Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
t0R4HiIJp7.exe

Overview

General Information

Sample name:t0R4HiIJp7.exe
renamed because original name is a hash value
Original sample name:1C6EFBBCC3896BE536D965EC4489AB07.exe
Analysis ID:1446353
MD5:1c6efbbcc3896be536d965ec4489ab07
SHA1:d000ea237e58038009792cb2d824bf168c2e90f9
SHA256:097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3
Tags:exeRedLineStealer
Infos:

Detection

PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • t0R4HiIJp7.exe (PID: 5360 cmdline: "C:\Users\user\Desktop\t0R4HiIJp7.exe" MD5: 1C6EFBBCC3896BE536D965EC4489AB07)
    • MSBuild.exe (PID: 3448 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • conhost.exe (PID: 1120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
t0R4HiIJp7.exeINDICATOR_EXE_Packed_DotNetReactorDetects executables packed with unregistered version of .NET ReactorditekSHen
  • 0x2870ad:$s2: is protected by an unregistered version of .NET Reactor!" );</script>

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2045256712.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000000.00000002.2051747011.0000000005D00000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000000.00000002.2042763306.00000000047E4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          Process Memory Space: t0R4HiIJp7.exe PID: 5360JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.t0R4HiIJp7.exe.4151bf0.3.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
              0.2.t0R4HiIJp7.exe.4151bf0.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.t0R4HiIJp7.exe.4151bf0.3.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                • 0x4421f:$s1: file:///
                • 0x4417b:$s2: {11111-22222-10009-11112}
                • 0x441af:$s3: {11111-22222-50001-00000}
                • 0x41289:$s4: get_Module
                • 0x3b637:$s5: Reverse
                • 0x3c3b8:$s6: BlockCopy
                • 0x3b667:$s7: ReadByte
                • 0x44231:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                2.2.MSBuild.exe.400000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                  2.2.MSBuild.exe.400000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 5 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: t0R4HiIJp7.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: t0R4HiIJp7.exeReversingLabs: Detection: 63%
                    Source: t0R4HiIJp7.exeVirustotal: Detection: 67%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: t0R4HiIJp7.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12DE00 CryptGenRandom,__CxxThrowException@8,0_2_6E12DE00
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12DEE0 CryptReleaseContext,0_2_6E12DEE0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12DD20 CryptReleaseContext,0_2_6E12DD20
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6E12DBB0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12D9D0 CryptAcquireContextA,GetLastError,0_2_6E12D9D0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12D7D4 CryptReleaseContext,0_2_6E12D7D4
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E12D7F0 CryptReleaseContext,0_2_6E12D7F0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1535E0 CryptReleaseContext,0_2_6E1535E0
                    Source: t0R4HiIJp7.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: t0R4HiIJp7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/netstandard-Release/System.Text.Encodings.Web.pdb source: t0R4HiIJp7.exe
                    Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/netstandard-Release/System.Text.Encodings.Web.pdbSHA256 source: t0R4HiIJp7.exe
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: t0R4HiIJp7.exe, 00000000.00000002.2049882072.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004658000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004081000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                    Source: Binary string: c:\dd\Dev10\OffCycle\AspNet\Plan9\Main\src\System.Web.Helpers\obj\Release\System.Web.Helpers.pdbd source: t0R4HiIJp7.exe
                    Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: c:\dd\Dev10\OffCycle\AspNet\Plan9\Main\src\System.Web.Helpers\obj\Release\System.Web.Helpers.pdb source: t0R4HiIJp7.exe
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004715000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.000000000458A000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2049882072.000000000567A000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD630
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_02DFC655
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD628
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD740
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD73B
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_02DF6AFC
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD850
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD84B
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD958
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_02DFD960
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05BA62E0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05BA62DA
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then jmp 05BA5ECAh0_2_05BA5E18
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 4x nop then jmp 05BA5ECAh0_2_05BA5A59
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]2_2_04F30400
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]2_2_04F303F8
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $cq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\cq equals www.youtube.com (Youtube)
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\cq equals www.youtube.com (Youtube)
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,cq equals www.youtube.com (Youtube)
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `,cq#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/tokenO
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://localhost:8450/gcm/sendohttp://pushperfnotificationserver.cloudapp.net/gcm/sendYhttp://pushte
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushnotificationserver.cloudapp.net/adm/send/
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushnotificationserver.cloudapp.net/adm/token?http://localhost:8450/adm/token-ClientId
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushperfnotificationserver.cloudapp.net/adm/send/
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushperfnotificationserver.cloudapp.net/adm/token
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushstressnotificationserver.cloudapp.net/adm/send/
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushtestservice.cloudapp.net/adm/send/
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushtestservice.cloudapp.net/adm/tokenuhttp://pushstressnotificationserver.cloudapp.net/adm/t
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushtestservice4.cloudapp.net/adm/send/
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushtestservice4.cloudapp.net/adm/token
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://pushtestservice4.cloudapp.net/gcm/send
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0
                    Source: t0R4HiIJp7.exeString found in binary or memory: http://www.asp.net0
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://android.googleapis.com/gcm/send
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://api.amazon.com/auth/O2/token
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://api.amazon.com/messaging/registrations/
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.s
                    Source: MSBuild.exe, 00000002.00000002.2049131421.00000000029A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://channel.api.duapp.com/rest/2.0/channel/channel
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002A25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://login.live.com/accesstoken.srf
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://login.microsoftonline.com/
                    Source: t0R4HiIJp7.exeString found in binary or memory: https://servicebus.azure.net/.default3signatureValidityDuration
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002B29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_ea77e08c-8

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: t0R4HiIJp7.exe, type: SAMPLEMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 0.0.t0R4HiIJp7.exe.5b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, Strings.csLarge array initialization: Strings: array initializer size 6160
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0FB6B00_2_6E0FB6B0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E124EE00_2_6E124EE0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E14AC290_2_6E14AC29
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0F2D700_2_6E0F2D70
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E114AC00_2_6E114AC0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0D8B300_2_6E0D8B30
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E140B890_2_6E140B89
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1149700_2_6E114970
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0D66500_2_6E0D6650
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0DC7B00_2_6E0DC7B0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0DA7E00_2_6E0DA7E0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1145500_2_6E114550
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E14A54D0_2_6E14A54D
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1323100_2_6E132310
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1263B00_2_6E1263B0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0EA0C00_2_6E0EA0C0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E113E500_2_6E113E50
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E125EB90_2_6E125EB9
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E14BFF10_2_6E14BFF1
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E149FFC0_2_6E149FFC
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E113C900_2_6E113C90
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E131CA00_2_6E131CA0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E125DD00_2_6E125DD0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E145DD20_2_6E145DD2
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E149AAB0_2_6E149AAB
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1258300_2_6E125830
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1258D70_2_6E1258D7
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1258D50_2_6E1258D5
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E14B9640_2_6E14B964
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1134600_2_6E113460
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1252740_2_6E125274
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1132600_2_6E113260
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1250500_2_6E125050
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF8BCD0_2_02DF8BCD
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF2B780_2_02DF2B78
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF1C590_2_02DF1C59
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF5C300_2_02DF5C30
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF3D600_2_02DF3D60
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF16B80_2_02DF16B8
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DFB6780_2_02DFB678
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF2B690_2_02DF2B69
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF2B170_2_02DF2B17
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF98980_2_02DF9898
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF08B00_2_02DF08B0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF08A00_2_02DF08A0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF3D500_2_02DF3D50
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_054A26F80_2_054A26F8
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_054A0EB30_2_054A0EB3
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_054A09300_2_054A0930
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_054A26DC0_2_054A26DC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E664382_2_00E66438
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E661802_2_00E66180
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E661702_2_00E66170
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E664272_2_00E66427
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: SecurityJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: String function: 6E13D520 appears 31 times
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: String function: 6E1390D8 appears 51 times
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: String function: 6E139B35 appears 141 times
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2049882072.0000000005748000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004658000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2051686317.0000000005C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2049508440.00000000053E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2051747011.0000000005D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFairydom.exe" vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2039555012.0000000003011000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2042763306.00000000047E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000000.2028954882.0000000000A71000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Text.Encodings.Web.dllJ vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000000.2028954882.0000000000A71000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Web.Helpers.dllX vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000000.2028954882.0000000000A71000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepartnerappexclusive_guide3.exeX6 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFairydom.exe" vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exe, 00000000.00000002.2036479910.0000000000F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exeBinary or memory string: OriginalFilenameSystem.Text.Encodings.Web.dllJ vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exeBinary or memory string: OriginalFilenameSystem.Web.Helpers.dllX vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exeBinary or memory string: OriginalFilenamepartnerappexclusive_guide3.exeX6 vs t0R4HiIJp7.exe
                    Source: t0R4HiIJp7.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: t0R4HiIJp7.exe, type: SAMPLEMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 0.0.t0R4HiIJp7.exe.5b0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, PBE.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, Strings.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, A2H1lUZ15GsIooGy4G.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, A2H1lUZ15GsIooGy4G.csCryptographic APIs: 'CreateDecryptor'
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: *.sln
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
                    Source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@4/3@0/0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\t0R4HiIJp7.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1120:120:WilError_03
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
                    Source: t0R4HiIJp7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: t0R4HiIJp7.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: t0R4HiIJp7.exeReversingLabs: Detection: 63%
                    Source: t0R4HiIJp7.exeVirustotal: Detection: 67%
                    Source: t0R4HiIJp7.exeString found in binary or memory: ErrorCode: /Additional Information:
                    Source: t0R4HiIJp7.exeString found in binary or memory: AmqpClient3com.microsoft:tracking-id3com.microsoft:server-busy;com.microsoft:entity-disabledMcom.microsoft:no-matching-subscription3com.microsoft:entity-type?com.microsoft:message-not-foundGcom.microsoft:argument-out-of-range9com.microsoft:session-filterEcom.microsoft:batch-flush-interval?com.microsoft:message-lock-lostGcom.microsoft:entity-already-existsMcom.microsoft:session-cannot-be-locked=com.microsoft:locked-until-utcAcom.microsoft:client-side-filterCcom.microsoft:partition-not-owned?com.microsoft:publisher-revoked+com.microsoft:timeoutIcom.microsoft:address-already-in-useKcom.microsoft:message-receipts-filterCcom.microsoft:operation-cancelled3com.microsoft:dead-letterUcom.microsoft:transfer-destination-address?com.microsoft:session-lock-lost'com.microsoft:epoch9com.microsoft:argument-error;com.microsoft:store-lock-lost3com.microsoft:auth-failed;com.microsoft:relay-not-found
                    Source: t0R4HiIJp7.exeString found in binary or memory: A reply message was received without a valid RelatesTo header. This may have been caused by a missing RelatesTo header or a RelatesTo header with an invalid WS-Addressing Relationship type.
                    Source: unknownProcess created: C:\Users\user\Desktop\t0R4HiIJp7.exe "C:\Users\user\Desktop\t0R4HiIJp7.exe"
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: t0R4HiIJp7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: t0R4HiIJp7.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: t0R4HiIJp7.exeStatic file information: File size 5420032 > 1048576
                    Source: t0R4HiIJp7.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x505800
                    Source: t0R4HiIJp7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/netstandard-Release/System.Text.Encodings.Web.pdb source: t0R4HiIJp7.exe
                    Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/netstandard-Release/System.Text.Encodings.Web.pdbSHA256 source: t0R4HiIJp7.exe
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: t0R4HiIJp7.exe, 00000000.00000002.2049882072.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004658000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004081000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                    Source: Binary string: c:\dd\Dev10\OffCycle\AspNet\Plan9\Main\src\System.Web.Helpers\obj\Release\System.Web.Helpers.pdbd source: t0R4HiIJp7.exe
                    Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.2058373036.0000000003921000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: c:\dd\Dev10\OffCycle\AspNet\Plan9\Main\src\System.Web.Helpers\obj\Release\System.Web.Helpers.pdb source: t0R4HiIJp7.exe
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: t0R4HiIJp7.exe, 00000000.00000002.2042763306.0000000004715000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2042763306.000000000458A000.00000004.00000800.00020000.00000000.sdmp, t0R4HiIJp7.exe, 00000000.00000002.2049882072.000000000567A000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, A2H1lUZ15GsIooGy4G.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),hXXrhPLww5stjx9ytx4(typeof(Type).TypeHandle)})
                    Source: t0R4HiIJp7.exeStatic PE information: 0x9B699D56 [Fri Aug 16 03:00:38 2052 UTC]
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0EB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6E0EB6C0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13CC2B push ecx; ret 0_2_6E13CC3E
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13D565 push ecx; ret 0_2_6E13D578
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_02DF48E8 push eax; mov dword ptr [esp], ecx0_2_02DF48E9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E616E3 push edx; ret 2_2_00E616E4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E619A5 push edx; iretd 2_2_00E619A6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00E61E68 push edx; iretd 2_2_00E61E69
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, Form1.csHigh entropy of concatenated method names: 'Form1_Load', 'ReadLine', 'Dispose', 'InitializeComponent', 'KZOqAOCX6uflWLr3NIt', 'Fmhn3CCKiOUJMfCKGgX', 'VNmKNOCIfvbd3geGAYT', 'NHa8kiC7TmLI051UZ2w', 'oXv2TjCRwNeoLUGZPTn', 's3SLI0CsFL6j6xdOthS'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, AesGcm256.csHigh entropy of concatenated method names: 'Decrypt', 'Decrypt', 'TW301XD8rjkmE5mZPuy', 'Ivhep7D580n69AYxFwn', 'mOYUNvDuG2DsiHPYVfF', 'PxaCdNDUWhk3Aa4j3a1', 'Jb5KrtDAKMRvlO4mmWi'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, SystemInfoHelper.csHigh entropy of concatenated method names: '_003CCloseBrowser_003Eb__1', 'GX15FwG43o9t9VCdQkA', 'iBvAu3GJvitiP5IG3nQ', 'h1fXAmGMxie5JAqLr6b', 'ShowMessage', 'CloseBrowser', 'Add', 'GetProcessors', 'GetGraphicCards', 'GetBrowsers'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, FieldRootRoot.csHigh entropy of concatenated method names: 'Field1', 'LZ5ovCmBOnInxHq1wFZ', 'mbifV2m1XRlZv7ggFEs', 'dWJxHamnj97juprv04d', 'p0iDucmobRIlCm3NKU3', 'zEWPgsmygMSWeQIYNHB', 'zmrOFvmEPUPa4h42sNW', 'u8T1XTmhJhQHkrQ6Uw2'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, BerkeleyDB.csHigh entropy of concatenated method names: 'Extract', 'AsAWAGC4YTMTN5YXNyP', 'L4cYtWCJ6PGouZjpOye', 'LYIkTLCMYBW20PGYlq7', 'jRW4mVCH7VIQoYtBaOq', 'rqJW1bCz9NaECyLfesb', 'yUjHcKPSY5o7HcQ8VOW', 'oZiOjsPUvX2LIhrC578', 'wRo9OgCjvbchk5qE0rh', 'wybunPCwPEPGGJ5yxqg'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, TripleDes.csHigh entropy of concatenated method names: 'ComputeVoid', 'Compute', 'DecryptStringDesCbc', 'DecryptByteDesCbc', 'cilT0VDCA8FvG1dMvB9', 'ARS4TpDPQ4KSj1URfss', 'NWp9FaDDk2kBdypxGOH', 'DnxlN9DbMYyGt0lIgEZ', 'dfLd7aD6H3CXADGMHfA', 'hBRD1EDYROQpn7rByYO'
                    Source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, A2H1lUZ15GsIooGy4G.csHigh entropy of concatenated method names: 'XOrbQCcbp6OLBibt79H', 'FQgSYyc6LyFwapejJXW', 'LtQPyoxJn7', 'OeAEiXccYvuSllXZi9b', 'e8tNLKcp3msHI3pQbKw', 'Yf0Hadc2K1BDGL4QC7x', 'g38PJ8K3c0', 'AZCPHbxqQi', 'kjCPpoa2Hi', 'zssPO0JXVk'
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: t0R4HiIJp7.exe PID: 5360, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002A38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002A38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE@\CQ
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory allocated: 1440000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory allocated: 1440000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: E40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exe TID: 2668Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5372Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002A38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002A38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe@\cq
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeAPI call chain: ExitProcess graph end nodegraph_0-60918
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E13948B
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0EB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6E0EB6C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E13948B
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E13B144
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 456000Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46C000Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6A6008Jump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002B29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
                    Source: MSBuild.exe, 00000002.00000002.2049131421.0000000002B29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E1384B0 cpuid 0_2_6E1384B0
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeQueries volume information: C:\Users\user\Desktop\t0R4HiIJp7.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E13A25A GetSystemTimeAsFileTime,__aulldiv,0_2_6E13A25A
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2045256712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2051747011.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2042763306.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPE

