.akamai.net CNAME iavs9x4.u.avcdn.net.edgesuite.net A 96.7.251.224	23.43.165.50
estat-thirdparty.zum.com	A 112.175.191.56	112.175.191.56
playinfo.gomlab.com	A 99.84.224.119 CNAME d1ymuusydhd2tm.cloudfront.net A 99.84.224.136 A 99.84.224.161 A 99.84.224.155	13.224.42.10
cdn.gomlab.com	CNAME cdn.gomlab.com.cdnga.net A 14.0.114.117 A 14.0.114.116	14.0.114.117
l7814800.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.75
shepherd.ff.avast.com	A 5.62.25.43 CNAME shepherd.ns1.ff.avast.com A 77.234.46.23 A 77.234.42.66 A 5.62.40.201 A 5.62.48.205 A 69.94.69.152	69.94.69.113
h4444966.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net A 23.43.165.59 A 23.43.165.10	23.43.165.59
z4055813.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.50
y8002308.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.50
n4291289.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net AAAA 2600:1410:1000::172b:a53b AAAA 2600:1410:1000::172b:a50a	23.43.165.59
r6726306.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.50
log.gomlab.com	A 34.202.213.193 CNAME gomlab-log-17054681.us-east-1.elb.amazonaws.com A 54.174.83.201	34.202.213.193
m0658849.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a532 AAAA 2600:1410:1000::172b:a54b	23.43.165.75
r0965026.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net A 23.43.165.10 A 23.43.165.59	23.43.165.59
r3802239.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.75 A 23.43.165.50	23.43.165.50
p9854759.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a532 AAAA 2600:1410:1000::172b:a54b	23.43.165.50
alpha-license-dealer.ff.avast.com	A 5.62.38.16 A 69.94.69.208 CNAME alpha-ld-stack.ns1.ff.avast.com A 5.62.38.35	69.94.69.205
l4691727.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net AAAA 2600:1410:1000::172b:a54b AAAA 2600:1410:1000::172b:a532	23.43.165.50
s-iavs9x.avcdn.net	CNAME fallbackupdates.avcdn.net.edgekey.net CNAME e9229.dscd.akamaiedge.net A 23.40.45.32	23.40.45.32
img.gomlab.com	A 99.86.207.102 CNAME d11rsycchmvxkn.cloudfront.net A 99.86.207.45 A 99.86.207.37 A 99.86.207.8	54.192.70.16
www.microsoft.com	CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net CNAME e13678.dscb.akamaiedge.net A 23.201.37.168	104.109.241.178
v7event.stats.avast.com	CNAME analytics.ff.avast.com CNAME analytics.ns1.ff.avast.com A 5.62.53.213 A 5.62.53.239	69.94.68.209
l7814800.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.50 A 23.43.165.75	23.43.165.75
c3978047.iavs9x.u.avast.com	CNAME iavs9x4.u.avcdn.net.edgesuite.net CNAME a117.dscd.akamai.net A 23.43.165.75 A 23.43.165.50	23.43.165.50
g1928587.vps18tiny.u.avcdn.net	CNAME u4.avcdn.net.edgesuite.net CNAME a27.dscd.akamai.net AAAA 2600:1410:1000::172b:a50a AAAA 2600:1410:1000::172b:a53b	23.43.165.59

