How does avet evade sandbox detection during execution?

avet implements two primary sandbox evasion techniques. First, it uses `WinAPI fopen` to attempt opening `c:\windows\system.ini`; if the file cannot be opened (common in sandboxes), the program exits. Second, it uses `WinAPI gethostbyname` to resolve a specified hostname; if the call returns NULL (indicating no network isolation in many sandboxes), the program terminates. These checks help ensure the payload only executes in an expected real environment. For other sandbox detection methods, consider techniques like clearing RecentFileCache.bcf and Amcache.hve.