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2045256712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2051747011.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2042763306.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.t0R4HiIJp7.exe.4151bf0.3.raw.unpack, type: UNPACKEDPE
                    Source: C:\Users\user\Desktop\t0R4HiIJp7.exeCode function: 0_2_6E0EA0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6E0EA0C0

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    DLL Side-Loading                    		312
                    Process Injection                    		1
                    Masquerading                    		11
                    Input Capture                    		1
                    System Time Discovery                    		Remote Services11
                    Input Capture                    		22
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		LSASS Memory111
                    Security Software Discovery                    		Remote Desktop Protocol11
                    Archive Collected Data                    		1
                    Application Layer Protocol                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                    Virtualization/Sandbox Evasion                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                    Process Injection                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                    Deobfuscate/Decode Files or Information                    		LSA Secrets23
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                    Obfuscated Files or Information                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Timestomp                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    DLL Side-Loading                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    t0R4HiIJp7.exe63%ReversingLabsByteCode-MSIL.Trojan.RedLine
                    t0R4HiIJp7.exe68%VirustotalBrowse
                    t0R4HiIJp7.exe100%AviraTR/AVI.Agent.othcu
                    t0R4HiIJp7.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary0%URL Reputationsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    https://login.microsoftonline.com/0%URL Reputationsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.00%Avira URL Cloudsafe
                    https://servicebus.azure.net/.default3signatureValidityDuration0%Avira URL Cloudsafe
                    https://api.amazon.com/messaging/registrations/0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn0%Avira URL Cloudsafe
                    https://api.amazon.com/messaging/registrations/0%VirustotalBrowse
                    https://servicebus.azure.net/.default3signatureValidityDuration0%VirustotalBrowse
                    http://www.asp.net00%Avira URL Cloudsafe
                    https://discord.com/api/v9/users/0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.00%VirustotalBrowse
                    http://169.254.169.254/metadata/identity/oauth2/tokenO0%Avira URL Cloudsafe
                    https://api.ip.s0%Avira URL Cloudsafe
                    https://channel.api.duapp.com/rest/2.0/channel/channel0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn0%VirustotalBrowse
                    http://schemas.datacontract.org/2004/07/System.ServiceModel0%Avira URL Cloudsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0%Avira URL Cloudsafe
                    https://api.amazon.com/auth/O2/token0%Avira URL Cloudsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0%VirustotalBrowse
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier0%VirustotalBrowse
                    https://channel.api.duapp.com/rest/2.0/channel/channel0%VirustotalBrowse
                    https://api.amazon.com/auth/O2/token0%VirustotalBrowse
                    http://169.254.169.254/metadata/identity/oauth2/tokenO0%VirustotalBrowse
                    https://discord.com/api/v9/users/0%VirustotalBrowse
                    http://schemas.datacontract.org/2004/07/System.ServiceModel0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalseunknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryt0R4HiIJp7.exefalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifiert0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ip.sb/ipMSBuild.exe, 00000002.00000002.2049131421.00000000029A5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.microsoftonline.com/t0R4HiIJp7.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0t0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://servicebus.azure.net/.default3signatureValidityDurationt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.amazon.com/messaging/registrations/t0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://discord.com/api/v9/users/MSBuild.exe, 00000002.00000002.2049131421.0000000002A25000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.asp.net0t0R4HiIJp7.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://169.254.169.254/metadata/identity/oauth2/tokenOt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ip.sMSBuild.exe, 00000002.00000002.2049131421.00000000029A5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://channel.api.duapp.com/rest/2.0/channel/channelt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdt0R4HiIJp7.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.datacontract.org/2004/07/System.ServiceModelt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdt0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.amazon.com/auth/O2/tokent0R4HiIJp7.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1446353
                    Start date and time:2024-05-23 10:36:08 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 15s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:t0R4HiIJp7.exe
                    renamed because original name is a hash value
                    Original Sample Name:1C6EFBBCC3896BE536D965EC4489AB07.exe
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@4/3@0/0
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 210
                    • Number of non-executed functions: 207
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 23.43.61.160, 40.127.169.103, 2.19.126.163, 2.19.126.139, 192.229.221.95, 20.166.126.56, 52.165.164.15
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:36:57API Interceptor1x Sleep call for process: t0R4HiIJp7.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    fp2e7a.wpc.phicdn.nethttp://zestardshop.com/shopifyapp/zestard_gift_wrap/public/js/giftwrap.jsGet hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    https://www.bagworkshop.com/Get hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    https://campaign-statistics.com/link_click/QHJe4o5YKl_QCAlR/438c93ee7495df2433a8df4557894908Get hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    https://projstrategy-my.sharepoint.com/:b:/g/personal/inanitsos_projectstrategy_com_au/EdJ_TOHUdtpGoAxO3QOSk_ABCbGj94fpbueRUNITIckAoA?e=4%3atnNEbw&at=9Get hashmaliciousHTMLPhisherBrowse
                    • 192.229.221.95
                    https://phlynetophlyclaims.cloud/XRyiqvGet hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    NTgo4SxmS3.exeGet hashmaliciousBlank Grabber, DCRatBrowse
                    • 192.229.221.95
                    http://fdfasfdfasfrec.pages.devGet hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    https://ess.barracudanetworks.com/log/attachment/1716424682-111317-12655-17925-1-f753bb225f4e71c9afb814b6ed27b402/email%20(002).mhtGet hashmaliciousHTMLPhisherBrowse
                    • 192.229.221.95
                    SecuriteInfo.com.Adware.Softcnapp.184.8522.30222.dllGet hashmaliciousUnknownBrowse
                    • 192.229.221.95
                    https://ipfs.io/ipfs/bafkreigaatqmy2dep6ftrscv6trkpbmzbh4xy3oaecv4mhhl3rwhrsdpxyGet hashmaliciousHTMLPhisherBrowse
                    • 192.229.221.95

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllfile.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                      file.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                        3108_FreeDownloadFiles.zipGet hashmaliciousPureLog Stealer, VidarBrowse
                          file.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            dehdsDiT1p.exeGet hashmaliciousLummaC, PureLog Stealer, Xmrig, zgRATBrowse
                              SecuriteInfo.com.Trojan.Siggen28.47309.32751.2518.exeGet hashmaliciousCryptOne, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, Stealc, VidarBrowse
                                file.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                  40UAEu1Kpt.exeGet hashmaliciousLummaC, CryptOne, GCleaner, Glupteba, Mars Stealer, PrivateLoader, PureLog StealerBrowse
                                    file.exeGet hashmaliciousPrivateLoader, PureLog Stealer, Vidar, zgRATBrowse
                                      xY4kNfupZh.exeGet hashmaliciousPureLog Stealer, zgRATBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MsBuild.exe.log

                                        Download File
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1119
                                        Entropy (8bit):5.345080863654519
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
                                        MD5:88593431AEF401417595E7A00FE86E5F
                                        SHA1:1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
                                        SHA-256:ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
                                        SHA-512:1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\t0R4HiIJp7.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\t0R4HiIJp7.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):522
                                        Entropy (8bit):5.358731107079437
                                        Encrypted:false
                                        SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                        MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                        SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                        SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                        SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\t0R4HiIJp7.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):760320
                                        Entropy (8bit):6.561572491684602
                                        Encrypted:false
                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                        MD5:544CD51A596619B78E9B54B70088307D
                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Joe Sandbox View:
                                        • Filename: file.exe, Detection: malicious, Browse
                                        • Filename: file.exe, Detection: malicious, Browse
                                        • Filename: 3108_FreeDownloadFiles.zip, Detection: malicious, Browse
                                        • Filename: file.exe, Detection: malicious, Browse
                                        • Filename: dehdsDiT1p.exe, Detection: malicious, Browse
                                        • Filename: SecuriteInfo.com.Trojan.Siggen28.47309.32751.2518.exe, Detection: malicious, Browse
                                        • Filename: file.exe, Detection: malicious, Browse
                                        • Filename: 40UAEu1Kpt.exe, Detection: malicious, Browse
                                        • Filename: file.exe, Detection: malicious, Browse
                                        • Filename: xY4kNfupZh.exe, Detection: malicious, Browse
                                        Reputation:moderate, very likely benign file
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.0377692925114586
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:t0R4HiIJp7.exe
                                        File size:5'420'032 bytes
                                        MD5:1c6efbbcc3896be536d965ec4489ab07
                                        SHA1:d000ea237e58038009792cb2d824bf168c2e90f9
                                        SHA256:097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3
                                        SHA512:4e7b58642eede654efe1b58fb07b354cb129bb893b18eb5ae653642bb0ba71ee1ac8410a22e362aaa6e6932c62872e4ae31ec3bc0ec7ea3dcabe2d217079d63e
                                        SSDEEP:49152:dUDOYQm0t7kEbyP/YehYD+nqBEhmvkg1rppN/geUUZBfriXyY7pMS14M:dGOYQF4OEcTVpaeFLMl
                                        TLSH:A2469D01F7E58912D15A2B33E5FA142043B7EC867712F70F32DB22691D937EE8C4A696
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V.i...............P..XP..Z.......wP.. ....P...@.. ........................S...........@................................

                                        File Icon

                                        Icon Hash:0373dbb373b188e3

                                        Static PE Info

                                        General

                                        Entrypoint:0x90771e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x9B699D56 [Fri Aug 16 03:00:38 2052 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5076d00x4b.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x5080000x256a4.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x52e0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x5057240x5058007383209a7b1d56d4484dfa4db2a40a04unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0x5080000x256a40x258005c5ec6bc9a39c7e1c863f00b24001c6bFalse0.6663606770833334data6.659245798915722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x52e0000xc0x2001e7e763dc003e41e7fa4334509382600False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0x5081c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.6941489361702128
                                        RT_ICON0x5086280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4521784232365145
                                        RT_ICON0x50abd00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.34036732520998464
                                        RT_ICON0x51b3f80x11c91PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9993548298535326
                                        RT_GROUP_ICON0x52d08c0x3edata0.8225806451612904
                                        RT_VERSION0x52d0cc0x3ecdata0.3655378486055777
                                        RT_MANIFEST0x52d4b80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 23, 2024 10:36:56.027861118 CEST49675443192.168.2.523.1.237.91
                                        May 23, 2024 10:36:56.043430090 CEST49674443192.168.2.523.1.237.91
                                        May 23, 2024 10:36:56.168428898 CEST49673443192.168.2.523.1.237.91
                                        May 23, 2024 10:37:05.637152910 CEST49675443192.168.2.523.1.237.91
                                        May 23, 2024 10:37:05.652759075 CEST49674443192.168.2.523.1.237.91
                                        May 23, 2024 10:37:05.777842999 CEST49673443192.168.2.523.1.237.91
                                        May 23, 2024 10:37:07.468108892 CEST4434970323.1.237.91192.168.2.5
                                        May 23, 2024 10:37:07.468236923 CEST49703443192.168.2.523.1.237.91