IP Address	Status	Action
112.175.191.56	Active	Moloch
14.0.114.116	Active	Moloch
142.250.199.78	Active	Moloch
164.124.101.2	Active	Moloch
183.110.10.189	Active	Moloch
183.110.10.192	Active	Moloch
192.229.232.200	Active	Moloch
23.53.224.176	Active	Moloch
34.202.213.193	Active	Moloch
5.62.53.239	Active	Moloch
96.7.251.224	Active	Moloch
99.84.224.136	Active	Moloch
99.86.207.102	Active	Moloch
23.201.37.168	Active	Moloch
23.43.165.50	Active	Moloch
23.43.165.59	Active	Moloch
23.43.165.75	Active	Moloch
5.62.38.16	Active	Moloch
5.62.40.201	Active	Moloch
77.234.46.23	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49184 -> 14.0.114.116:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49182 -> 14.0.114.116:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49183 -> 14.0.114.116:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49197 -> 14.0.114.116:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49181 -> 99.84.224.136:80	2011227	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	Potentially Bad Traffic
TCP 192.168.56.102:49223 -> 14.0.114.116:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49229 -> 23.53.224.176:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.229.232.200:80 -> 192.168.56.102:49239	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.229.232.200:80 -> 192.168.56.102:49239	2014520	ET INFO EXE - Served Attached HTTP	Misc activity
TCP 192.168.56.102:49235 -> 112.175.191.56:80	2011227	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	Potentially Bad Traffic
TCP 96.7.251.224:80 -> 192.168.56.102:49248	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49184 14.0.114.116:443	None	None	None
TLSv1 192.168.56.102:49182 14.0.114.116:443	C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1	C=US, ST=California, L=Campbell, O=CDNetworks Inc., CN=support18.cdnetworks.net	99:61:0c:bb:af:ec:d1:3f:78:8c:35:33:f9:01:ae:94:5a:91:36:d9
TLSv1 192.168.56.102:49183 14.0.114.116:443	C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1	C=US, ST=California, L=Campbell, O=CDNetworks Inc., CN=support18.cdnetworks.net	99:61:0c:bb:af:ec:d1:3f:78:8c:35:33:f9:01:ae:94:5a:91:36:d9
TLSv1 192.168.56.102:49197 14.0.114.116:443	None	None	None
TLSv1 192.168.56.102:49223 14.0.114.116:443	None	None	None
TLSv1 192.168.56.102:49229 23.53.224.176:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	C=GB, L=London, O=Avast plc, OU=avcdn, CN=*.avcdn.net	ff:97:bf:fa:16:55:c5:95:15:f5:0d:8f:d7:f8:40:a5:e7:61:a5:e8
TLS 1.1 192.168.56.102:49233 96.7.251.224:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	4e:74:27:b2:2c:d7:8f:7a:a4:71:65:18:cf:6a:09:fb:74:a8:72:e8
TLS 1.1 192.168.56.102:49244 96.7.251.224:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	4e:74:27:b2:2c:d7:8f:7a:a4:71:65:18:cf:6a:09:fb:74:a8:72:e8
TLS 1.1 192.168.56.102:49241 96.7.251.224:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	4e:74:27:b2:2c:d7:8f:7a:a4:71:65:18:cf:6a:09:fb:74:a8:72:e8
TLS 1.1 192.168.56.102:49247 96.7.251.224:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	4e:74:27:b2:2c:d7:8f:7a:a4:71:65:18:cf:6a:09:fb:74:a8:72:e8
TLS 1.1 192.168.56.102:49246 96.7.251.224:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	4e:74:27:b2:2c:d7:8f:7a:a4:71:65:18:cf:6a:09:fb:74:a8:72:e8
TLS 1.1 192.168.56.102:49256 5.62.53.239:443	C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1	C=GB, L=London, O=Avast plc, CN=*.avast.com	34:92:a3:a3:65:65:33:d4:f1:e1:26:ed:59:64:32:ee:96:67:4b:6e
TLS 1.1 192.168.56.102:49264 5.62.40.201:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	C=GB, L=London, O=Avast plc, OU=certificates@avast.com, CN=*.avast.com	ff:ac:7e:c7:dd:bd:f0:a5:c2:b1:c0:f6:42:9e:68:49:f6:68:a8:cc
TLS 1.1 192.168.56.102:49321 77.234.46.23:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	C=GB, L=London, O=Avast plc, OU=certificates@avast.com, CN=*.avast.com	ff:ac:7e:c7:dd:bd:f0:a5:c2:b1:c0:f6:42:9e:68:49:f6:68:a8:cc
TLS 1.1 192.168.56.102:49809 5.62.38.16:443	C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1	C=GB, L=London, O=Avast plc, CN=*.avast.com	12:d8:7c:36:23:88:53:d4:88:42:1d:fc:43:cb:ec:09:b6:a9:2a:57

Queries for the computername (10 events)

Time & API	Arguments	Status	Return
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:14 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:15 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:15 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 27, 2021, 2:16 p.m.	computer_name: TEST22-PC	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 27, 2021, 2:21 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 6418 events)

Time & API	Arguments	Status
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1
__exception__ Oct. 27, 2021, 2:21 p.m.	stacktrace: CharNextA+0xfb DispatchMessageA-0xa5 user32+0x17b16 @ 0x74c47b16 GetMessageW+0xe5 KillTimer-0x14 user32+0x179c7 @ 0x74c479c7 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x74c4788a IsDialogMessageW+0x11e GetLastActivePopup-0x274 user32+0x3c81f @ 0x74c6c81f DialogBoxIndirectParamW+0x1f4 DialogBoxIndirectParamAorW-0x6d user32+0x3cde7 @ 0x74c6cde7 DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x74c6cf5c DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x74c6ce8a DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x74c6d009 gomaudiokorsetup_new+0x3e9a @ 0x403e9a exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x70662320 registers.esp: 1636992 registers.edi: 0 registers.eax: 1885741856 registers.ebp: 1637032 registers.edx: 0 registers.ebx: 0 registers.esi: 1885741856 registers.ecx: 15666536	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (5 events)

suspicious_features	POST method with no referer header	suspicious_request	POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
suspicious_features	POST method with no referer header	suspicious_request	POST http://www.google-analytics.com/collect
suspicious_features	POST method with no referer header	suspicious_request	POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
suspicious_features	POST method with no referer header	suspicious_request	POST https://shepherd.ff.avast.com/
suspicious_features	POST method with no referer header	suspicious_request	POST https://alpha-license-dealer.ff.avast.com/common/v1/device/unattendedtrial

Performs some HTTP requests (50 out of 59 events)

request	GET http://playinfo.gomlab.com/setup_v2/index.gom?setup=audio&name=GOMAUDIOKORSETUP_NEW&bit=32&lang=kor&version=2.2.27.0&checkdate=202104151505
request	GET http://playinfo.gomlab.com/setup_v2/bundle.gom?bundle=clipdown&resource=true&country=KR&setup=audio
request	GET http://playinfo.gomlab.com/setup_v2/bundle.gom?bundle=avast&resource=true&country=KR&setup=audio
request	GET http://ncube.gomtv.com/gom/Promotion.ini
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=zum_dirpage&prd=audio&type=check&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=zum_dirpage&prd=audio&type=view&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://img.gomlab.com/css/gomproduct/setup.css?20170228
request	GET http://img.gomlab.com/js/web/jquery-1.8.x.js?20170228
request	GET http://img.gomlab.com/img/gomproduct/setup/gomaudio_header.png
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=clipdown&prd=gomaudio&type=check&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://playinfo.gomlab.com/cms/bundle/log.gom?log=avast,KR,KR,175.208.134.150&mode=new&type=check
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=clipdown&prd=gomaudio&type=view&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://playinfo.gomlab.com/cms/bundle/log.gom?log=avast,KR,KR,175.208.134.150&mode=new&type=show
request	GET http://playinfo.gomlab.com/cms/bundle/log.gom?log=avast,KR,KR,175.208.134.150&mode=new&type=AcceptClicked
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=clipdown&prd=gomaudio&type=set&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://playinfo.gomlab.com/cms/bundle/log.gom?log=avast,KR,KR,175.208.134.150&mode=new&type=installed
request	POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
request	POST http://www.google-analytics.com/collect
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=zum_dirpage&prd=audio&type=set&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://estat-thirdparty.zum.com/at.gif?data=eyAiZXZlbnQiOiAiQENvbnNlbnQiLCAicHJvcGVydGllcyI6IHsgInNvZnR3YXJlIjogIkdvbUF1ZGlvIiwgImNoZWNrYm94Q2xpY2siOiAidHJ1ZSIsICJjaGVja1N0ZXAiOiAyLCAidGltZSI6IDE2MzUzNDkzNDAgfSB9&time=1635349340621
request	GET http://log.gomlab.com/audio/install?build=new_kor&fpb=&version=2.2.27.0&os=windows764bit&lang=kor&bit=32bit&guid=9604e1a277cf0c84fd663ec04db3d3fb&browser=ie
request	GET http://go.microsoft.com/fwlink/?linkid=2088631
request	GET http://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe
request	GET http://ana.gomtv.com/cgi-bin/prdpromo.cgi?promo=zum_finish&prd=audio&type=check&param=KOR,2.2.27.0&agent=GomAudio_Setup&ukey=7446
request	GET http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online_x64.exe
request	GET http://www.google-analytics.com/collect?aiid=mmm_gom_ppi_003_434_m&an=Free&av=21.8.6586&cd=stub-extended&cd3=Online&cid=f67aa09e-bd89-4ed5-8e92-1707c1a27e97&dt=Installation&t=screenview&tid=UA-58120669-3&v=1
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/servers.def.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/part-setup_ais-15020997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/instcont_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/instup_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-997.vpx
request	GET http://r6726306.iavs9x.u.avast.com/iavs9x/setgui_x64_ais-997.vpx
request	GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
request	GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
request	GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
request	GET http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
request	GET http://r3802239.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
request	GET http://r3802239.iavs9x.u.avast.com/iavs9x/part-prg_ais-15020997.vpx
request	GET http://g1928587.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx
request	GET http://g1928587.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-41.vpx
request	GET http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
request	GET http://g1928587.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-21102505.vpx
request	GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
request	GET http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
request	GET https://cdn2.gomlab.com/gretech/GOMSetupV2/ruledef.ini

Sends data using the HTTP POST Method (5 events)

request	POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
request	POST http://www.google-analytics.com/collect
request	POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
request	POST https://shepherd.ff.avast.com/
request	POST https://alpha-license-dealer.ff.avast.com/common/v1/device/unattendedtrial

Allocates read-write-execute memory (usually to unpack itself) (50 out of 266 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x730f2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e33000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ce0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08120000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08120000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08120000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08121000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08121000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08122000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08122000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08122000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08123000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08123000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08124000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08124000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08125000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08125000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08126000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08126000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08127000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08127000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08127000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08127000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08128000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08128000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08128000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08129000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08129000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08129000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0812f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x081d5000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (19 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 4213123 free_bytes_available: 1 root_path: C:\Program Files (x86)\GOM\GOMAudio total_number_of_bytes: 51740234064330753		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 4213123 free_bytes_available: 1 root_path: C:\Program Files (x86)\GOM\ total_number_of_bytes: 51740234064330753		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 10864807936 free_bytes_available: 10864807936 root_path: C:\Program Files (x86)\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 6231 free_bytes_available: 1972697604522469 root_path: C:\Program Files (x86)\GOM\GOMAudio total_number_of_bytes: 7022701025689601		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 6231 free_bytes_available: 1972697604522469 root_path: C:\Program Files (x86)\GOM\ total_number_of_bytes: 7022701025689601		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:21 p.m.	total_number_of_free_bytes: 10864807936 free_bytes_available: 10864807936 root_path: C:\Program Files (x86)\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 10836000768 free_bytes_available: 10836000768 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 10836000768 free_bytes_available: 10836000768 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 98825680 free_bytes_available: 0 root_path: D:\ total_number_of_bytes: 98821232		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 104615312 free_bytes_available: 3 root_path: D:\ total_number_of_bytes: 98821232		0
GetDiskFreeSpaceExW Oct. 27, 2021, 2:22 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10782552064 root_path: C:\Windows\Temp\asw.bf47894bd73193d0 total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10650763264 root_path: total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:22 p.m.	total_number_of_free_bytes: 10606804992 free_bytes_available: 10606804992 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10606800896 root_path: total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10606800896 root_path: total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:15 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10606800896 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:16 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10202341376 root_path: total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:16 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10202324992 root_path: total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW Oct. 27, 2021, 2:16 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 10202177536 root_path: C:\ total_number_of_bytes: 34252779520	1	1