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        May 23, 2024 10:37:17.568769932 CEST1.1.1.1192.168.2.50x9695No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        May 23, 2024 10:37:17.568769932 CEST1.1.1.1192.168.2.50x9695No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                        May 23, 2024 10:37:31.236848116 CEST1.1.1.1192.168.2.50xc6e5No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        May 23, 2024 10:37:31.236848116 CEST1.1.1.1192.168.2.50xc6e5No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:04:36:57
                                        Start date:23/05/2024
                                        Path:C:\Users\user\Desktop\t0R4HiIJp7.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\t0R4HiIJp7.exe"
                                        Imagebase:0x5b0000
                                        File size:5'420'032 bytes
                                        MD5 hash:1C6EFBBCC3896BE536D965EC4489AB07
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2051747011.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2042763306.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2042763306.000000000413B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:04:36:58
                                        Start date:23/05/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                                        Imagebase:0x5a0000
                                        File size:262'432 bytes
                                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.2045256712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:04:36:58
                                        Start date:23/05/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff6d64d0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:8.3%
                                          Dynamic/Decrypted Code Coverage:9.1%
                                          Signature Coverage:8.6%
                                          Total number of Nodes:1331
                                          Total number of Limit Nodes:54
                                          execution_graph 60703 6e0fe2ce 60760 6e139bb5 60703->60760 60706 6e0fe2ee 60708 6e139bb5 77 API calls 60706->60708 60720 6e0fe343 60706->60720 60711 6e0fe327 60708->60711 60709 6e0fe3a6 60715 6e139bb5 77 API calls 60709->60715 60759 6e0fe564 ctype 60709->60759 60710 6e0fe360 60712 6e139bb5 77 API calls 60710->60712 60797 6e0feae0 60711->60797 60713 6e0fe367 60712->60713 60812 6e101910 78 API calls 2 library calls 60713->60812 60718 6e0fe400 60715->60718 60716 6e0fe76e 60722 6e139bb5 77 API calls 60718->60722 60720->60709 60720->60710 60721 6e0fe384 60813 6e101b20 11 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 60721->60813 60724 6e0fe428 60722->60724 60814 6e0e5050 60724->60814 60725 6e0fe399 60725->60709 60727 6e0fe442 60728 6e139bb5 77 API calls 60727->60728 60729 6e0fe449 60728->60729 60730 6e0e5050 77 API calls 60729->60730 60731 6e0fe463 60730->60731 60732 6e139bb5 77 API calls 60731->60732 60733 6e0fe46a 60732->60733 60734 6e0e5050 77 API calls 60733->60734 60735 6e0fe484 60734->60735 60736 6e139bb5 77 API calls 60735->60736 60737 6e0fe48b 60736->60737 60738 6e0e5050 77 API calls 60737->60738 60739 6e0fe4a5 60738->60739 60740 6e139bb5 77 API calls 60739->60740 60741 6e0fe4ac 60740->60741 60742 6e0e5050 77 API calls 60741->60742 60743 6e0fe4c6 60742->60743 60744 6e0fe4d3 60743->60744 60822 6e13919e 67 API calls 3 library calls 60743->60822 60746 6e139bb5 77 API calls 60744->60746 60747 6e0fe4e3 60746->60747 60748 6e0e5050 77 API calls 60747->60748 60749 6e0fe4fd 60748->60749 60750 6e139bb5 77 API calls 60749->60750 60751 6e0fe504 60750->60751 60752 6e0e5050 77 API calls 60751->60752 60753 6e0fe51e 60752->60753 60754 6e139bb5 77 API calls 60753->60754 60755 6e0fe525 60754->60755 60756 6e0e5050 77 API calls 60755->60756 60757 6e0fe53f 60756->60757 60823 6e0e16b0 60757->60823 60887 6e13948b 60759->60887 60763 6e139bbf 60760->60763 60762 6e0fe2d5 60762->60706 60772 6e101fd0 60762->60772 60763->60762 60765 6e139bdb std::exception::exception 60763->60765 60895 6e139d66 60763->60895 60912 6e13c86e DecodePointer 60763->60912 60771 6e139c19 60765->60771 60913 6e139af4 76 API calls __cinit 60765->60913 60767 6e139c23 60915 6e13ac75 RaiseException 60767->60915 60770 6e139c34 60914 6e1395c1 66 API calls std::exception::operator= 60771->60914 60773 6e139bb5 77 API calls 60772->60773 60774 6e102013 60773->60774 60775 6e102020 60774->60775 60776 6e1021f3 60774->60776 60924 6e106480 60775->60924 60958 6e139533 66 API calls std::exception::_Copy_str 60776->60958 60779 6e10220b 60959 6e13ac75 RaiseException 60779->60959 60780 6e10206c 60940 6e0d35f0 60780->60940 60782 6e102226 60784 6e10216e 60951 6e102300 60784->60951 60786 6e102194 60787 6e102300 77 API calls 60786->60787 60788 6e1021a0 60787->60788 60789 6e102300 77 API calls 60788->60789 60790 6e1021ad 60789->60790 60791 6e102300 77 API calls 60790->60791 60792 6e1021ba 60791->60792 60793 6e102300 77 API calls 60792->60793 60794 6e1021c6 60793->60794 60795 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 60794->60795 60796 6e1021ef 60795->60796 60796->60706 60798 6e139bb5 77 API calls 60797->60798 60799 6e0feb17 60798->60799 60800 6e0ff4c9 60799->60800 60801 6e0feb22 60799->60801 61012 6e139533 66 API calls std::exception::_Copy_str 60800->61012 61004 6e13a25a GetSystemTimeAsFileTime 60801->61004 60803 6e0ff4dc 61013 6e13ac75 RaiseException 60803->61013 60806 6e0ff4f1 60807 6e0feb5b 61006 6e139dfa 60807->61006 60812->60721 60813->60725 60815 6e0e505d 60814->60815 60816 6e0e5091 60814->60816 60815->60816 60818 6e0e5066 60815->60818 60820 6e0e509d 60816->60820 61042 6e0e5110 77 API calls std::_Xinvalid_argument 60816->61042 60817 6e0e507a 60817->60727 60818->60817 61041 6e0e5110 77 API calls std::_Xinvalid_argument 60818->61041 60820->60727 60822->60744 60824 6e139bb5 77 API calls 60823->60824 60825 6e0e1706 60824->60825 60826 6e0e1c39 60825->60826 60827 6e0e1711 60825->60827 61095 6e139533 66 API calls std::exception::_Copy_str 60826->61095 61043 6e0e2d70 60827->61043 60831 6e0e1c48 61096 6e13ac75 RaiseException 60831->61096 60833 6e0e2d70 77 API calls 60835 6e0e1788 60833->60835 60834 6e0e1c5d 60836 6e0e2d70 77 API calls 60835->60836 60837 6e0e17a9 60836->60837 60838 6e0e2d70 77 API calls 60837->60838 60839 6e0e17ca 60838->60839 60840 6e0e2d70 77 API calls 60839->60840 60841 6e0e17e6 60840->60841 60842 6e0e2d70 77 API calls 60841->60842 60843 6e0e182f 60842->60843 60844 6e0e2d70 77 API calls 60843->60844 60845 6e0e1878 60844->60845 60846 6e0e2d70 77 API calls 60845->60846 60847 6e0e18c6 60846->60847 60848 6e0e2d70 77 API calls 60847->60848 60849 6e0e18e7 60848->60849 60850 6e0e2d70 77 API calls 60849->60850 60851 6e0e1900 60850->60851 60852 6e0e2d70 77 API calls 60851->60852 60853 6e0e1946 60852->60853 60854 6e0e2d70 77 API calls 60853->60854 60855 6e0e198f 60854->60855 60856 6e0e2d70 77 API calls 60855->60856 60857 6e0e19d3 60856->60857 60858 6e0e2d70 77 API calls 60857->60858 60859 6e0e1a05 60858->60859 61051 6e0e3b30 60859->61051 60862 6e0e2d70 77 API calls 60863 6e0e1a21 60862->60863 60864 6e0e2d70 77 API calls 60863->60864 60865 6e0e1a82 60864->60865 61060 6e0e3bd0 60865->61060 60868 6e0e2d70 77 API calls 60869 6e0e1a9e 60868->60869 60870 6e0e2d70 77 API calls 60869->60870 60871 6e0e1aec 60870->60871 61069 6e0e2a80 60871->61069 60873 6e0e1b4c 60875 6e0e1b62 60873->60875 61092 6e13919e 67 API calls 3 library calls 60873->61092 60874 6e0e1b00 60874->60873 60876 6e0e1b58 60874->60876 60880 6e0e1b6d ctype 60874->60880 61091 6e0e2e60 77 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 60874->61091 61075 6e0e6850 60875->61075 61079 6e1042e0 60875->61079 61083 6e1030c0 60875->61083 61087 6e0e69e0 60875->61087 61093 6e139125 67 API calls 2 library calls 60876->61093 61094 6e0e3530 67 API calls 60880->61094 60882 6e0e1ba1 ctype 60882->60759 60888 6e139493 60887->60888 60889 6e139495 IsDebuggerPresent 60887->60889 60888->60716 61683 6e140036 60889->61683 60892 6e13ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 60893 6e13cea3 GetCurrentProcess TerminateProcess 60892->60893 60894 6e13ce9b __call_reportfault 60892->60894 60893->60716 60894->60893 60896 6e139de3 60895->60896 60904 6e139d74 60895->60904 60922 6e13c86e DecodePointer 60896->60922 60898 6e139de9 60923 6e13d7d8 66 API calls __getptd_noexit 60898->60923 60901 6e139da2 RtlAllocateHeap 60901->60904 60911 6e139ddb 60901->60911 60903 6e139d7f 60903->60904 60916 6e13d74e 66 API calls __NMSG_WRITE 60903->60916 60917 6e13d59f 66 API calls 6 library calls 60903->60917 60918 6e13d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 60903->60918 60904->60901 60904->60903 60905 6e139dcf 60904->60905 60909 6e139dcd 60904->60909 60919 6e13c86e DecodePointer 60904->60919 60920 6e13d7d8 66 API calls __getptd_noexit 60905->60920 60921 6e13d7d8 66 API calls __getptd_noexit 60909->60921 60911->60763 60912->60763 60913->60771 60914->60767 60915->60770 60916->60903 60917->60903 60919->60904 60920->60909 60921->60911 60922->60898 60923->60911 60925 6e10655d 60924->60925 60928 6e1064c8 60924->60928 60926 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 60925->60926 60927 6e10657d 60926->60927 60927->60780 60928->60925 60929 6e10651d 60928->60929 60960 6e0d2f40 77 API calls 60928->60960 60929->60925 60963 6e0d2f40 77 API calls 60929->60963 60932 6e1064f5 60961 6e106400 77 API calls std::tr1::_Xweak 60932->60961 60933 6e106535 60964 6e106400 77 API calls std::tr1::_Xweak 60933->60964 60936 6e10654e 60965 6e13ac75 RaiseException 60936->60965 60937 6e10650e 60962 6e13ac75 RaiseException 60937->60962 60966 6e126d40 60940->60966 60943 6e106480 77 API calls 60944 6e0d364c 60943->60944 60973 6e0d4b30 60944->60973 60946 6e0d36a7 60977 6e1086e0 60946->60977 60948 6e0d36bc 60949 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 60948->60949 60950 6e0d3701 60949->60950 60950->60784 60952 6e10231d 60951->60952 60953 6e1023aa 60952->60953 60954 6e139bb5 77 API calls 60952->60954 60953->60786 60956 6e102331 60954->60956 60955 6e102374 ctype 60955->60786 60956->60955 61003 6e102480 77 API calls 60956->61003 60958->60779 60959->60782 60960->60932 60961->60937 60962->60929 60963->60933 60964->60936 60965->60925 60967 6e106480 77 API calls 60966->60967 60968 6e126d7f 60967->60968 60985 6e108d80 60968->60985 60971 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 60972 6e0d3630 60971->60972 60972->60943 60974 6e0d4b65 60973->60974 60995 6e0d4fa0 60974->60995 60976 6e0d4b7f 60976->60946 60981 6e108728 60977->60981 60978 6e108765 60979 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 60978->60979 60980 6e10878a 60979->60980 60980->60948 60981->60978 61001 6e107cd0 77 API calls 3 library calls 60981->61001 60983 6e108756 61002 6e13ac75 RaiseException 60983->61002 60986 6e139d66 _malloc 66 API calls 60985->60986 60993 6e108d8f 60986->60993 60987 6e108dbb 60987->60971 60988 6e1391f6 70 API calls 60988->60993 60989 6e108dc1 std::exception::exception 60994 6e13ac75 RaiseException 60989->60994 60991 6e108df0 60992 6e139d66 _malloc 66 API calls 60992->60993 60993->60987 60993->60988 60993->60989 60993->60992 60994->60991 60996 6e139bb5 77 API calls 60995->60996 60997 6e0d4fcf 60996->60997 60999 6e0d4ff1 60997->60999 61000 6e0d5050 81 API calls _memcpy_s 60997->61000 60999->60976 61000->60999 61001->60983 61002->60978 61003->60953 61005 6e13a28a __aulldiv 61004->61005 61005->60807 61014 6e13eae6 61006->61014 61009 6e139e0c 61010 6e13eae6 __getptd 66 API calls 61009->61010 61011 6e0feb69 61010->61011 61011->60720 61012->60803 61013->60806 61019 6e13ea6d GetLastError 61014->61019 61016 6e13eaee 61017 6e0feb61 61016->61017 61034 6e13d4f6 66 API calls 3 library calls 61016->61034 61017->61009 61035 6e13e948 TlsGetValue 61019->61035 61022 6e13eada SetLastError 61022->61016 61023 6e13ea8c 61038 6e13cb28 66 API calls __calloc_crt 61023->61038 61025 6e13ea98 61025->61022 61026 6e13eaa0 DecodePointer 61025->61026 61027 6e13eab5 61026->61027 61028 6e13ead1 61027->61028 61029 6e13eab9 61027->61029 61040 6e139d2c 66 API calls 2 library calls 61028->61040 61039 6e13e9b9 66 API calls 4 library calls 61029->61039 61032 6e13eac1 GetCurrentThreadId 61032->61022 61033 6e13ead7 61033->61022 61036 6e13e978 61035->61036 61037 6e13e95d DecodePointer TlsSetValue 61035->61037 61036->61022 61036->61023 61037->61036 61038->61025 61039->61032 61040->61033 61041->60817 61042->60820 61044 6e0e2db8 61043->61044 61050 6e0e2e0d 61044->61050 61097 6e0d5a30 77 API calls 2 library calls 61044->61097 61046 6e0e2e02 61098 6e0e3cc0 67 API calls 61046->61098 61047 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61049 6e0e1746 61047->61049 61049->60833 61050->61047 61053 6e0e3b3d 61051->61053 61052 6e139bb5 77 API calls 61054 6e0e3b6f 61052->61054 61053->61052 61055 6e0e1a0c 61054->61055 61099 6e139533 66 API calls std::exception::_Copy_str 61054->61099 61055->60862 61057 6e0e3bae 61100 6e13ac75 RaiseException 61057->61100 61059 6e0e3bc3 61061 6e0e3bdd 61060->61061 61062 6e139bb5 77 API calls 61061->61062 61063 6e0e3c0f 61062->61063 61064 6e0e1a89 61063->61064 61101 6e139533 66 API calls std::exception::_Copy_str 61063->61101 61064->60868 61066 6e0e3c4e 61102 6e13ac75 RaiseException 61066->61102 61068 6e0e3c63 61070 6e0e2acd 61069->61070 61074 6e0e2ae6 61069->61074 61071 6e0e2adf 61070->61071 61103 6e1390d8 67 API calls 2 library calls 61070->61103 61104 6e0e31e0 77 API calls 2 library calls 61071->61104 61074->60874 61076 6e0e686e 61075->61076 61077 6e0e6890 61075->61077 61105 6e0e8bc0 61076->61105 61077->60880 61080 6e10431d 61079->61080 61081 6e1042fe 61079->61081 61080->60880 61509 6e0e62c0 61081->61509 61084 6e1030de 61083->61084 61085 6e1030f8 61083->61085 61536 6e0e5fa0 61084->61536 61085->60880 61088 6e0e69fe 61087->61088 61089 6e0e6a1f 61087->61089 61557 6e0e9110 61088->61557 61089->60880 61091->60874 61092->60876 61093->60875 61094->60882 61095->60831 61096->60834 61097->61046 61098->61050 61099->61057 61100->61059 61101->61066 61102->61068 61103->61071 61104->61074 61106 6e0e8bcc 61105->61106 61107 6e0e8bd5 EnterCriticalSection 61105->61107 61106->61077 61115 6e0fe030 61107->61115 61112 6e0e8c13 LeaveCriticalSection 61112->61077 61116 6e0fe05d 61115->61116 61117 6e0fe090 61115->61117 61118 6e0e8bec 61116->61118 61120 6e139bb5 77 API calls 61116->61120 61119 6e139bb5 77 API calls 61117->61119 61121 6e0eb6c0 GetModuleHandleW 61118->61121 61119->61118 61120->61118 61122 6e0eb72a GetProcAddress 61121->61122 61123 6e0eb717 LoadLibraryW 61121->61123 61124 6e0eb94c 61122->61124 61127 6e0eb73e 61122->61127 61123->61122 61123->61124 61125 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61124->61125 61126 6e0e8bfa 61125->61126 61126->61112 61134 6e0e8c40 61126->61134 61127->61124 61128 6e0eb85d 61127->61128 61148 6e13a116 80 API calls __mbstowcs_s_l 61128->61148 61130 6e0eb875 GetModuleHandleW 61130->61124 61131 6e0eb8aa GetProcAddress 61130->61131 61131->61124 61133 6e0eb8f2 61131->61133 61133->61124 61149 6e0ea350 VariantInit VariantInit VariantInit 61134->61149 61135 6e0e8c63 61136 6e0e8cf9 61135->61136 61159 6e0e8b10 EnterCriticalSection 61135->61159 61136->61112 61138 6e0e8c83 61139 6e0e8ce2 61138->61139 61140 6e0e8c9f 61138->61140 61168 6e0eb9a0 61138->61168 61139->61112 61176 6e0ebab0 61140->61176 61143 6e0e8cd3 61143->61139 61192 6e0e8ff0 69 API calls std::tr1::_Xweak 61143->61192 61148->61130 61152 6e0ea3b5 61149->61152 61150 6e0ea505 VariantClear VariantClear VariantClear 61151 6e0ea52a 61150->61151 61151->61135 61152->61150 61153 6e0ea3e0 VariantCopy 61152->61153 61154 6e0ea3ff VariantClear 61153->61154 61155 6e0ea3f9 61153->61155 61156 6e0ea413 61154->61156 61155->61154 61156->61150 61157 6e0ea549 VariantClear VariantClear VariantClear 61156->61157 61158 6e0ea57a 61157->61158 61158->61135 61160 6e0e8b4b 61159->61160 61162 6e139bb5 77 API calls 61160->61162 61167 6e0e8b53 LeaveCriticalSection 61160->61167 61163 6e0e8b64 61162->61163 61164 6e0e8b80 61163->61164 61193 6e0e7370 79 API calls 2 library calls 61163->61193 61194 6e0e96d0 77 API calls 61164->61194 61167->61138 61169 6e0eb9dc 61168->61169 61170 6e139bb5 77 API calls 61169->61170 61175 6e0eba7a 61169->61175 61171 6e0eba3a 61170->61171 61174 6e0eba6a 61171->61174 61239 6e0f5f00 77 API calls 2 library calls 61171->61239 61195 6e0f6fd0 61174->61195 61175->61140 61256 6e0fb580 61176->61256 61178 6e0ebaf3 61182 6e0e8cbd 61178->61182 61261 6e0eaf30 VariantInit VariantInit VariantInit 61178->61261 61180 6e0ebb0d 61181 6e139bb5 77 API calls 61180->61181 61180->61182 61181->61182 61182->61139 61183 6e0e8d60 EnterCriticalSection 61182->61183 61282 6e0e9750 61183->61282 61186 6e0e8e0a 61186->61143 61187 6e0e8d97 61187->61186 61188 6e0e8de5 61187->61188 61284 6e0ebdf7 61187->61284 61294 6e0e8e20 61188->61294 61190 6e0e8e02 61190->61143 61192->61139 61193->61164 61194->61167 61196 6e0f700a 61195->61196 61238 6e0f78c2 61195->61238 61196->61238 61240 6e0ed920 61196->61240 61197 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61198 6e0f8326 61197->61198 61198->61175 61200 6e0f78b5 61201 6e0ed920 3 API calls 61200->61201 61200->61238 61202 6e0f7920 61201->61202 61203 6e0ed920 3 API calls 61202->61203 61202->61238 61204 6e0f7986 61203->61204 61205 6e0f79df 61204->61205 61206 6e0ed920 3 API calls 61204->61206 61205->61238 61248 6e0ed9f0 61205->61248 61206->61205 61208 6e0f7a7b 61209 6e0ed9f0 3 API calls 61208->61209 61208->61238 61210 6e0f7acb 61209->61210 61211 6e0ed9f0 3 API calls 61210->61211 61210->61238 61212 6e0f7b19 61211->61212 61213 6e0ed9f0 3 API calls 61212->61213 61212->61238 61214 6e0f7b90 61213->61214 61215 6e0ed9f0 3 API calls 61214->61215 61214->61238 61216 6e0f7c0b 61215->61216 61217 6e0ed9f0 3 API calls 61216->61217 61216->61238 61218 6e0f7ca5 61217->61218 61219 6e0ed9f0 3 API calls 61218->61219 61218->61238 61220 6e0f7d3f 61219->61220 61221 6e0ed9f0 3 API calls 61220->61221 61220->61238 61222 6e0f7dbb 61221->61222 61223 6e0ed9f0 3 API calls 61222->61223 61222->61238 61224 6e0f7e44 61223->61224 61225 6e0ed9f0 3 API calls 61224->61225 61224->61238 61226 6e0f7eb5 61225->61226 61227 6e0ed9f0 3 API calls 61226->61227 61226->61238 61228 6e0f7f6e 61227->61228 61229 6e0ed9f0 3 API calls 61228->61229 61228->61238 61230 6e0f8081 61229->61230 61231 6e0ed9f0 3 API calls 61230->61231 61230->61238 61232 6e0f80ca 61231->61232 61233 6e0ed9f0 3 API calls 61232->61233 61232->61238 61234 6e0f80f9 61233->61234 61235 6e0ed9f0 3 API calls 61234->61235 61234->61238 61236 6e0f8175 61235->61236 61237 6e0ed9f0 3 API calls 61236->61237 61236->61238 61237->61238 61238->61197 61239->61174 61241 6e0ed936 61240->61241 61242 6e0ed944 SafeArrayCreateVector 61240->61242 61241->61242 61243 6e0ed95a 61242->61243 61244 6e0ed981 61242->61244 61243->61244 61245 6e0ed960 SafeArrayPutElement 61243->61245 61246 6e0ed9ce SafeArrayDestroy 61244->61246 61247 6e0ed9d5 61244->61247 61245->61243 61245->61244 61246->61247 61247->61200 61249 6e0eda03 61248->61249 61250 6e0eda11 SafeArrayCreateVector 61248->61250 61249->61250 61251 6e0eda27 SafeArrayPutElement 61250->61251 61255 6e0eda48 61250->61255 61252 6e0eda3d 61251->61252 61251->61255 61252->61251 61252->61255 61253 6e0eda9d SafeArrayDestroy 61254 6e0edaa4 61253->61254 61254->61208 61255->61253 61255->61254 61257 6e0fb5cb VariantInit VariantInit 61256->61257 61258 6e0fb5b5 61256->61258 61260 6e0fb5ee 61257->61260 61258->61178 61259 6e0fb675 VariantClear VariantClear 61259->61178 61260->61259 61265 6e0eaf97 61261->61265 61262 6e0eb22c VariantClear VariantClear VariantClear 61263 6e0eb254 61262->61263 61263->61180 61264 6e0eaffe VariantCopy 61266 6e0eb01d VariantClear 61264->61266 61267 6e0eb017 61264->61267 61265->61262 61265->61264 61280 6e0eb035 61266->61280 61267->61266 61268 6e139bb5 77 API calls 61269 6e0eb0ae 61268->61269 61281 6e13a136 66 API calls __mbstowcs_s_l 61269->61281 61271 6e0eb108 61272 6e0eb28d VariantClear VariantClear VariantClear 61271->61272 61273 6e0eb190 SafeArrayGetLBound SafeArrayGetUBound 61271->61273 61277 6e0eb1fd ctype 61271->61277 61274 6e0eb2ba 61272->61274 61275 6e0eb1bf SafeArrayAccessData 61273->61275 61276 6e0eb28b 61273->61276 61274->61180 61275->61276 61278 6e0eb1d3 _memmove 61275->61278 61276->61272 61277->61262 61279 6e0eb1eb SafeArrayUnaccessData 61278->61279 61279->61276 61279->61277 61280->61262 61280->61268 61281->61271 61283 6e0e8d88 LeaveCriticalSection 61282->61283 61283->61186 61283->61187 61285 6e0ebe01 61284->61285 61286 6e0ebe2c SafeArrayDestroy 61285->61286 61287 6e0ebe33 61285->61287 61286->61287 61289 6e0ebe6a IsBadReadPtr 61287->61289 61292 6e0ebe77 61287->61292 61293 6e0ebefd ctype 61287->61293 61288 6e0eaf30 92 API calls 61288->61293 61289->61292 61290 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61291 6e0ec00f 61290->61291 61291->61188 61292->61288 61293->61290 61295 6e0e8e39 61294->61295 61296 6e0e8e7c EnterCriticalSection 61295->61296 61298 6e0e8f7f ctype 61295->61298 61297 6e0e8e9e 61296->61297 61299 6e0e8eac LeaveCriticalSection 61297->61299 61298->61190 61299->61298 61300 6e0e8ebd 61299->61300 61301 6e139bb5 77 API calls 61300->61301 61302 6e0e8ec4 _memset 61301->61302 61304 6e0ec020 VariantInit VariantInit VariantInit VariantInit 61302->61304 61307 6e0ec098 61304->61307 61305 6e0ec307 VariantClear VariantClear VariantClear VariantClear 61306 6e0ec336 61305->61306 61306->61298 61307->61305 61312 6e0eb300 61307->61312 61310 6e0ec234 61310->61305 61311 6e0ec10c 61311->61305 61311->61310 61323 6e0fb6b0 VariantInit VariantInit 61311->61323 61321 6e0eb364 61312->61321 61313 6e0eb524 SafeArrayDestroy 61314 6e0eb52e 61313->61314 61315 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61314->61315 61316 6e0eb5a1 61315->61316 61316->61311 61317 6e0eb3e1 SafeArrayGetLBound SafeArrayGetUBound 61319 6e0eb4be 61317->61319 61317->61321 61318 6e0eb416 SafeArrayGetElement 61318->61321 61322 6e0eb3c8 61318->61322 61320 6e0eb5d8 VariantClear 61319->61320 61319->61322 61320->61322 61321->61317 61321->61318 61321->61319 61321->61322 61322->61313 61322->61314 61324 6e0fb75a 61323->61324 61325 6e0fbe96 VariantClear VariantClear 61324->61325 61327 6e0fb7b9 SafeArrayCreateVector 61324->61327 61326 6e0fbeb6 61325->61326 61330 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61326->61330 61328 6e0fb7ec SafeArrayPutElement VariantClear 61327->61328 61329 6e0fb7e4 61327->61329 61333 6e0fb80f 61328->61333 61360 6e0fb8fa 61328->61360 61329->61328 61331 6e0fbeef 61330->61331 61331->61310 61332 6e0fbe8f SafeArrayDestroy 61332->61325 61334 6e0fb913 61333->61334 61335 6e0fb871 61333->61335 61333->61360 61334->61360 61442 6e0edcd0 10 API calls 61334->61442 61335->61360 61440 6e0fdbc0 77 API calls 2 library calls 61335->61440 61338 6e0fb93f 61338->61360 61443 6e0edcd0 10 API calls 61338->61443 61339 6e0fb8d3 61441 6e0fc850 75 API calls std::tr1::_Xweak 61339->61441 61341 6e0fb962 61343 6e0fb8ef 61341->61343 61341->61360 61444 6e0edcd0 10 API calls 61341->61444 61345 6e0fba0b VariantClear 61343->61345 61343->61360 61346 6e0fba23 61345->61346 61345->61360 61347 6e139bb5 77 API calls 61346->61347 61346->61360 61348 6e0fbaa2 61347->61348 61382 6e0fbf00 VariantInit VariantInit VariantInit VariantInit 61348->61382 61351 6e0fbaeb 61353 6e0fbb09 61351->61353 61351->61360 61446 6e0f47d0 107 API calls 61351->61446 61353->61360 61399 6e0f49b0 VariantInit VariantInit VariantInit SafeArrayCreateVector 61353->61399 61356 6e0fbb2c 61356->61360 61411 6e0fcd20 VariantInit VariantInit VariantInit SafeArrayCreateVector 61356->61411 61358 6e0fbb49 61358->61360 61423 6e0f4170 VariantInit VariantInit SafeArrayCreateVector 61358->61423 61360->61325 61360->61332 61361 6e0fbb85 61361->61360 61363 6e0fbca2 61361->61363 61434 6e0ec4a0 VariantInit VariantCopy 61361->61434 61365 6e0ec4a0 2 API calls 61363->61365 61370 6e0fbd78 61363->61370 61364 6e0fbbdb VariantInit VariantInit SafeArrayCreateVector SafeArrayPutElement VariantClear 61436 6e0fdb10 SafeArrayCreateVector SafeArrayPutElement 61364->61436 61367 6e0fbcdd VariantInit VariantInit SafeArrayCreateVector SafeArrayPutElement VariantClear 61365->61367 61373 6e0fdb10 3 API calls 61367->61373 61370->61360 61375 6e139bb5 77 API calls 61370->61375 61374 6e0fbd5d VariantClear VariantClear 61373->61374 61374->61370 61376 6e0fbdf7 61375->61376 61377 6e0ec4a0 2 API calls 61376->61377 61378 6e0fbe10 61376->61378 61377->61378 61378->61360 61379 6e139bb5 77 API calls 61378->61379 61380 6e0fbe59 61379->61380 61380->61360 61381 6e0ec4a0 2 API calls 61380->61381 61381->61360 61383 6e0fbf6c 61382->61383 61447 6e0fc150 SafeArrayCreateVector 61383->61447 61386 6e0fc150 6 API calls 61387 6e0fbfdd 61386->61387 61398 6e0fc096 61387->61398 61457 6e0fdc40 61387->61457 61389 6e0fc10e VariantClear VariantClear VariantClear VariantClear 61390 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61389->61390 61391 6e0fbaca 61390->61391 61391->61351 61391->61360 61445 6e0f47d0 107 API calls 61391->61445 61393 6e0fc00c 61472 6e0f44c0 VariantInit VariantInit SafeArrayCreateVector 61393->61472 61395 6e0fc044 VariantInit VariantCopy 61396 6e0fc05e 61395->61396 61397 6e0fc07c VariantInit VariantCopy 61396->61397 61396->61398 61397->61398 61398->61389 61400 6e0f4a28 61399->61400 61401 6e0f4a30 SafeArrayPutElement VariantClear 61399->61401 61400->61401 61404 6e0f4a53 61401->61404 61410 6e0f4b52 61401->61410 61402 6e0f4b6c VariantClear VariantClear VariantClear 61402->61356 61403 6e0f4b65 SafeArrayDestroy 61403->61402 61404->61410 61486 6e0edb30 VariantInit SafeArrayCreateVector SafeArrayPutElement 61404->61486 61406 6e0f4b39 61406->61410 61490 6e0f56b0 61406->61490 61410->61402 61410->61403 61412 6e0fcd99 61411->61412 61413 6e0fcda1 SafeArrayPutElement VariantClear 61411->61413 61412->61413 61414 6e0fd292 61413->61414 61417 6e0fcdc6 61413->61417 61415 6e0fd2ab VariantClear VariantClear VariantClear 61414->61415 61416 6e0fd2a4 SafeArrayDestroy 61414->61416 61415->61358 61416->61415 61417->61414 61418 6e0edb30 5 API calls 61417->61418 61419 6e0fd279 61418->61419 61419->61414 61420 6e0f56b0 83 API calls 61419->61420 61421 6e0fd288 61420->61421 61422 6e0f6880 9 API calls 61421->61422 61422->61414 61424 6e0f41ec SafeArrayPutElement VariantClear 61423->61424 61425 6e0f41e4 61423->61425 61429 6e0f420f 61424->61429 61432 6e0f4460 61424->61432 61425->61424 61426 6e0f446c SafeArrayDestroy 61427 6e0f4473 VariantClear VariantClear 61426->61427 61428 6e0f4493 61427->61428 61428->61361 61430 6e0f4455 61429->61430 61429->61432 61508 6e13919e 67 API calls 3 library calls 61429->61508 61505 6e0fddb0 61430->61505 61432->61426 61432->61427 61435 6e0ec4b9 61434->61435 61435->61364 61437 6e0fdb4f 61436->61437 61438 6e0fbc60 VariantClear VariantClear 61437->61438 61439 6e0fdba1 SafeArrayDestroy 61437->61439 61438->61363 61439->61438 61440->61339 61441->61343 61442->61338 61443->61341 61444->61343 61445->61351 61446->61353 61448 6e0fc1d9 61447->61448 61449 6e0fc191 61447->61449 61451 6e0fc239 61448->61451 61454 6e0fc20c VariantCopy 61448->61454 61449->61448 61450 6e0fc1af SafeArrayPutElement VariantClear 61449->61450 61450->61449 61450->61451 61452 6e0fc23d SafeArrayDestroy 61451->61452 61453 6e0fbfb9 61451->61453 61452->61453 61453->61386 61453->61398 61455 6e0fc22b VariantClear 61454->61455 61456 6e0fc225 61454->61456 61455->61451 61456->61455 61458 6e0fdc4d 61457->61458 61459 6e139bb5 77 API calls 61458->61459 61460 6e0fdc85 61459->61460 61461 6e0fdc8c 61460->61461 61462 6e139533 std::exception::exception 66 API calls 61460->61462 61461->61393 61463 6e0fdcca 61462->61463 61464 6e13ac75 __CxxThrowException@8 RaiseException 61463->61464 61465 6e0fdcdf 61464->61465 61466 6e0fdd23 61465->61466 61467 6e139bb5 77 API calls 61465->61467 61466->61393 61468 6e0fdcf8 61467->61468 61468->61466 61469 6e139533 std::exception::exception 66 API calls 61468->61469 61470 6e0fdd0e 61469->61470 61471 6e13ac75 __CxxThrowException@8 RaiseException 61470->61471 61471->61466 61473 6e0f453a 61472->61473 61474 6e0f4542 SafeArrayPutElement VariantClear 61472->61474 61473->61474 61475 6e0f456a SafeArrayCreateVector SafeArrayPutElement 61474->61475 61484 6e0f476c 61474->61484 61478 6e0f459e SafeArrayPutElement 61475->61478 61475->61484 61476 6e0f477d VariantClear VariantClear 61479 6e0f479d 61476->61479 61477 6e0f4776 SafeArrayDestroy 61477->61476 61480 6e0f45bf SafeArrayPutElement 61478->61480 61478->61484 61479->61395 61479->61398 61482 6e0f45d8 61480->61482 61480->61484 61481 6e0f475f 