Attempts to modify Internet Explorer's start page (1 event)

registry

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x006d1c20

size

0x000002cc

Creates executable files on the filesystem (50 out of 125 events)

file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1038\SetupResources.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bassalac.dll
file	C:\Program Files (x86)\GOM\GOMAudio\7za.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx452\netfx_Full_GDR_x64.msi
file	C:\Program Files (x86)\GOM\GOMAudio\Visualizer.exe
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx462\netfx_Full_x64.msi
file	C:\Users\Public\Desktop\곰오디오.lnk
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bassenc_opus.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\basswv.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\SetupUtility.exe
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1044\SetupResources.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\System.dll
file	C:\Windows\Temp\asw.60b8d26201f36095\uat_812.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1053\SetupResources.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bassflac.dll
file	C:\Windows\Temp\asw.60b8d26201f36095\uat_2040.dll
file	C:\Program Files (x86)\GOM\GOMAudio\MACSSDK.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\basscd.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1029\SetupResources.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\2070\SetupResources.dll
file	C:\Program Files (x86)\GOM\GOMAudio\gasconvert.exe
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx452\netfx_Full_GDR_x86.msi
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\2052\SetupResources.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\md5dll.dll
file	C:\Users\test22\AppData\Local\Temp\NSISPromotionEx.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx452\netfx_Full_LDR_x86.msi
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\basswma.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx451\netfx_Full_LDR_x64.msi
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1055\SetupResources.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bassenc_flac.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\INetC.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1040\SetupResources.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\SetupUi.dll
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bass_ape.dll
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM\곰오디오\프로그램 제거.lnk
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\netfx_Full_x64.msi
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx461\netfx_Full_x64.msi
file	C:\Program Files (x86)\GOM\GOMAudio\Goma.exe
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bassenc.dll
file	C:\Program Files (x86)\GOM\GOMAudio\Uninstall.exe
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1030\SetupResources.dll
file	C:\Windows\Temp\asw.60b8d26201f36095\Instup.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1046\SetupResources.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx452\netfx_Full_LDR_x64.msi
file	C:\Program Files (x86)\GOM\GOMAudio\plugins\bass\bass_fx.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\3082\SetupResources.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1049\SetupResources.dll
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM\곰오디오\곰오디오.lnk
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\1041\SetupResources.dll
file	C:\862a6ab14c8a0e6f9f6d1a24394d0a\NetFx45\netfx_Full_x64.msi

Creates hidden or system file (1 event)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Oct. 27, 2021, 2:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\ProgramData\GRETECH\GOMAudio\images filepath: C:\ProgramData\GRETECH\GomAudio\images	1	1	0

Creates a shortcut to an executable file (8 events)

file	C:\Users\test22\Links\Desktop.lnk
file	C:\Users\test22\Links\RecentPlaces.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\곰오디오.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM\곰오디오\곰오디오.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM\곰오디오\프로그램 제거.lnk
file	C:\Users\Public\Desktop\곰오디오.lnk
file	C:\Users\test22\Links\Downloads.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\곰오디오.lnk

Creates a suspicious process (2 events)

cmdline	"regsvr32" /s "C:\Program Files (x86)\Common Files\GOM & Company\VSUtil.dll"
cmdline	"regsvr32" /s "C:\Program Files (x86)\GOM\GOMAudio\MiniBand.dll"

Drops a binary and executes it (1 event)

file	C:\Windows\Temp\asw.60b8d26201f36095\Instup.exe

Drops an executable to the user AppData folder (18 events)

file	C:\Users\test22\AppData\Local\Temp\nsdA32E.tmp\DotNetChecker.dll
file	C:\Users\test22\AppData\Local\Temp\HwInfo.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\NSISTrigger.dll
file	C:\Users\test22\AppData\Local\Temp\nsdA32E.tmp\nsisdl.dll
file	C:\Users\test22\AppData\Local\Temp\NSISPromotionEx.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\nsn9624.tmp
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\nsb9EA1.tmp
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\nsDialogs.dll
file	C:\Users\test22\AppData\Local\Temp\dotnetfx.exe
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\LangDLL.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\INetC.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\advsplash.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\nsJSON.dll
file	C:\Users\test22\AppData\Local\Temp\atl110.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\md5dll.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\Dialer.dll
file	C:\Users\test22\AppData\Local\Temp\nsjC273.tmp\UserInfo.dll

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (48 events)