61485 6e0fde60 95 API calls 61481->61485 61482->61481 61483 6e13919e std::tr1::_Xweak 67 API calls 61482->61483 61482->61484 61483->61481 61484->61476 61484->61477 61485->61484 61487 6e0edb8c 61486->61487 61488 6e0edbf7 VariantClear 61487->61488 61489 6e0edbf0 SafeArrayDestroy 61487->61489 61488->61406 61489->61488 61491 6e0f56e0 61490->61491 61493 6e0f56f4 61490->61493 61491->61493 61494 6e0f57c0 81 API calls 61491->61494 61492 6e0f57c0 81 API calls 61492->61493 61493->61492 61495 6e0f570d VariantInit VariantCopy 61493->61495 61496 6e0f4b48 61493->61496 61494->61493 61495->61493 61495->61496 61497 6e0f6880 VariantInit VariantInit 61496->61497 61498 6e1391e1 61497->61498 61499 6e0f68cd SafeArrayCreateVector SafeArrayPutElement VariantClear 61498->61499 61500 6e0f6913 SafeArrayPutElement 61499->61500 61503 6e0f692d 61499->61503 61500->61503 61501 6e0f6987 61504 6e0f6994 VariantClear VariantClear 61501->61504 61502 6e0f6980 SafeArrayDestroy 61502->61501 61503->61501 61503->61502 61504->61410 61506 6e0f66a0 107 API calls 61505->61506 61507 6e0fddd5 61506->61507 61507->61432 61508->61430 61510 6e139bb5 77 API calls 61509->61510 61511 6e0e632b 61510->61511 61512 6e139bb5 77 API calls 61511->61512 61513 6e0e6350 61512->61513 61514 6e0e5050 77 API calls 61513->61514 61515 6e0e636e 61514->61515 61516 6e139bb5 77 API calls 61515->61516 61517 6e0e6375 61516->61517 61518 6e0e5050 77 API calls 61517->61518 61519 6e0e6392 61518->61519 61520 6e139bb5 77 API calls 61519->61520 61521 6e0e6399 61520->61521 61522 6e0e5050 77 API calls 61521->61522 61523 6e0e63b3 61522->61523 61524 6e139bb5 77 API calls 61523->61524 61525 6e0e63c9 61524->61525 61526 6e0e6459 61525->61526 61527 6e0e63d4 61525->61527 61534 6e139533 66 API calls std::exception::_Copy_str 61526->61534 61529 6e0e16b0 327 API calls 61527->61529 61533 6e0e6402 ctype 61529->61533 61530 6e0e646b 61535 6e13ac75 RaiseException 61530->61535 61532 6e0e6482 61533->61080 61534->61530 61535->61532 61537 6e139bb5 77 API calls 61536->61537 61538 6e0e6003 61537->61538 61539 6e139bb5 77 API calls 61538->61539 61540 6e0e6028 61539->61540 61541 6e0e5050 77 API calls 61540->61541 61542 6e0e6042 61541->61542 61543 6e139bb5 77 API calls 61542->61543 61544 6e0e6049 61543->61544 61545 6e0e5050 77 API calls 61544->61545 61546 6e0e6067 61545->61546 61547 6e139bb5 77 API calls 61546->61547 61548 6e0e606e 61547->61548 61549 6e0e5050 77 API calls 61548->61549 61550 6e0e608b 61549->61550 61551 6e139bb5 77 API calls 61550->61551 61552 6e0e6092 61551->61552 61553 6e0e5050 77 API calls 61552->61553 61554 6e0e60ac 61553->61554 61555 6e0e16b0 327 API calls 61554->61555 61556 6e0e60de ctype 61555->61556 61556->61085 61558 6e0e912c EnterCriticalSection 61557->61558 61559 6e0e9121 61557->61559 61560 6e0e9150 61558->61560 61559->61089 61561 6e0e915b LeaveCriticalSection 61560->61561 61562 6e0e916a EnterCriticalSection 61561->61562 61567 6e0e923f 61561->61567 61563 6e0e9185 61562->61563 61564 6e0e9190 LeaveCriticalSection 61563->61564 61565 6e0e91a1 61564->61565 61564->61567 61573 6e0f6b10 61565->61573 61567->61089 61577 6e0f6b64 61573->61577 61574 6e0f6f19 InterlockedCompareExchange 61576 6e0e91f3 61574->61576 61576->61567 61644 6e0e9840 61576->61644 61577->61574 61659 6e102e20 61577->61659 61579 6e0f6f12 SafeArrayDestroy 61579->61574 61580 6e0f6bc2 61580->61574 61643 6e0f6edd 61580->61643 61663 6e1028c0 InterlockedCompareExchange 61580->61663 61582 6e0f6c6b 61582->61574 61583 6e0f6c7e SafeArrayGetLBound 61582->61583 61582->61643 61584 6e0f6c99 SafeArrayGetUBound 61583->61584 61583->61643 61585 6e0f6cb4 SafeArrayAccessData 61584->61585 61584->61643 61586 6e0f6cd5 61585->61586 61585->61643 61664 6e0f5760 67 API calls std::tr1::_Xweak 61586->61664 61588 6e0f6cf5 SafeArrayUnaccessData 61589 6e0f6d07 61588->61589 61588->61643 61589->61643 61665 6e0e1690 77 API calls 61589->61665 61591 6e0f6d2c 61592 6e139bb5 77 API calls 61591->61592 61593 6e0f6d3f 61592->61593 61594 6e0e5050 77 API calls 61593->61594 61595 6e0f6d59 61594->61595 61596 6e139bb5 77 API calls 61595->61596 61597 6e0f6d63 61596->61597 61598 6e0e5050 77 API calls 61597->61598 61599 6e0f6d7f 61598->61599 61600 6e139bb5 77 API calls 61599->61600 61601 6e0f6d86 61600->61601 61602 6e0e5050 77 API calls 61601->61602 61603 6e0f6da0 61602->61603 61666 6e0e50c0 77 API calls 61603->61666 61605 6e0f6dab 61606 6e139bb5 77 API calls 61605->61606 61607 6e0f6db2 61606->61607 61608 6e0e5050 77 API calls 61607->61608 61609 6e0f6dcf 61608->61609 61667 6e0e50c0 77 API calls 61609->61667 61611 6e0f6dda 61612 6e139bb5 77 API calls 61611->61612 61613 6e0f6de7 61612->61613 61614 6e0e5050 77 API calls 61613->61614 61615 6e0f6e01 61614->61615 61668 6e0e50c0 77 API calls 61615->61668 61617 6e0f6e0c 61618 6e139bb5 77 API calls 61617->61618 61619 6e0f6e19 61618->61619 61620 6e0e5050 77 API calls 61619->61620 61621 6e0f6e33 61620->61621 61622 6e139bb5 77 API calls 61621->61622 61623 6e0f6e3a 61622->61623 61624 6e0e5050 77 API calls 61623->61624 61625 6e0f6e58 61624->61625 61626 6e139bb5 77 API calls 61625->61626 61627 6e0f6e5f 61626->61627 61628 6e0e5050 77 API calls 61627->61628 61629 6e0f6e79 61628->61629 61669 6e0e50c0 77 API calls 61629->61669 61631 6e0f6e84 61670 6e0e50c0 77 API calls 61631->61670 61633 6e0f6e8f 61634 6e139bb5 77 API calls 61633->61634 61635 6e0f6e9b 61634->61635 61636 6e0e5050 77 API calls 61635->61636 61637 6e0f6eb5 61636->61637 61671 6e0e50c0 77 API calls 61637->61671 61639 6e0f6ec0 61672 6e0e50c0 77 API calls 61639->61672 61641 6e0f6ecb 61673 6e0e2a40 327 API calls 61641->61673 61643->61574 61643->61579 61645 6e139bb5 77 API calls 61644->61645 61646 6e0e9865 61645->61646 61647 6e0e9227 61646->61647 61674 6e139533 66 API calls std::exception::_Copy_str 61646->61674 61652 6e0e7140 61647->61652 61649 6e0e98ab 61675 6e13ac75 RaiseException 61649->61675 61651 6e0e98c0 61676 6e102820 61652->61676 61654 6e0e71d7 61655 6e0e71f8 61654->61655 61682 6e139d2c 66 API calls 2 library calls 61654->61682 61655->61089 61656 6e0e719c 61656->61654 61681 6e13919e 67 API calls 3 library calls 61656->61681 61660 6e102e67 61659->61660 61661 6e102e7b 61659->61661 61660->61661 61662 6e102e9f InterlockedCompareExchange 61660->61662 61661->61580 61662->61580 61663->61582 61664->61588 61665->61591 61666->61605 61667->61611 61668->61617 61669->61631 61670->61633 61671->61639 61672->61641 61673->61643 61674->61649 61675->61651 61677 6e102845 61676->61677 61678 6e1028af 61677->61678 61679 6e139d66 _malloc 66 API calls 61677->61679 61678->61656 61680 6e102876 61679->61680 61680->61656 61681->61654 61682->61655 61683->60892 61684 6e13a510 61687 6e13fe93 61684->61687 61686 6e13a515 61688 6e13fec5 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 61687->61688 61689 6e13feb8 61687->61689 61691 6e13ff04 61688->61691 61689->61688 61690 6e13febc 61689->61690 61690->61686 61691->61690 61692 2dfc2f8 61694 2dfc342 LoadLibraryW 61692->61694 61695 2dfc3a4 61694->61695 61762 6e0f9357 61763 6e0f9368 61762->61763 61899 6e0f69c0 61763->61899 61765 6e0fae68 61767 6e0fae7b 61765->61767 61768 6e0fae72 SafeArrayDestroy 61765->61768 61766 6e0fae62 SafeArrayDestroy 61766->61765 61770 6e0fae8e 61767->61770 61771 6e0fae85 SafeArrayDestroy 61767->61771 61768->61767 61769 6e0f93ac 61772 6e0f69c0 11 API calls 61769->61772 61820 6e0f8739 61769->61820 61773 6e0fae98 SafeArrayDestroy 61770->61773 61774 6e0faea1 61770->61774 61771->61770 61781 6e0f943a 61772->61781 61773->61774 61775 6e0faeab SafeArrayDestroy 61774->61775 61776 6e0faeb4 61774->61776 61775->61776 61777 6e0faebe SafeArrayDestroy 61776->61777 61778 6e0faec7 61776->61778 61777->61778 61779 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61778->61779 61780 6e0faef5 61779->61780 61782 6e0f94b1 SafeArrayGetLBound SafeArrayGetUBound 61781->61782 61781->61820 61783 6e0f9658 61782->61783 61789 6e0f94ef 61782->61789 61784 6e0ed920 3 API calls 61783->61784 61790 6e0f968f 61784->61790 61785 6e0f94fd SafeArrayGetElement 61785->61789 61785->61820 61786 6e0f840e 61786->61820 61947 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61786->61947 61788 6e0f8441 61791 6e0f84af SafeArrayGetLBound SafeArrayGetUBound 61788->61791 61788->61820 61789->61783 61789->61785 61789->61786 61789->61820 61798 6e0f9794 SafeArrayGetLBound SafeArrayGetUBound 61790->61798 61790->61820 61792 6e0f84ed SafeArrayGetElement 61791->61792 61793 6e0f8616 61791->61793 61806 6e0f8518 61792->61806 61792->61820 61948 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61793->61948 61795 6e0f862b 61795->61820 61949 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61795->61949 61797 6e0f864b 61797->61820 61950 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61797->61950 61809 6e0f9c5e 61798->61809 61821 6e0f97d2 61798->61821 61800 6e0f3a90 8 API calls 61800->61806 61801 6e0f866b 61801->61820 61951 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61801->61951 61802 6e0f97e3 SafeArrayGetElement 61802->61820 61802->61821 61804 6e0ed920 3 API calls 61812 6e0f9cf8 61804->61812 61805 6e0f868a 61805->61820 61952 6e0edfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 61805->61952 61806->61792 61806->61793 61806->61800 61808 6e0f86aa 61810 6e0f69c0 11 API calls 61808->61810 61808->61820 61809->61804 61811 6e0f86cf 61810->61811 61813 6e0f69c0 11 API calls 61811->61813 61811->61820 61814 6e0f9d4f SafeArrayGetLBound SafeArrayGetUBound 61812->61814 61812->61820 61815 6e0f86f5 61813->61815 61816 6e0f9ec7 61814->61816 61822 6e0f9d8d 61814->61822 61819 6e0f69c0 11 API calls 61815->61819 61815->61820 61818 6e0ed920 3 API calls 61816->61818 61817 6e0f9da0 SafeArrayGetElement 61817->61820 61817->61822 61823 6e0f9f09 61818->61823 61819->61820 61820->61765 61820->61766 61821->61786 61821->61802 61821->61809 61829 6e0f3a90 8 API calls 61821->61829 61822->61816 61822->61817 61825 6e0f3a90 8 API calls 61822->61825 61823->61820 61824 6e0ed920 3 API calls 61823->61824 61826 6e0f9f8b 61824->61826 61825->61822 61826->61820 61827 6e0ed920 3 API calls 61826->61827 61828 6e0fa01f 61827->61828 61828->61820 61830 6e0ed920 3 API calls 61828->61830 61829->61821 61831 6e0fa09b 61830->61831 61831->61820 61832 6e0fa1ac SafeArrayGetLBound SafeArrayGetUBound 61831->61832 61833 6e0fa7b3 61832->61833 61847 6e0fa1ea 61832->61847 61834 6e0ed920 3 API calls 61833->61834 61835 6e0fa7ce 61834->61835 61835->61820 61837 6e0ed920 3 API calls 61835->61837 61836 6e0fa1fd SafeArrayGetElement 61838 6e0fa815 61836->61838 61836->61847 61837->61838 61838->61820 61906 6e0f64d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 61838->61906 61840 6e0fa91d 61840->61820 61841 6e0f64d0 109 API calls 61840->61841 61842 6e0fa950 61841->61842 61842->61820 61843 6e0f64d0 109 API calls 61842->61843 61844 6e0fa983 61843->61844 61844->61820 61845 6e0f64d0 109 API calls 61844->61845 61846 6e0fa9b6 61845->61846 61846->61820 61848 6e0f64d0 109 API calls 61846->61848 61847->61833 61847->61836 61851 6e0f3a90 8 API calls 61847->61851 61849 6e0fa9e9 61848->61849 61849->61820 61850 6e0f64d0 109 API calls 61849->61850 61852 6e0faa1c 61850->61852 61851->61847 61852->61820 61853 6e0f64d0 109 API calls 61852->61853 61854 6e0faa4f 61853->61854 61854->61820 61855 6e0f64d0 109 API calls 61854->61855 61856 6e0faa82 61855->61856 61856->61820 61857 6e0f64d0 109 API calls 61856->61857 61858 6e0faab5 61857->61858 61858->61820 61859 6e0f64d0 109 API calls 61858->61859 61860 6e0faae8 61859->61860 61860->61820 61861 6e0f64d0 109 API calls 61860->61861 61862 6e0fab1e 61861->61862 61862->61820 61863 6e0fabd0 61862->61863 61866 6e0fac5a 61862->61866 61920 6e0f2970 61863->61920 61953 6e0fd790 77 API calls 3 library calls 61866->61953 61869 6e0fac37 61869->61820 61954 6e0e1690 77 API calls 61869->61954 61871 6e0fad36 61955 6e0e50c0 77 API calls 61871->61955 61873 6e0fad4d 61874 6e139bb5 77 API calls 61873->61874 61875 6e0fad5d 61874->61875 61876 6e0e5050 77 API calls 61875->61876 61877 6e0fad77 61876->61877 61956 6e0e50c0 77 API calls 61877->61956 61879 6e0fad82 61880 6e139bb5 77 API calls 61879->61880 61881 6e0fad89 61880->61881 61882 6e0e5050 77 API calls 61881->61882 61883 6e0fada7 61882->61883 61884 6e139bb5 77 API calls 61883->61884 61885 6e0fadae 61884->61885 61886 6e0e5050 77 API calls 61885->61886 61887 6e0fadcc 61886->61887 61957 6e0e50c0 77 API calls 61887->61957 61889 6e0fadd7 61890 6e139bb5 77 API calls 61889->61890 61891 6e0fade1 61890->61891 61892 6e0e5050 77 API calls 61891->61892 61893 6e0fadfb 61892->61893 61958 6e0e50c0 77 API calls 61893->61958 61895 6e0fae06 61959 6e0e50c0 77 API calls 61895->61959 61897 6e0fae11 61960 6e0e2a40 327 API calls 61897->61960 61900 6e0f69f3 61899->61900 61901 6e0f6a01 SafeArrayGetLBound SafeArrayGetUBound 61899->61901 61900->61901 61903 6e0f6a2a 61901->61903 61905 6e0f6a92 61901->61905 61902 6e0f6a30 SafeArrayGetElement 61902->61903 61902->61905 61903->61902 61903->61905 61961 6e0f3990 8 API calls 61903->61961 61905->61769 61907 6e0f655c SafeArrayPutElement VariantClear 61906->61907 61908 6e0f6554 61906->61908 61909 6e0f6584 SafeArrayPutElement VariantClear 61907->61909 61919 6e0f6655 61907->61919 61908->61907 61913 6e0f65cd 61909->61913 61909->61919 61911 6e0f666c VariantClear VariantClear VariantClear 61911->61840 61912 6e0f6665 SafeArrayDestroy 61912->61911 61914 6e0edb30 5 API calls 61913->61914 61913->61919 61915 6e0f663a 61914->61915 61916 6e0f56b0 83 API calls 61915->61916 61915->61919 61917 6e0f664a 61916->61917 61918 6e0f6880 9 API calls 61917->61918 61918->61919 61919->61911 61919->61912 61932 6e0f29c3 61920->61932 61921 6e0f29ee SafeArrayGetLBound SafeArrayGetUBound 61924 6e0f2a20 SafeArrayGetElement 61921->61924 61928 6e0f2c53 61921->61928 61922 6e0f2d21 61922->61820 61934 6e0fd2e0 61922->61934 61923 6e0f2d1a SafeArrayDestroy 61923->61922 61924->61928 61924->61932 61925 6e0f2ab6 VariantInit 61925->61932 61926 6e0f2c8b VariantClear VariantClear 61926->61928 61927 6e0f2b3a VariantInit 61927->61932 61928->61922 61928->61923 61929 6e0f2d3a VariantClear VariantClear VariantClear 61929->61928 61930 6e0f2bf9 VariantClear VariantClear VariantClear 61930->61932 61931 6e0f2cb6 VariantClear VariantClear VariantClear 61931->61928 61932->61921 61932->61922 61932->61924 61932->61925 61932->61926 61932->61927 61932->61928 61932->61929 61932->61930 61932->61931 61935 