Time & API	Arguments	Status	Return
Process32FirstW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: [System Process] process_identifier: 0	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: System process_identifier: 4	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: smss.exe process_identifier: 228	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: csrss.exe process_identifier: 304	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: wininit.exe process_identifier: 352	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: csrss.exe process_identifier: 364	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: winlogon.exe process_identifier: 408	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: services.exe process_identifier: 444	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: lsass.exe process_identifier: 460	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: lsm.exe process_identifier: 468	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 572	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 640	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 712	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 780	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 816	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: audiodg.exe process_identifier: 892	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 984	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 368	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: spoolsv.exe process_identifier: 728	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 1052	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: taskhost.exe process_identifier: 1136	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: dwm.exe process_identifier: 1224	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 1360	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: IMEDICTUPDATE.EXE process_identifier: 1456	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 1904	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: SearchIndexer.exe process_identifier: 1100	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: sppsvc.exe process_identifier: 2484	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: WmiPrvSE.exe process_identifier: 2640	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: pw.exe process_identifier: 2916	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: tvnserver.exe process_identifier: 796	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: tvnserver.exe process_identifier: 2304	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: pw.exe process_identifier: 808	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: taskhost.exe process_identifier: 1068	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: SearchProtocolHost.exe process_identifier: 2208	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: SearchFilterHost.exe process_identifier: 2740	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: GOMAUDIOKORSETUP_NEW.EXE process_identifier: 2532	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: svchost.exe process_identifier: 2212	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: explorer.exe process_identifier: 1708	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: SearchProtocolHost.exe process_identifier: 1936	1	1
Process32NextW Oct. 27, 2021, 2:21 p.m.	snapshot_handle: 0x00000038 process_name: KillGom.exe process_identifier: 1572	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: nsn9624.tmp process_identifier: 1492	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: nsb9EA1.tmp process_identifier: 1488	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: explorer.exe process_identifier: 1028	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: dllhost.exe process_identifier: 2976	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: cmd.exe process_identifier: 2940	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: conhost.exe process_identifier: 1956	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: pw.exe process_identifier: 1000	1	1
Process32NextW Oct. 27, 2021, 2:15 p.m.	snapshot_handle: 0x00000000000000ec process_name: avast_free_antivirus_setup_online_x64.exe process_identifier: 3032	1	1

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Cylance	Unsafe
K7AntiVirus	Adware ( 005487401 )
K7GW	Adware ( 005487401 )
ESET-NOD32	a variant of Win32/GOMLab.A potentially unwanted
Sophos	Generic ML PUA (PUA)
Antiy-AVL	Trojan/Generic.ASMalwNS.6
Zoner	Probably Heur.ExeHeaderH

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 27, 2021, 2:21 p.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 16 (PAGE_EXECUTE) base_address: 0x08120000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 27, 2021, 2:15 p.m.	flags: 0 family: 0	1	0	0

An executable file was downloaded by the process gomaudiokorsetup_new.exe (2 events)