6e139bb5 77 API calls 61934->61935 61936 6e0fd32f 61935->61936 61937 6e0fd33e 61936->61937 61938 6e0fd3db 61936->61938 61962 6e0fc530 VariantInit VariantInit SafeArrayCreateVector 61937->61962 61973 6e139533 66 API calls std::exception::_Copy_str 61938->61973 61940 6e0fd3ed 61974 6e13ac75 RaiseException 61940->61974 61942 6e0fd404 61945 6e13948b __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 61946 6e0fd3d5 61945->61946 61946->61869 61947->61788 61948->61795 61949->61797 61950->61801 61951->61805 61952->61808 61953->61869 61954->61871 61955->61873 61956->61879 61957->61889 61958->61895 61959->61897 61960->61820 61961->61903 61963 6e0fc5ac SafeArrayPutElement VariantClear 61962->61963 61964 6e0fc5a4 61962->61964 61965 6e0fc7e4 61963->61965 61969 6e0fc5cf 61963->61969 61964->61963 61966 6e0fc7f7 VariantClear VariantClear 61965->61966 61967 6e0fc7f0 SafeArrayDestroy 61965->61967 61968 6e0fc817 61966->61968 61967->61966 61968->61945 61969->61965 61970 6e0fc7d9 61969->61970 61978 6e13919e 67 API calls 3 library calls 61969->61978 61975 6e0fdf70 61970->61975 61973->61940 61974->61942 61979 6e0fd410 61975->61979 61977 6e0fdf80 61977->61965 61978->61970 61980 6e0fd44e 61979->61980 61981 6e0fd472 VariantInit VariantInit VariantInit 61979->61981 61980->61977 61993 6e0fd470 _memmove 61981->61993 61982 6e0fd704 VariantClear VariantClear VariantClear 61983 6e0fd75d 61982->61983 61982->61993 61983->61977 61984 6e139d66 _malloc 66 API calls 61984->61993 61985 6e0fd579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 61985->61993 61986 6e0fd5ec SafeArrayPutElement 61986->61993 61987 6e0fd5d6 SafeArrayUnaccessData 61987->61986 61988 6e0fd633 SafeArrayPutElement VariantClear 61988->61993 61990 6e0fd6fa SafeArrayDestroy 61990->61993 61991 6e0edb30 5 API calls 61991->61993 61992 6e0f56b0 83 API calls 61992->61993 61993->61981 61993->61982 61993->61983 61993->61984 61993->61985 61993->61986 61993->61987 61993->61988 61993->61990 61993->61991 61993->61992 61994 6e0f6880 9 API calls 61993->61994 61995 6e139d2c 66 API calls 2 library calls 61993->61995 61994->61993 61995->61993 61996 5ba56c0 61997 5ba56e3 61996->61997 62005 54a1568 61997->62005 62010 54a0eb3 61997->62010 62015 54a0f14 61997->62015 61998 5ba56fb 62020 54a26f8 61998->62020 62049 54a26dc 61998->62049 61999 5ba573d 62006 54a15b6 62005->62006 62007 54a19c1 62006->62007 62078 5ba5759 62006->62078 62082 5ba5760 62006->62082 62007->61998 62012 54a0eb8 62010->62012 62011 54a19c1 62011->61998 62012->62011 62013 5ba5759 327 API calls 62012->62013 62014 5ba5760 327 API calls 62012->62014 62013->62011 62014->62011 62017 54a0f15 62015->62017 62016 54a19c1 62016->61998 62017->62016 62018 5ba5759 327 API calls 62017->62018 62019 5ba5760 327 API calls 62017->62019 62018->62016 62019->62016 62021 54a272b 62020->62021 62129 5ba5ef0 62021->62129 62133 5ba5ee4 62021->62133 62022 54a28de 62030 54a29cb 62022->62030 62037 5ba63ea Wow64SetThreadContext 62022->62037 62038 5ba63f0 Wow64SetThreadContext 62022->62038 62023 54a2a0c 62041 5ba64e8 VirtualAllocEx 62023->62041 62042 5ba64f0 VirtualAllocEx 62023->62042 62024 54a2a45 62024->62030 62031 5ba660a WriteProcessMemory 62024->62031 62032 5ba6610 WriteProcessMemory 62024->62032 62025 54a2cbb 62026 54a2d0f 62025->62026 62047 5ba63ea Wow64SetThreadContext 62025->62047 62048 5ba63f0 Wow64SetThreadContext 62025->62048 62043 5ba660a WriteProcessMemory 62026->62043 62044 5ba6610 WriteProcessMemory 62026->62044 62027 54a2b54 62027->62025 62045 5ba660a WriteProcessMemory 62027->62045 62046 5ba6610 WriteProcessMemory 62027->62046 62028 54a2da8 62029 54a2df3 62028->62029 62033 5ba63ea Wow64SetThreadContext 62028->62033 62034 5ba63f0 Wow64SetThreadContext 62028->62034 62035 5ba6768 ResumeThread 62029->62035 62036 5ba6760 ResumeThread 62029->62036 62030->61999 62031->62027 62032->62027 62033->62029 62034->62029 62035->62030 62036->62030 62037->62023 62038->62023 62041->62024 62042->62024 62043->62028 62044->62028 62045->62027 62046->62027 62047->62026 62048->62026 62050 54a272b 62049->62050 62070 5ba5ef0 CreateProcessA 62050->62070 62071 5ba5ee4 CreateProcessA 62050->62071 62051 54a28de 62053 54a29cb 62051->62053 62137 5ba63ea 62051->62137 62140 5ba63f0 62051->62140 62052 54a2a0c 62143 5ba64e8 62052->62143 62146 5ba64f0 62052->62146 62053->61999 62054 54a2a45 62054->62053 62149 5ba6610 62054->62149 62153 5ba660a 62054->62153 62055 54a2cbb 62056 54a2d0f 62055->62056 62074 5ba63ea Wow64SetThreadContext 62055->62074 62075 5ba63f0 Wow64SetThreadContext 62055->62075 62072 5ba660a WriteProcessMemory 62056->62072 62073 5ba6610 WriteProcessMemory 62056->62073 62057 54a2da8 62059 54a2df3 62057->62059 62060 5ba63ea Wow64SetThreadContext 62057->62060 62061 5ba63f0 Wow64SetThreadContext 62057->62061 62058 54a2b54 62058->62055 62076 5ba660a WriteProcessMemory 62058->62076 62077 5ba6610 WriteProcessMemory 62058->62077 62157 5ba6760 62059->62157 62160 5ba6768 62059->62160 62060->62059 62061->62059 62070->62051 62071->62051 62072->62057 62073->62057 62074->62056 62075->62056 62076->62058 62077->62058 62079 5ba57cb 62078->62079 62086 6e103eb0 62079->62086 62080 5ba57f4 62080->62007 62083 5ba57cb 62082->62083 62085 6e103eb0 327 API calls 62083->62085 62084 5ba57f4 62084->62007 62085->62084 62087 6e139bb5 77 API calls 62086->62087 62088 6e103f11 62087->62088 62089 6e139bb5 77 API calls 62088->62089 62090 6e103f36 62089->62090 62091 6e0e5050 77 API calls 62090->62091 62092 6e103f50 62091->62092 62093 6e139bb5 77 API calls 62092->62093 62094 6e103f57 62093->62094 62095 6e0e5050 77 API calls 62094->62095 62096 6e103f71 62095->62096 62097 6e139bb5 77 API calls 62096->62097 62098 6e103f78 62097->62098 62099 6e0e5050 77 API calls 62098->62099 62100 6e103f92 62099->62100 62101 6e139bb5 77 API calls 62100->62101 62102 6e103fab 62101->62102 62103 6e104031 62102->62103 62104 6e103fb2 62102->62104 62127 6e139533 66 API calls std::exception::_Copy_str 62103->62127 62105 6e0e16b0 327 API calls 62104->62105 62112 6e103fdc ctype 62105->62112 62107 6e104047 62128 6e13ac75 RaiseException 62107->62128 62109 6e10405e 62110 6e139bb5 77 API calls 62109->62110 62111 6e1040b5 62110->62111 62113 6e139bb5 77 API calls 62111->62113 62112->62080 62114 6e1040d8 62113->62114 62115 6e0e5050 77 API calls 62114->62115 62116 6e1040f2 62115->62116 62117 6e139bb5 77 API calls 62116->62117 62118 6e1040f9 62117->62118 62119 6e0e5050 77 API calls 62118->62119 62120 6e104113 62119->62120 62121 6e139bb5 77 API calls 62120->62121 62122 6e10411a 62121->62122 62123 6e0e5050 77 API calls 62122->62123 62124 6e104134 62123->62124 62125 6e0e16b0 327 API calls 62124->62125 62126 6e104169 ctype 62125->62126 62126->62080 62127->62107 62128->62109 62130 5ba5f6e CreateProcessA 62129->62130 62132 5ba61d4 62130->62132 62134 5ba5ef0 CreateProcessA 62133->62134 62136 5ba61d4 62134->62136 62138 5ba6438 Wow64SetThreadContext 62137->62138 62139 5ba648d 62138->62139 62139->62052 62141 5ba6438 Wow64SetThreadContext 62140->62141 62142 5ba648d 62141->62142 62142->62052 62144 5ba6538 VirtualAllocEx 62143->62144 62145 5ba65ae 62144->62145 62145->62054 62147 5ba6538 VirtualAllocEx 62146->62147 62148 5ba65ae 62147->62148 62148->62054 62150 5ba6660 WriteProcessMemory 62149->62150 62152 5ba66f7 62150->62152 62152->62058 62154 5ba6660 WriteProcessMemory 62153->62154 62156 5ba66f7 62154->62156 62156->62058 62158 5ba67ad ResumeThread 62157->62158 62159 5ba67f7 62158->62159 62159->62053 62161 5ba67ad ResumeThread 62160->62161 62162 5ba67f7 62161->62162 62162->62053 61696 6e0e6bc0 61697 6e0e6bde 61696->61697 61698 6e0e6c26 61697->61698 61706 6e139d21 61697->61706 61700 6e0e6bf7 61701 6e0e6c1d 61700->61701 61710 6e0e5300 61700->61710 61705 6e0e6c3c 61707 6e13e8d5 __EH_prolog3_catch 61706->61707 61708 6e139bb5 77 API calls 61707->61708 61709 6e13e8ed _Fac_tidy 61708->61709 61709->61700 61712 6e0e5322 61710->61712 61711 6e0e5329 61711->61701 61714 6e0e6c60 SafeArrayCreateVector SafeArrayAccessData 61711->61714 61712->61711 61718 6e0e5840 5 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 61712->61718 61715 6e0e6cad 61714->61715 61716 6e0e6c91 _memmove 61714->61716 61715->61705 61717 6e0e6c9f SafeArrayUnaccessData 61716->61717 61717->61715 61718->61711 62163 6e13a42d 62164 6e13a4b8 __close 62163->62164 62165 6e13a438 62163->62165 62165->62164 62167 6e13a468 62165->62167 62171 6e13a2ab 62165->62171 62167->62164 62169 6e13a2ab __CRT_INIT@12 149 API calls 62167->62169 62170 6e13a498 62167->62170 62168 6e13a2ab __CRT_INIT@12 149 API calls 62168->62164 62169->62170 62170->62164 62170->62168 62172 6e13a2b7 __close 62171->62172 62173 6e13a339 62172->62173 62174 6e13a2bf 62172->62174 62176 6e13a39a 62173->62176 62177 6e13a33f 62173->62177 62223 6e13e904 HeapCreate 62174->62223 62178 6e13a3f8 62176->62178 62179 6e13a39f 62176->62179 62183 6e13a35d 62177->62183 62191 6e13a2c8 __close 62177->62191 62233 6e13d4e7 66 API calls _doexit 62177->62233 62178->62191 62241 6e13ec2f 79 API calls __freefls@4 62178->62241 62181 6e13e948 ___set_flsgetvalue 3 API calls 62179->62181 62180 6e13a2c4 62182 6e13a2cf 62180->62182 62180->62191 62186 6e13a3a4 62181->62186 62224 6e13ec9d 86 API calls 4 library calls 62182->62224 62184 6e13a371 62183->62184 62234 6e13dd67 67 API calls __ioterm 62183->62234 62237 6e13a384 70 API calls __mtterm 62184->62237 62238 6e13cb28 66 API calls __calloc_crt 62186->62238 62191->62167 62193 6e13a2d4 __RTC_Initialize 62194 6e13a2d8 62193->62194 62202 6e13a2e4 GetCommandLineA 62193->62202 62225 6e13e922 HeapDestroy 62194->62225 62195 6e13a367 62235 6e13e97c 70 API calls __ioterm 62195->62235 62196 6e13a3b0 62196->62191 62199 6e13a3bc DecodePointer 62196->62199 62203 6e13a3d1 62199->62203 62200 6e13a2dd 62200->62191 62201 6e13a36c 62236 6e13e922 HeapDestroy 62201->62236 62226 6e13fc46 71 API calls 2 library calls 62202->62226 62206 6e13a3d5 62203->62206 62207 6e13a3ec 62203->62207 62239 6e13e9b9 66 API calls 4 library calls 62206->62239 62240 6e139d2c 66 API calls 2 library calls 62207->62240 62208 6e13a2f4 62227 6e13db22 73 API calls __calloc_crt 62208->62227 62212 6e13a3dc GetCurrentThreadId 62212->62191 62213 6e13a2fe 62214 6e13a302 62213->62214 62229 6e13fb8b 95 API calls 3 library calls 62213->62229 62228 6e13e97c 70 API calls __ioterm 62214->62228 62217 6e13a30e 62218 6e13a322 62217->62218 62230 6e13f915 94 API calls 6 library calls 62217->62230 62218->62200 62232 6e13dd67 67 API calls __ioterm 62218->62232 62221 6e13a317 62221->62218 62231 6e13d2fa 77 API calls 4 library calls 62221->62231 62223->62180 62224->62193 62225->62200 62226->62208 62227->62213 62228->62194 62229->62217 62230->62221 62231->62218 62232->62214 62233->62183 62234->62195 62235->62201 62236->62184 62237->62191 62238->62196 62239->62212 62240->62200 62241->62191 61719 2df4cd0 61720 2df4ce7 61719->61720 61721 2df4cee 61719->61721 61720->61721 61723 2dfba91 61720->61723 61724 2dfbac4 61723->61724 61725 2dfbace 61723->61725 61724->61725 61727 2dfc018 61724->61727 61725->61721 61728 2dfc04f 61727->61728 61732 2dfc828 61728->61732 61736 2dfc830 61728->61736 61729 2dfc0c2 61729->61725 61733 2dfc874 61732->61733 61740 6e102ed0 61733->61740 61734 2dfc8bb 61734->61729 61737 2dfc874 61736->61737 61739 6e102ed0 327 API calls 61737->61739 61738 2dfc8bb 61738->61729 61739->61738 61741 6e102f09 61740->61741 61761 6e103006 ctype 61740->61761 61742 6e139bb5 77 API calls 61741->61742 61743 6e102f31 61742->61743 61744 6e139bb5 77 API calls 61743->61744 61745 6e102f54 61744->61745 61746 6e0e5050 77 API calls 61745->61746 61747 6e102f6e 61746->61747 61748 6e139bb5 77 API calls 61747->61748 61749 6e102f75 61748->61749 61750 6e0e5050 77 API calls 61749->61750 61751 6e102f8f 61750->61751 61752 6e139bb5 77 API calls 61751->61752 61753 6e102f96 61752->61753 61754 6e0e5050 77 API calls 61753->61754 61755 6e102fb0 61754->61755 61756 6e139bb5 77 API calls 61755->61756 61757 6e102fb7 61756->61757 61758 6e0e5050 77 API calls 61757->61758 61759 6e102fd1 61758->61759 61760 6e0e16b0 327 API calls 61759->61760 61760->61761 61761->61734 62242 6e1016af 62243 6e1016b4 62242->62243 62244 6e10170f 62243->62244 62246 6e139bb5 77 API calls 62243->62246 62245 6e101769 62244->62245 62248 6e139bb5 77 API calls 62244->62248 62247 6e1017c3 62245->62247 62250 6e139bb5 77 API calls 62245->62250 62249 6e1016cd 62246->62249 62253 6e10181d 62247->62253 62258 6e139bb5 77 API calls 62247->62258 62251 6e101727 62248->62251 62252 6e1016e9 62249->62252 62292 6e0fea40 62249->62292 62254 6e101781 62250->62254 62255 6e101743 62251->62255 62262 6e0fea40 78 API calls 62251->62262 62297 6e0e8400 62252->62297 62256 6e101877 62253->62256 62263 6e139bb5 77 API calls 62253->62263 62260 6e10179d 62254->62260 62267 6e0fea40 78 API calls 62254->62267 62270 6e0e8400 77 API calls 62255->62270 62261 6e1018d1 62256->62261 62268 6e139bb5 77 API calls 62256->62268 62264 6e1017db 62258->62264 62274 6e0e8400 77 API calls 62260->62274 62262->62255 62269 6e101835 62263->62269 62265 6e1017f7 62264->62265 62271 6e0fea40 78 API calls 62264->62271 62277 6e0e8400 77 API calls 62265->62277 62267->62260 62273 6e10188f 62268->62273 62275 6e101851 62269->62275 62280 6e0fea40 78 API calls 62269->62280 62276 6e10175f 62270->62276 62271->62265 62278 6e1018ab 62273->62278 62284 6e0fea40 78 API calls 62273->62284 62279 6e1017b9 62274->62279 62282 6e0e8400 77 API calls 62275->62282 62306 6e0e80b0 67 API calls ctype 62276->62306 62283 6e101813 62277->62283 62288 6e0e8400 77 API calls 62278->62288 62307 6e0e80b0 67 API calls ctype 62279->62307 62280->62275 62286 6e10186d 62282->62286 62308 6e0e80b0 67 API calls ctype 62283->62308 62284->62278 62309 6e0e80b0 67 API calls ctype 62286->62309 62290 6e1018c7 62288->62290 62310 6e0e80b0 67 API calls ctype 62290->62310 62293 6e139bb5 77 API calls 62292->62293 62294 6e0fea6b 62293->62294 62295 6e0fea7e SysAllocString 62294->62295 62296 6e0fea99 62294->62296 62295->62296 62296->62252 62298 6e139bb5 77 API calls 62297->62298 62299 6e0e840d 62298->62299 62300 6e0e8416 62299->62300 62311 6e139533 66 API calls std::exception::_Copy_str 62299->62311 62305 6e0e80b0 67 API calls ctype 62300->62305 62302 6e0e844e 62312 6e13ac75 RaiseException 62302->62312 62304 6e0e8463 62305->62244 62306->62245 62307->62247 62308->62253 62309->62256 62310->62261 62311->62302 62312->62304