Time & API	Arguments	Status	Return	Repeated
InternetReadFile Oct. 27, 2021, 2:22 p.m.	buffer: MZÿÿ¸@Øº´ Í!¸LÍ!This program cannot be run in DOS mode. $±(éÐFÒéÐFÒéÐFÒßÒëÐFÒéÐGÒvÐFÒßÒæÐFÒ½óvÒãÐFÒ.Ö@ÒèÐFÒRichéÐFÒPEL)\àd\|2@ðå<@< P8@_ +.textbd `.rdata\h@@.dataU \|@À.ndataPÀ.rsrc8P@@Uìì\}t+}FEu H ôBHPÿuÿuÿuÿ@éBSV5ôBE¤WPÿuÿ@eôEEäPÿuÿ@}ðeð\@é¶FR¶VV¯UèÏ+Mè¯ÁÂM÷ÿ3Òð¶FQ¯Á¶NU¯MèÁÊ÷ÿ¶VT¯UèÈ¶FP¯EÂ÷ÿÁá¶ÀÈEôPMøÿd@EðEPEäPÿuÿ@ÿuÿÓEè9}èwÿÿÿ~Xÿteÿv4ÿT@ÀEtU}jWÇEäÇEèÿP@ÿvXWÿX@ÿu5L@WÿÖEEäh PjÿhìBWÿ@ÿuWÿÖÿuÿÓE¤Pÿuÿl@_^3À[ÉÂL$¡HôBÑSiÒVWTöÂtOq3ÿ;5LôBsBÎiÉDöÁtGëöÁt ÏOÉt ëöÁuÙ3Úã3ÙF;5LôBrÊ_^[ÂUìQQUSVòiöHôB3ÉóWMüMøF¨t9Mt$¾BF;LôBsDÂiÀ\|BöÁt jRè¥ÿÿÿöÁu(öÁ@tÿEüöÁtÿEüëÿEø;LôBÐr¼3À_^[ÉÂ}ütó}øtN@ëçNáÉNëÙL$¡HôBV3öù s495LôBv,PW¨u3ÿGÓçzütë$þFÂ;5LôBrÙ_^ÂUìì¡ôBeüSVW=LôBEøEø3Û9tK;ßsE5HôBÆöÂu(EÀt<tMü3À@âÓàNü#ÈÁMüÓâ;ÂuCÆ;ßrÆ;ßt ÿEüEø}ü rEü_^[ÉÂD$À}@¹CÁà +ÈQèKÂVt$ëjÆ PôBkÀÁ8t\Pè=ÿÿÿtUPè¸ÿÿÿÀu@FëHÎð+Á\|$t/ìëBjÿ5ÔëBh0uÿ5ìëBÿH@Phÿt$ÿ@ö}3À^Â¸ÿÿÿëõD$ ôBjÿtlèiÿÿÿÂh¨@ÿt$è<ÂUììÈ¡ôBSVuWjY}ÔEø3Ûó¥EØUÜðúÁæ ¹C]üÁç ñùMØ T¸@MÔÁþùAÎÿ$i)@SPè0<éKÿÌëB9]ø<SÿÈ@é0Pè°þÿÿHSPèÄþÿÿéSPèö;éSèÍøYUÄ3À@Pÿ@écÿuøÿL@éUÁà9]àu& ôBjàôBèYUÄMØ ôBé'àôB ôBéEà4 ôB3À;ËÀ#MäDØéÿ4 ôBVé ÐëB5x@;ËtRQÿÖEØ äëB;ËÃPQÿÖéºjðè'ÿuÜPÿø@À¡éajðè øWèDð;ótTj\VèCð:ÃEu9]àtè8@ÀtWè?ëWè @;Ãt=·uWÿü@¨uÿEüEF:Ãu¬9]Üt)jæèóýÿÿWhXCèeIWÿ´@À ÿEüéjõéäSèlPè>LéjÐèZjßðèQjøèHWVÿ@Àtjãé§9]à}VèþKÀoWVèËFjäéSè ðEPWhVÿ@Àt#E;Æv%8t!VèºK;ÃtÀ,Pÿuè§Hë ÇEü9]àJhWWÿ@é8jÿè¥MQVhSPSÿ@Àéªjïè~PVèDéUþÿÿj1èkðEØàVuøEè1BV¾¤@ÀtVèHëhXCVèHPè¡APèHVègJ¿¬@}\|1VèïJ3É;ÃtMäÀQPÿô@ÈEÀý #Á÷ØÀ@E9]uVèC3À}À@Ph@Vè9CøÿEôuv9]uShCWèGVhCè}Gÿuìh¨@èGWhCèeGEØÁøPh¨@èp>èSÿÿÿHtVjúé2üÿÿÿuøjâè]8}é=ýÿÿÿ¨ôBéâÿuøjêè?8ÿÔôBSSÿuôÿuàèÿ ÔôB}äÿøu}èÿtEäPEäSPÿuôÿ@ÿuôÿ@;ûÿþujéVèãFÿuøVèÔFëjîVèÐFh Véå Së4j1èÄÿuØPè¬=;Ã;Eàg;Eè-Eìé0jðèÿuÜPè&>éjè}PèbFé$jèIjEÀUÄè<YøEÀYj}ÈUÌEèGPEÐè)F9]ÄuE9]·MÈ;Ë}<;û¥;ø~øEÐÇPVèÜE9]}VèçEEy]E=r0éjj è×j1ðèÎ9]èPVuÿ@ÀuzEàéLÿ$@ëì3ÿGWè¤hVPEÿ`@Àt9]àtVÿuÿ$@Àu}üÿéùuìSèBjøUÄè6Y;óYUÄu;ø\|~ë;øsEäéÒxÿÿÿEèéÄjèøjUÄ}èõYUÄYÈEäø wsÿ$q@ùëk+ùëg¯Ïë;ËtDÇ÷ùøëUÏë#Ïë3ÏùëG3À;ûÀëå;ûuë3ÿë4;ûtø;Ëtô3ÿGë';Ët Ç÷ùúë3ÿÇEüëÓçëÓÿëÓïë}Wé*úÿÿjèjøèZPWVUÄÿt@Äéô Eà=X¸@;ÃtDH;û[?;Ãuñ;ûMÇ¾¤@WVè D¡X¸@ÀPWèûC¡X¸@VÀPéÁ;Ót%;û\GPVèÖCW£X¸@ÿ\@éz hj@ÿX@ÿuØðFPèÊC¡X¸@ request_handle: 0x00cc0010	1	1	0
InternetReadFile Oct. 27, 2021, 2:22 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $²ÐcÕö± ö± ö± B-üý± B-þ± B-ÿî± ¤Ù ä± ¤Ùã± SØ ô± ¤ÙÆ± ö±'± ÿÉç± ÿÉ÷± SØû± SØò÷± ö±ô± SØ÷± Richö± PEL7aà"p @°SC@ÁL®´ð°Hxà0p<@ ì\¬.textz `.rdata @@.data°À ´@À.didat<à¾@À.rsrc°ðÀ@@.reloc0Z@B¹¼ÍBè¦þhpBè÷YÃÌÌÌÌÌÌÌÌÌÌVjjjjÿô Bh%Bÿ!BÀt%h¸%BPÿè BðöthÎÿì"BÿÖÀu?hÔ%Bÿ!BhØ%Bÿ!BÀt%hì%BPÿè Bðötjh@jÎÿì"BÿÖj ÿü BÀuhëèH)ÄhÀÿ!Bè5g=shìè$)Äh~ÿ!Bè¿ïPÿ!BÌÌÌÌÌÌÌÌÌÌUìEVW}Æ·w$Æÿð BVjPÿ`!B£hÉBÀtu·O$SQÿw(PèSþ·O$Ä¡hÉB3ÒÑéhRfHÿð BPÿ`!BØÛt8j`Sÿ!Bðöt)þ`w$h%BsQÿ!Bu_(fG$ÀfG&[_^]ÂÌÌÌÌÌÌÌUìjÿuÿ"BÀtPÿ¤"BÀt°]Ã2À]ÃÌÌÌÌÌÌÌÌÌÌÌUìì ¡ÀB3ÅEüESVuW}Pà÷ÿÿÿ "BVPä÷ÿÿÿL BWü÷ÿÿWÀhPfô÷ÿÿè(è÷ÿÿPü÷ÿÿhT&BPè)½ø÷ÿÿÐô÷ÿÿÄ3Ûø÷ÿÿÊqfÁfÀuõ+Îì÷ÿÿµä÷ÿÿPÑùQRVÿP Bì÷ÿÿ;ø÷ÿÿLÃ½ð÷ÿÿØè÷ÿÿPhT&Bjø÷ÿÿè)ÐÄÒuVÿµà÷ÿÿÿP"BMü×_^Ã3Í[è¢ðå]ÃUììl¡ÀB3ÅEüES]¤ýÿÿVuW}½ôýÿÿèÿèt}-Ï;ÉBtFÛuþt=; ÉBtÛ®þ¥Wÿ¼"BjÿÈ"B_^3À[Mü3Íèðå]ÂWÿ¼"BjÿÈ"B_^3À[Mü3Íèëïå]Âÿ5ÉBÿ¼"Bÿ5ÉBÿ¼"Bÿ5ÉBÿ¼"Bÿ5ÉBÿ¼"Bÿ5 ÉBÿ¼"Bÿ5ÉBÿ¼"Bÿ5¨ÉBÿT Bÿ5¬ÉBÿT Bÿ5¤ÉBÿT Bÿ5ÉBÿ"BéàC3hð£ÉBüýÿÿjPÇøýÿÿôècÄøýÿÿjPhôj)ÿx"BEPÿ` BfnEóæÀ£¬ÉBòY&Bò,ÀEEPÿ` BfnEóæÀ£¨ÉBòY&Bò,ÀEEPÿ` B£¤ÉB'Pèñ$8'ØQÄýÿÿèÝ$V'èýÿÿQèË$Sÿ5¤ÉBäýÿÿWèØüÿÿÿµèýÿÿÈòÿ5¨ÉB¸0»P+ÆWÀÙ+ÂfÖýÿÿÑøÀÈýÿÿÐýÿÿÆWÌýÿÿèüÿÿ(&Bf~Áýÿÿ¼ýÿÿ4µÀýÿÿÿµäýÿÿýÿÿÿ5¬ÉBÂWìýÿÿèLüÿÿìýÿÿÀÁ´ýÿÿWÀ¸ýÿÿÄ0fÖÜýÿÿÊµÜýÿÿðýÿÿµØýÿÿØýÿÿÜýÿÿàýÿÿÊ;äýÿÿMÎÂñ;Ðuè¹è µðýÿÿ+ÂÑøjj0j0fnÀVóæÀjjdðýÿÿZ ÿ5ÉBòYx&Bò,ÀWÀÈfÖÜýÿÿ°ýÿÿÁÁ¨ýÿÿfÖÜýÿÿ¬ýÿÿÿ"Bjÿ5ÉB£ÉBjWj0j0jjhPjhX&BjÿÀ"Bÿ5ÉB£ÉBjhrPÿ\"BÐýÿÿÌýÿÿjÿ5ÉB+ÈjWQÈýÿÿéPQPjPhPÿµÄýÿÿhX&BjÿÀ"Bjÿ5¤ÉB£ÉBj0Pÿ\"Bìýÿÿýÿÿ+Âjÿ5ÉBjW¼ýÿÿPÀýÿÿ+ÁPRQhPÿµèýÿÿhX&BjÿÀ"B¸ýÿÿºjÿ5ÉB£ÉB+ñ´ýÿÿjWV+ÂPQRhPÿµäýÿÿhX&BjÿÀ"Bjÿ5¨ÉB£ÉBj0ÿ5ÉBÿ\"Bjÿ5¬ÉBj0ÿ5ÉBÿ\"Bhr'èø!hs'ðèì!+ðýÿÿÄø°ýÿÿèjÿ5ÉBjÿµôýÿÿSðýÿÿPSjhPVhh&BjÿÀ"Bµ¬ýÿÿ¨ýÿÿjÿ5ÉB£ÉBC jÿµôýÿÿ+ÃPÆ+ÁPSQhPWhh&BjÿÀ"Bjÿ5¬ÉB£ ÉBj0ÿ5ÉBÿ\"Bjÿ5¬ÉBj0ÿ5 ÉBÿ\"BjEìÆPjj0{0ÿx"BÀu_^¸[Mü3ÍèÚêå]ÂEô+Æuô+ÂÈEø+ÇÑùjWV+Â}ø½ôýÿÿÑøPQjWMìEðÿ¸"Bÿ5ÉBÿ´"B¤ýÿÿuSVÿuWÿ"BMü_^3Í[èoêå]ÂÌÌÌÌÌÌÌÌÌÌÌUììT¡ÀB3ÅEü·ESVWhL&B3ÛPS]¬]¼ÿX!BðötoVSÿ\!BVSEøÿd!BÀtXPÿh!BøÿtKÿuøjÿ!Bðöt:Vÿ\|!BÀt!ÿuøWPèäõÄVÿx!BE¼PjVÿÜ"B}¼ÿuVÿø B}¼ÿýjj]´]Àÿä"BÀ¢EÀPh<&Bjjh\|.Bÿà"BÀMÀjWQpÎÿì"BÿÖÀxhMÀ]ðp0EðPQÎÿì"BÿÖÀxJ}ðuDMÀ]¸p4E¸PjQÎÿì"BÿÖÀx$E´Pÿu¸h.Bè¼UE¸PqÎÿì"BÿÖMÀÉtQpÎÿì"BÿÖ]´ÛýÇE¬ÇEôÇEøpEøPEôÎPSÿì"BÿÖÀ¸MôÉEøÀ¢WÀÇEÄ(÷ØfEØjfEàfEèMÈEÌÇEÐ ÇEÔÇE°ÿ "BjðE°jPjEÄPVÿH BVjE¬ÿP"B}¬t;Eôÿu°Ê¯MøpQRjSÎÿì"BÿÖÀyÿu¬ÿT BÇE¬SpÎÿì"BÿÖWqÎÿì"BÿÖE¬_^[Mü3Íè¹çå]ÃMüÃ_^3Í[è¦çå]ÃÌÌÌÌUìjþhBhPAd request_handle: 0x00cc0010	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Oct. 27, 2021, 2:15 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Oct. 27, 2021, 2:16 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Potentially malicious URLs were found in the process memory dump (3 events)