                                          Executed Functions

                                          Function 6E0FB6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 720 6e0fb6b0-6e0fb758 VariantInit * 2 721 6e0fb75a-6e0fb75f call 6e14c1e0 720->721 722 6e0fb764-6e0fb769 720->722 721->722 724 6e0fb76b-6e0fb770 722->724 725 6e0fb773-6e0fb784 722->725 724->725 727 6e0fb78a-6e0fb791 725->727 728 6e0fbe96-6e0fbeb4 VariantClear * 2 725->728 731 6e0fb7b9-6e0fb7e2 SafeArrayCreateVector 727->731 732 6e0fb793-6e0fb798 727->732 729 6e0fbebe-6e0fbeca 728->729 730 6e0fbeb6-6e0fbebb 728->730 737 6e0fbecc-6e0fbed1 729->737 738 6e0fbed4-6e0fbef2 call 6e13948b 729->738 730->729 735 6e0fb7ec-6e0fb809 SafeArrayPutElement VariantClear 731->735 736 6e0fb7e4-6e0fb7e7 731->736 733 6e0fb79a-6e0fb79f 732->733 734 6e0fb7a2-6e0fb7b3 732->734 733->734 734->728 734->731 740 6e0fb80f-6e0fb81d 735->740 741 6e0fbe85-6e0fbe8d 735->741 736->735 737->738 744 6e0fb81f-6e0fb824 call 6e14c1e0 740->744 745 6e0fb829-6e0fb837 740->745 741->728 746 6e0fbe8f-6e0fbe90 SafeArrayDestroy 741->746 744->745 865 6e0fb83d call 119d149 745->865 866 6e0fb83d call 119d148 745->866 746->728 748 6e0fb83f-6e0fb841 748->741 749 6e0fb847-6e0fb853 748->749 749->741 750 6e0fb859-6e0fb85e 749->750 750->741 751 6e0fb864-6e0fb86b 750->751 752 6e0fb913-6e0fb917 751->752 753 6e0fb871-6e0fb87e 751->753 754 6e0fb919-6e0fb91b 752->754 755 6e0fb921-6e0fb941 call 6e0edcd0 752->755 756 6e0fb888-6e0fb8f8 call 6e0fdbc0 call 6e0f5790 call 6e0fc850 753->756 757 6e0fb880-6e0fb882 753->757 754->741 754->755 755->741 762 6e0fb947-6e0fb964 call 6e0edcd0 755->762 772 6e0fb8fa-6e0fb8ff call 6e0fe800 756->772 773 6e0fb904-6e0fb90e call 6e0fe800 756->773 757->741 757->756 762->741 768 6e0fb96a-6e0fb96d 762->768 770 6e0fb96f-6e0fb98d call 6e0edcd0 768->770 771 6e0fb993-6e0fb9bf 768->771 770->741 770->771 776 6e0fb9cb-6e0fba1d VariantClear 771->776 777 6e0fb9c1-6e0fb9c6 call 6e14c1e0 771->777 784 6e0fbe83 772->784 773->771 776->741 785 6e0fba23-6e0fba31 776->785 777->776 784->741 786 6e0fba3d-6e0fba8b 785->786 787 6e0fba33-6e0fba38 call 6e14c1e0 785->787 786->741 790 6e0fba91-6e0fba95 786->790 787->786 790->741 791 6e0fba9b-6e0fbaa7 call 6e139bb5 790->791 794 6e0fbaa9-6e0fbab4 791->794 795 6e0fbab6 791->795 796 6e0fbab8-6e0fbacc call 6e0fbf00 794->796 795->796 796->741 799 6e0fbad2-6e0fbada 796->799 800 6e0fbadc-6e0fbaed call 6e0f47d0 799->800 801 6e0fbaf3-6e0fbaf8 799->801 800->741 800->801 803 6e0fbafa-6e0fbb0b call 6e0f47d0 801->803 804 6e0fbb11-6e0fbb2e call 6e0f49b0 801->804 803->741 803->804 804->741 810 6e0fbb34-6e0fbb4b call 6e0fcd20 804->810 810->741 813 6e0fbb51-6e0fbb8e call 6e0f5790 call 6e0f4170 810->813 818 6e0fbb9a-6e0fbba8 call 6e0fe800 813->818 819 6e0fbb90-6e0fbb95 call 6e0fe800 813->819 824 6e0fbbae-6e0fbbc0 818->824 825 6e0fbca2 818->825 819->784 824->825 827 6e0fbbc6-6e0fbc5b call 6e0ec4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6e0fdb10 824->827 826 6e0fbca8-6e0fbcae 825->826 828 6e0fbd78-6e0fbdc8 826->828 829 6e0fbcb4-6e0fbcc6 826->829 839 6e0fbc60-6e0fbc75 827->839 828->784 840 6e0fbdce-6e0fbdd7 828->840 829->828 831 6e0fbccc-6e0fbd76 call 6e0ec4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6e0fdb10 VariantClear * 2 829->831 831->828 842 6e0fbc77-6e0fbc8d 839->842 843 6e0fbc90-6e0fbca0 VariantClear * 2 839->843 840->784 844 6e0fbddd-6e0fbde4 840->844 842->843 843->826 844->784 846 6e0fbdea-6e0fbe03 call 6e139bb5 844->846 850 6e0fbe05-6e0fbe10 call 6e0ec4a0 846->850 851 6e0fbe12 846->851 853 6e0fbe14-6e0fbe3c 850->853 851->853 855 6e0fbe7f 853->855 856 6e0fbe3e-6e0fbe50 853->856 855->784 856->855 857 6e0fbe52-6e0fbe65 call 6e139bb5 856->857 860 6e0fbe67-6e0fbe6f call 6e0ec4a0 857->860 861 6e0fbe71 857->861 863 6e0fbe73-6e0fbe7c 860->863 861->863 863->855 865->748 866->748
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FB73F
                                          • VariantInit.OLEAUT32(?), ref: 6E0FB748
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FB7BE
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FB7F5
                                          • VariantClear.OLEAUT32(?), ref: 6E0FB801
                                            • Part of subcall function 6E0FC850: VariantInit.OLEAUT32(?), ref: 6E0FC88F
                                            • Part of subcall function 6E0FC850: VariantInit.OLEAUT32(?), ref: 6E0FC895
                                            • Part of subcall function 6E0FC850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FC8A0
                                            • Part of subcall function 6E0FC850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0FC8D5
                                            • Part of subcall function 6E0FC850: VariantClear.OLEAUT32(?), ref: 6E0FC8E1
                                          • VariantClear.OLEAUT32(?), ref: 6E0FBA15
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FBE90
                                          • VariantClear.OLEAUT32(?), ref: 6E0FBEA3
                                          • VariantClear.OLEAUT32(?), ref: 6E0FBEA9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                          • String ID:
                                          • API String ID: 2012514194-0
                                          • Opcode ID: 231846b2a7ac7484a9161d66511806f6fdd1f62b046ec8e0a31c4f78e0d470f2
                                          • Instruction ID: a9786fc42b367676c8a2fe39bd2791caa0b094c5d735ad010a40aedef826b241
                                          • Opcode Fuzzy Hash: 231846b2a7ac7484a9161d66511806f6fdd1f62b046ec8e0a31c4f78e0d470f2
                                          • Instruction Fuzzy Hash: 92525C71900219DFDB10DFA8C890BDEBBF5BF49300F148599E919AB349DB30A956CF90
                                          Function 054A0EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 867 54a0eb3-54a0ece 869 54a19bb-54a19bf 867->869 870 54a0ed4-54a0ee6 867->870 871 54a19d2-54a1a58 869->871 872 54a19c1-54a19cd 869->872 876 54a0ee8-54a0f0a 870->876 877 54a0f15-54a0f36 870->877 889 54a1a5a-54a1a66 871->889 890 54a1a82 871->890 873 54a1ee8-54a1ef5 872->873 876->877 881 54a0f3c-54a0f52 876->881 877->881 882 54a0f5e-54a1042 881->882 883 54a0f54-54a0f58 881->883 904 54a106c 882->904 905 54a1044-54a1050 882->905 883->869 883->882 893 54a1a68-54a1a6e 889->893 894 54a1a70-54a1a76 889->894 891 54a1a88-54a1acd 890->891 1024 54a1ad0 call 5ba5759 891->1024 1025 54a1ad0 call 5ba5760 891->1025 895 54a1a80 893->895 894->895 895->891 898 54a1ad2-54a1adf 900 54a1ae1 898->900 901 54a1ae5-54a1b0e 898->901 900->901 906 54a1c40-54a1c47 901->906 907 54a1b14-54a1b40 901->907 910 54a1072-54a1124 904->910 908 54a105a-54a1060 905->908 909 54a1052-54a1058 905->909 911 54a1d4f-54a1db0 906->911 912 54a1c4d-54a1d4c 906->912 918 54a1b42 907->918 919 54a1b47-54a1b82 907->919 913 54a106a 908->913 909->913 931 54a114e 910->931 932 54a1126-54a1132 910->932 911->873 912->911 913->910 918->919 919->906 933 54a1154-54a116f 931->933 934 54a113c-54a1142 932->934 935 54a1134-54a113a 932->935 940 54a1199 933->940 941 54a1171-54a117d 933->941 937 54a114c 934->937 935->937 937->933 945 54a119f-54a11bd 940->945 942 54a117f-54a1185 941->942 943 54a1187-54a118d 941->943 946 54a1197 942->946 943->946 950 54a12db-54a13bf 945->950 951 54a11c3-54a12c3 945->951 946->945 964 54a13e9 950->964 965 54a13c1-54a13cd 950->965 951->950 966 54a13ef-54a1444 964->966 968 54a13cf-54a13d5 965->968 969 54a13d7-54a13dd 965->969 977 54a144a-54a1549 966->977 978 54a1562-54a1638 966->978 971 54a13e7 968->971 969->971 971->966 977->978 978->869 987 54a163e-54a1647 978->987 989 54a1649-54a164c 987->989 990 54a1652-54a1751 987->990 989->990 991 54a176a-54a1781 989->991 990->991 991->869 997 54a1787-54a1898 991->997 1013 54a189a-54a189d 997->1013 1014 54a18a3-54a19a2 997->1014 1013->869 1013->1014 1014->869 1024->898 1025->898
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<cq$p<cq$p<cq$p<cq$G{q$G{q$G{q$G{q$G{q
                                          • API String ID: 0-125182453
                                          • Opcode ID: 76f83607b195f2ee72c51feef54b1228342ffe2e287426476bcd4dd5ea265cf3
                                          • Instruction ID: 09d6760bf3ca1bf33ddcbb54ebce6bf1a14f22ce7e505956de446fdc6230555e
                                          • Opcode Fuzzy Hash: 76f83607b195f2ee72c51feef54b1228342ffe2e287426476bcd4dd5ea265cf3
                                          • Instruction Fuzzy Hash: B082A574E002298FDB64DF69C998BD9B7B1BB98310F1481E9D50DAB365DB30AE81CF50
                                          Function 6E0EB6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1445 6e0eb6c0-6e0eb715 GetModuleHandleW 1446 6e0eb72a-6e0eb738 GetProcAddress 1445->1446 1447 6e0eb717-6e0eb724 LoadLibraryW 1445->1447 1448 6e0eb94c-6e0eb954 1446->1448 1449 6e0eb73e-6e0eb750 1446->1449 1447->1446 1447->1448 1450 6e0eb95e-6e0eb96a 1448->1450 1451 6e0eb956-6e0eb95b 1448->1451 1449->1448 1455 6e0eb756-6e0eb771 1449->1455 1453 6e0eb96c-6e0eb971 1450->1453 1454 6e0eb974-6e0eb98f call 6e13948b 1450->1454 1451->1450 1453->1454 1455->1448 1459 6e0eb777-6e0eb788 1455->1459 1459->1448 1461 6e0eb78e-6e0eb791 1459->1461 1461->1448 1462 6e0eb797-6e0eb7b2 1461->1462 1462->1448 1464 6e0eb7b8-6e0eb7c5 1462->1464 1464->1448 1466 6e0eb7cb-6e0eb7d0 1464->1466 1467 6e0eb7da-6e0eb7e7 1466->1467 1468 6e0eb7d2-6e0eb7d7 1466->1468 1469 6e0eb7ec-6e0eb7ee 1467->1469 1468->1467 1469->1448 1470 6e0eb7f4-6e0eb7f9 1469->1470 1471 6e0eb7fb-6e0eb800 call 6e14c1e0 1470->1471 1472 6e0eb805-6e0eb80a 1470->1472 1471->1472 1474 6e0eb80c-6e0eb811 1472->1474 1475 6e0eb814-6e0eb829 1472->1475 1474->1475 1475->1448 1477 6e0eb82f-6e0eb849 1475->1477 1478 6e0eb850-6e0eb85b 1477->1478 1478->1478 1479 6e0eb85d-6e0eb8a4 call 6e13a116 GetModuleHandleW 1478->1479 1479->1448 1482 6e0eb8aa-6e0eb8c1 1479->1482 1483 6e0eb8c5-6e0eb8d0 1482->1483 1483->1483 1484 6e0eb8d2-6e0eb8f0 GetProcAddress 1483->1484 1484->1448 1485 6e0eb8f2-6e0eb8ff call 6e0d5340 1484->1485 1489 6e0eb900-6e0eb905 1485->1489 1489->1489 1490 6e0eb907-6e0eb90d 1489->1490 1490->1489 1491 6e0eb90f-6e0eb912 1490->1491 1492 6e0eb93a 1491->1492 1493 6e0eb914-6e0eb929 1491->1493 1496 6e0eb93d-6e0eb948 call 6e0ead80 1492->1496 1494 6e0eb92b-6e0eb92e 1493->1494 1495 6e0eb931-6e0eb938 1493->1495 1494->1495 1495->1496 1496->1448
                                          APIs
                                          • GetModuleHandleW.KERNEL32(mscoree.dll,E0F806C9), ref: 6E0EB711
                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6E0EB71C
                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6E0EB730
                                          • __cftoe.LIBCMT ref: 6E0EB870
                                          • GetModuleHandleW.KERNEL32(?), ref: 6E0EB88B
                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6E0EB8D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                          • API String ID: 1275574042-506955582
                                          • Opcode ID: f190d3d4a9f0be8e90d0cb8038b6e43b5ac648fde76533af9005191815eaf687
                                          • Instruction ID: c1dc796b77625cdf42e36bfc0bf04b7c7fca3e121371948d6c34cb61df4cb3b6
                                          • Opcode Fuzzy Hash: f190d3d4a9f0be8e90d0cb8038b6e43b5ac648fde76533af9005191815eaf687
                                          • Instruction Fuzzy Hash: A5916970D0424A9FDB14DFE8C884AAEBBB5FF48310B20856DE166EB354D730A946CF54
                                          Function 02DF5C30 Relevance: 7.0, Strings: 5, Instructions: 721COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ocq$(ocq$,gq$,gq$Hgq
                                          • API String ID: 0-1029698136
                                          • Opcode ID: f61d9ea24b4a9a6b017e25490d5b1841673f5bd6a85d2432cf988e9bb1f75b29
                                          • Instruction ID: fc14f3c0e24afe9a5527f1dd959141459b50928abe46edeae1df71a402e7201c
                                          • Opcode Fuzzy Hash: f61d9ea24b4a9a6b017e25490d5b1841673f5bd6a85d2432cf988e9bb1f75b29
                                          • Instruction Fuzzy Hash: AE52A030B001159FCB58DF78D884A6EBBF6FF88354B168169EA259B764DB30EC41CB94
                                          Function 02DF8BCD Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: D
                                          • API String ID: 0-2746444292
                                          • Opcode ID: 6653019f9ea94d3782f5b8502cdae491b6e5f4f75185a75618f0b93583db7152
                                          • Instruction ID: 5c061c51943aff4c432aa24d37d463781a288c27b3bd95791621323365e3a698
                                          • Opcode Fuzzy Hash: 6653019f9ea94d3782f5b8502cdae491b6e5f4f75185a75618f0b93583db7152
                                          • Instruction Fuzzy Hash: 2052A874A102298FCB54DF68C994B9DBBB2FF89300F5085D9D50AA7365DB30AE81CF90
                                          Function 02DF3D50 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: lop
                                          • API String ID: 0-2498152340
                                          • Opcode ID: b64d17df78bc9e6dca77735f4b5377fa426b77ef6b7f4d811319ec23013c3a6e
                                          • Instruction ID: 837fae500c45a26a4612ced0d90ca91753c2fcf2183705162b1630f92dac23ff
                                          • Opcode Fuzzy Hash: b64d17df78bc9e6dca77735f4b5377fa426b77ef6b7f4d811319ec23013c3a6e
                                          • Instruction Fuzzy Hash: 2941DA74E45219CBEBA8CF2ADC44B99BAB6BF89300F06C1E9950DA7354DB304E85CF14
                                          Function 02DF3D60 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: lop
                                          • API String ID: 0-2498152340
                                          • Opcode ID: b4acc994868537b93f967de0c55e3f519dc4688a2ae1cff822409fc1f15ed5c7
                                          • Instruction ID: 44bf039608190a818c8b2496b18a259564f741a4b6d8e3860a46e3e0fe70357a
                                          • Opcode Fuzzy Hash: b4acc994868537b93f967de0c55e3f519dc4688a2ae1cff822409fc1f15ed5c7