url	http://ns.adobe.com/xap/1.0/mm/
url	http://ns.adobe.com/xap/1.0/sType/ResourceRef
url	http://ns.adobe.com/xap/1.0/

Yara rule detected in process memory (33 events)

description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	Take ScreenShot	rule	ScreenShot
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (19 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000035c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000009 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon		2
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000009 regkey: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon		2
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000009 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon		2
RegOpenKeyExW Oct. 27, 2021, 2:21 p.m.	regkey_r: Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000009 regkey: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11stIcon		2
RegOpenKeyExW Oct. 27, 2021, 2:15 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVDA base_handle: 0xffffffff80000002 key_handle: 0x0000000000000000 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVDA		2

Reads the systems User Agent and subsequently performs requests (1 event)

Time & API	Arguments	Status	Return	Repeated
InternetOpenW Oct. 27, 2021, 2:22 p.m.	proxy_name: proxy_bypass: flags: 0 user_agent: GOMAudioKorSETUP access_type: 0	1	13369352	0

Connects to an IRC server, possibly part of a botnet

Attempts to identify installed AV products by installation directory (9 events)

file	\\.\C:\ProgramData\Avast Software
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
file	C:\ProgramData\Avast Software\Avast\log
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Logs
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log.tmp.c7d6bcff-db2e-4441-a104-3c446abd8c52
file	C:\ProgramData\Avast Software\Avast\Ring\farewell.ini
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Reboot.txt
file	C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log.tmp.cc64e93d-3175-403c-824c-581857a31b70

Attempts to identify installed AV products by registry key (27 events)

registry	HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Antivirus
registry	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Antivirus
registry	HKEY_LOCAL_MACHINE\Software\AVG\Antivirus
registry	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\AV
registry	HKEY_LOCAL_MACHINE\SOFTWARE\AVG\AV
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\properties
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\LogFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\SetupLog
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\TempFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avast Software\SymbolicLinkValue
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\SymbolicLinkValue
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\DataFolder
registry	HKEY_LOCAL_MACHINE\Software\AVAST Software\Avast
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 27, 2021, 2:15 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Checks the CPU name from registry, possibly for anti-virtualization (1 event)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E9C898-E8F6-427F-83B8-4BB33415E10C}\InprocServer32\(Default)

reg_value

C:\Program Files (x86)\GOM\GOMAudio\MiniBand.dll

Attempts to modify browser security settings (2 events)

registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\GOMA.exe
registry	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EUPP_GLOBAL_FORCE_DISABLE\iexplore.exe

Queries information on disks, possibly for anti-virtualization (2 events)

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Oct. 27, 2021, 2:22 p.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x000000a0 filepath: \??\PhysicalDrive0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0	0
DeviceIoControl Oct. 27, 2021, 2:22 p.m.	input_buffer: control_code: 2954240 () device_handle: 0x000000a0 output_buffer: (§Lu~$ VBOX HARDDISK 1.0VBOX HARDDISK 1.0 42563265346333383963362d3532373632632066	1	1	0

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW Oct. 27, 2021, 2:14 p.m.	thread_identifier: 0 callback_function: 0x00000000fff3ae10 hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00000000ffe90000	1	524569	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob

Network activity contains more than one unique useragent (5 events)

process	GOMAUDIOKORSETUP_NEW.EXE	useragent	NSIS_Inetc (Mozilla)
process	GOMAUDIOKORSETUP_NEW.EXE	useragent	GOMAudioKorSETUP
process	GOMAUDIOKORSETUP_NEW.EXE	useragent	HttpGetFile
process	GOMAUDIOKORSETUP_NEW.EXE	useragent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MARKANYEPS#25118)
process	GOMAUDIOKORSETUP_NEW.EXE	useragent	GOMPLAYERSETUP

Resumed a suspended thread in a remote process potentially indicative of process injection (6 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1488 resumed a thread in remote process 3032
Process injection	Process 3032 resumed a thread in remote process 812
Process injection	Process 812 resumed a thread in remote process 2040
NtResumeThread Oct. 27, 2021, 2:22 p.m.	thread_handle: 0x00000180 suspend_count: 1 process_identifier: 3032	1	0	0
NtResumeThread Oct. 27, 2021, 2:15 p.m.	thread_handle: 0x0000000000000144 suspend_count: 1 process_identifier: 812	1	0	0
NtResumeThread Oct. 27, 2021, 2:16 p.m.	thread_handle: 0x00000000000005d4 suspend_count: 1 process_identifier: 2040	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 27, 2021, 2:22 p.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

GOMAUDIOKORSETUP_NEW.EXE

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All