                                          • Instruction Fuzzy Hash: D541C870E45219CBEBA8CF2ADC44B99BAB6BF89300F06C1E9950DA7354DB304E85CF14
                                          Function 02DFD628 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8hq
                                          • API String ID: 0-4057917415
                                          • Opcode ID: 9bf5d8341b9e77a389703ee856b82b3fd32a5286b2ee58cd9980e01801c58bf6
                                          • Instruction ID: 737ddd08ad88c7bce813f27ddb30983009a0ef0006fce2e12ef5577cbd1f6939
                                          • Opcode Fuzzy Hash: 9bf5d8341b9e77a389703ee856b82b3fd32a5286b2ee58cd9980e01801c58bf6
                                          • Instruction Fuzzy Hash: 1D31C676E01209AFDB05CFA9D440AEEFBB5FF49310F10906AE911B7260DB709A04CFA5
                                          Function 02DFD630 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8hq
                                          • API String ID: 0-4057917415
                                          • Opcode ID: 460560e1cd5c4c5c47aa205c2ebe440fc83c6cdfe1dcffa7de992b2a037eaec0
                                          • Instruction ID: 892eff4b20b7ea341bbd69acb825e0edccb9a4832026f633594314448787965c
                                          • Opcode Fuzzy Hash: 460560e1cd5c4c5c47aa205c2ebe440fc83c6cdfe1dcffa7de992b2a037eaec0
                                          • Instruction Fuzzy Hash: F731C675E012099FDB04CFA9D440AEEBBB5FF49310F109069E911B7260DB709A04CBA5
                                          Function 054A26F8 Relevance: .5, Instructions: 481COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b054b0c65681e4699dacd284475a43a3ae3960e4e6dc74d06eff8c9fc58d182
                                          • Instruction ID: 11794806db672ac9144fe6b5072a47b4ae9bc7a9bb63cf0b3374872f3df1d312
                                          • Opcode Fuzzy Hash: 7b054b0c65681e4699dacd284475a43a3ae3960e4e6dc74d06eff8c9fc58d182
                                          • Instruction Fuzzy Hash: 1C32A175E052298FDB64DFA9C990BDEBBB2BF89300F1081AAD509A7354DB305E81DF50
                                          Function 02DF2B78 Relevance: .4, Instructions: 390COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0f8d47c3e6c7414875ff1716a6502589f819f3a1ffd38d788d09bed0d3df574
                                          • Instruction ID: 810ae3433e7387eb9e79c8bb13e454b208a4f2b0e4bcf50993a715974472d984
                                          • Opcode Fuzzy Hash: b0f8d47c3e6c7414875ff1716a6502589f819f3a1ffd38d788d09bed0d3df574
                                          • Instruction Fuzzy Hash: 1112B474E00218CFDB68DF69D994B9DBBB2BF88300F1181AAD949A7355DB305E85CF50
                                          Function 02DF1C59 Relevance: .3, Instructions: 342COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd860212961e8ee6cb4e6318c5e7bdf6f7c238d8325ca508a00eff8321321b81
                                          • Instruction ID: 23bd56ab22dc80873a11bd7f073b9fc823f543e1658fd408f222b34b03827265
                                          • Opcode Fuzzy Hash: bd860212961e8ee6cb4e6318c5e7bdf6f7c238d8325ca508a00eff8321321b81
                                          • Instruction Fuzzy Hash: 2A027DB4E002288BDB69DF65CD55B9DBBB2FB88300F1080EAD91DA7365DB315E858F50
                                          Function 02DF2B17 Relevance: .3, Instructions: 340COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c2ac3e1616c1cd8b66393c63d4ba409ee9ff08c7c2efd4dea87adec77937baa
                                          • Instruction ID: 391309695ed67fcc24c7c183873f813c67f1f4467a5798b4a7218848676a8b77
                                          • Opcode Fuzzy Hash: 9c2ac3e1616c1cd8b66393c63d4ba409ee9ff08c7c2efd4dea87adec77937baa
                                          • Instruction Fuzzy Hash: 65029474E00228CFDB68DF69D994B9DBBB2BF89300F1181AAD949A7365DB305D81CF50
                                          Function 02DF2B69 Relevance: .3, Instructions: 327COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6190ca75ced3c2dd1c57518f4389b653e2ba3412029816697d6b0170a2746c5e
                                          • Instruction ID: c2ddd67c2a99241a4bb5847f2bf483113e29a3032ac1daa883704824d0ade1f2
                                          • Opcode Fuzzy Hash: 6190ca75ced3c2dd1c57518f4389b653e2ba3412029816697d6b0170a2746c5e
                                          • Instruction Fuzzy Hash: 12F19274E00228CFDB68DF69D994B9DBBB2BF88300F1181AAD959A7365DB305D81CF50
                                          Function 054A26DC Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4faa916755c6346d1867b820256273524129822cdacfc8510c386c951e31d58
                                          • Instruction ID: 90e6092511b94c99487c351078605902cddec6c17f7987048d3efb570fc3eaea
                                          • Opcode Fuzzy Hash: f4faa916755c6346d1867b820256273524129822cdacfc8510c386c951e31d58
                                          • Instruction Fuzzy Hash: C491C375E052289FDB64DF69C840BDEBBB2BF89300F1481AAD509AB354DB305A85CF50
                                          Function 6E0F9357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F84BF
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F84D2
                                          • SafeArrayGetElement.OLEAUT32 ref: 6E0F850A
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F94C1
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F94D4
                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6E0F950C
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F97A4
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F97B7
                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6E0F97F2
                                            • Part of subcall function 6E0F3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F3B71
                                            • Part of subcall function 6E0F3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F3B83
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F9D5F
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F9D72
                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6E0F9DAF
                                            • Part of subcall function 6E0F3A90: SafeArrayDestroy.OLEAUT32(?), ref: 6E0F3BCF
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0FA1BC
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0FA1CF
                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6E0FA20C
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$Destroy$Element
                                          • String ID: A
                                          • API String ID: 959723449-3554254475
                                          • Opcode ID: d2b1cb58ad4f7605a1719578e88aa45c1617ce96ffd360e668198a691b6f14dc
                                          • Instruction ID: 042e616ab34ecaf07f5ac13a4ddf5cf8bdf8d7ff912a70b3627e2462f1b45fde
                                          • Opcode Fuzzy Hash: d2b1cb58ad4f7605a1719578e88aa45c1617ce96ffd360e668198a691b6f14dc
                                          • Instruction Fuzzy Hash: D3239171A00205DFDB40CFE4C894FDD77B9AF49308F648594EA09AF296DB35E986CB60
                                          Function 6E0F2970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1026 6e0f2970-6e0f29c1 1027 6e0f29cd-6e0f29d7 1026->1027 1028 6e0f29c3-6e0f29c8 call 6e14c1e0 1026->1028 1092 6e0f29d8 call 119d149 1027->1092 1093 6e0f29d8 call 119d148 1027->1093 1028->1027 1030 6e0f29da-6e0f29dc 1031 6e0f2d12-6e0f2d18 1030->1031 1032 6e0f29e2-6e0f29e8 1030->1032 1034 6e0f2d21-6e0f2d37 1031->1034 1035 6e0f2d1a-6e0f2d1b SafeArrayDestroy 1031->1035 1033 6e0f29ee-6e0f2a1a SafeArrayGetLBound SafeArrayGetUBound 1032->1033 1032->1034 1033->1031 1036 6e0f2a20-6e0f2a37 SafeArrayGetElement 1033->1036 1035->1034 1036->1031 1037 6e0f2a3d-6e0f2a4d 1036->1037 1037->1028 1038 6e0f2a53-6e0f2a6f 1037->1038 1040 6e0f2d5a-6e0f2d5f 1038->1040 1041 6e0f2a75-6e0f2a77 1038->1041 1043 6e0f2c76-6e0f2c78 1040->1043 1041->1040 1042 6e0f2a7d-6e0f2a92 call 6e0f38e0 1041->1042 1048 6e0f2c58-6e0f2c63 1042->1048 1049 6e0f2a98-6e0f2aac 1042->1049 1043->1031 1044 6e0f2c7e-6e0f2c86 1043->1044 1044->1031 1050 6e0f2c6d-6e0f2c72 1048->1050 1051 6e0f2c65-6e0f2c6a 1048->1051 1052 6e0f2aae-6e0f2ab3 1049->1052 1053 6e0f2ab6-6e0f2acc VariantInit 1049->1053 1050->1043 1051->1050 1052->1053 1053->1028 1054 6e0f2ad2-6e0f2ae3 1053->1054 1055 6e0f2ae9-6e0f2aeb 1054->1055 1056 6e0f2ae5-6e0f2ae7 1054->1056 1057 6e0f2aee-6e0f2af2 1055->1057 1056->1057 1058 6e0f2af8 1057->1058 1059 6e0f2af4-6e0f2af6 1057->1059 1060 6e0f2afa-6e0f2b34 1058->1060 1059->1060 1062 6e0f2c8b-6e0f2caa VariantClear * 2 1060->1062 1063 6e0f2b3a-6e0f2b50 VariantInit 1060->1063 1062->1050 1064 6e0f2cac-6e0f2cb4 1062->1064 1063->1028 1065 6e0f2b56-6e0f2b67 1063->1065 1064->1050 1066 6e0f2b6d-6e0f2b6f 1065->1066 1067 6e0f2b69-6e0f2b6b 1065->1067 1069 6e0f2b72-6e0f2b76 1066->1069 1067->1069 1070 6e0f2b7c 1069->1070 1071 6e0f2b78-6e0f2b7a 1069->1071 1072 6e0f2b7e-6e0f2bb8 1070->1072 1071->1072 1074 6e0f2bbe-6e0f2bcb 1072->1074 1075 6e0f2d3a-6e0f2d55 VariantClear * 3 1072->1075 1074->1075 1076 6e0f2bd1-6e0f2bf3 call 6e103160 1074->1076 1075->1048 1080 6e0f2bf9-6e0f2c1f VariantClear * 3 1076->1080 1081 6e0f2cb6-6e0f2cf1 VariantClear * 3 1076->1081 1082 6e0f2c29-6e0f2c34 1080->1082 1083 6e0f2c21-6e0f2c26 1080->1083 1087 6e0f2cfb-6e0f2d06 1081->1087 1088 6e0f2cf3-6e0f2cf6 1081->1088 1085 6e0f2c3e-6e0f2c4d 1082->1085 1086 6e0f2c36-6e0f2c3b 1082->1086 1083->1082 1085->1036 1089 6e0f2c53 1085->1089 1086->1085 1090 6e0f2d08-6e0f2d0d 1087->1090 1091 6e0f2d10 1087->1091 1088->1087 1089->1031 1090->1091 1091->1031 1092->1030 1093->1030
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F29F6
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F2A08
                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F2A2F
                                          • VariantInit.OLEAUT32(?), ref: 6E0F2ABB
                                          • VariantInit.OLEAUT32(?), ref: 6E0F2B3F
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2C04
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2C0B
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2C12
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2C96
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2C9D
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2CD6
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2CDD
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2CE4
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F2D1B
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2D45
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2D4C
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2D53
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                          • String ID:
                                          • API String ID: 214056513-0
                                          • Opcode ID: 9483b6eb0aa62b14388d3ef1c507668a32d84d40b5bc6dca15665fcc98428cf1
                                          • Instruction ID: 8a575fa8c75f5d5567f23012ab1c0db39810cc7799b13fddd4f279db27a95ce4
                                          • Opcode Fuzzy Hash: 9483b6eb0aa62b14388d3ef1c507668a32d84d40b5bc6dca15665fcc98428cf1
                                          • Instruction Fuzzy Hash: 24C15B71608381DFD700CFA8C8C4A5BBBE9AF89344F24895DF995CB260C775E856CB92
                                          Function 6E0EAF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1094 6e0eaf30-6e0eaf95 VariantInit * 3 1095 6e0eaf97-6e0eaf9c call 6e14c1e0 1094->1095 1096 6e0eafa1-6e0eafa7 1094->1096 1095->1096 1098 6e0eafa9-6e0eafae 1096->1098 1099 6e0eafb1-6e0eafbf 1096->1099 1098->1099 1175 6e0eafc0 call 119d149 1099->1175 1176 6e0eafc0 call 119d148 1099->1176 1100 6e0eafc2-6e0eafc4 1101 6e0eb22c-6e0eb252 VariantClear * 3 1100->1101 1102 6e0eafca-6e0eafda call 6e0f38e0 1100->1102 1103 6e0eb25c-6e0eb26a 1101->1103 1104 6e0eb254-6e0eb257 1101->1104 1102->1101 1109 6e0eafe0-6e0eaff4 1102->1109 1106 6e0eb26c-6e0eb271 1103->1106 1107 6e0eb274-6e0eb288 1103->1107 1104->1103 1106->1107 1110 6e0eaffe-6e0eb015 VariantCopy 1109->1110 1111 6e0eaff6-6e0eaff9 1109->1111 1112 6e0eb01d-6e0eb033 VariantClear 1110->1112 1113 6e0eb017-6e0eb018 call 6e14c1e0 1110->1113 1111->1110 1115 6e0eb03f-6e0eb050 1112->1115 1116 6e0eb035-6e0eb03a call 6e14c1e0 1112->1116 1113->1112 1118 6e0eb056-6e0eb058 1115->1118 1119 6e0eb052-6e0eb054 1115->1119 1116->1115 1120 6e0eb05b-6e0eb05f 1118->1120 1119->1120 1121 6e0eb065 1120->1121 1122 6e0eb061-6e0eb063 1120->1122 1123 6e0eb067-6e0eb09a 1121->1123 1122->1123 1173 6e0eb09d call 119d149 1123->1173 1174 6e0eb09d call 119d148 1123->1174 1124 6e0eb09f-6e0eb0a1 1124->1101 1125 6e0eb0a7-6e0eb0b3 call 6e139bb5 1124->1125 1128 6e0eb0b5-6e0eb0bf 1125->1128 1129 6e0eb0c1 1125->1129 1130 6e0eb0c3-6e0eb0ca 1128->1130 1129->1130 1131 6e0eb0d0-6e0eb0d9 1130->1131 1131->1131 1132 6e0eb0db-6e0eb111 call 6e1391e1 call 6e13a136 1131->1132 1137 6e0eb11d-6e0eb12b 1132->1137 1138 6e0eb113-6e0eb118 call 6e14c1e0 1132->1138 1139 6e0eb12d-6e0eb12f 1137->1139 1140 6e0eb131-6e0eb133 1137->1140 1138->1137 1142 6e0eb136-6e0eb13a 1139->1142 1140->1142 1143 6e0eb13c-6e0eb13e 1142->1143 1144 6e0eb140 1142->1144 1145 6e0eb142-6e0eb17e 1143->1145 1144->1145 1147 6e0eb1ff-6e0eb203 1145->1147 1148 6e0eb180-6e0eb18a 1145->1148 1149 6e0eb205-6e0eb20e call 6e139c35 1147->1149 1150 6e0eb210-6e0eb215 1147->1150 1151 6e0eb28d-6e0eb2b8 VariantClear * 3 1148->1151 1152 6e0eb190-6e0eb1b9 SafeArrayGetLBound SafeArrayGetUBound 1148->1152 1149->1150 1156 6e0eb217-6e0eb220 call 6e139c35 1150->1156 1157 6e0eb223-6e0eb229 call 6e139b35 1150->1157 1154 6e0eb2ba-6e0eb2bf 1151->1154 1155 6e0eb2c2-6e0eb2d0 1151->1155 1158 6e0eb1bf-6e0eb1cd SafeArrayAccessData 1152->1158 1159 6e0eb28b 1152->1159 1154->1155 1162 6e0eb2da-6e0eb2ee 1155->1162 1163 6e0eb2d2-6e0eb2d7 1155->1163 1156->1157 1157->1101 1158->1159 1165 6e0eb1d3-6e0eb1f7 call 6e1391e1 call 6e13a530 SafeArrayUnaccessData 1158->1165 1159->1151 1163->1162 1165->1159 1172 6e0eb1fd 1165->1172 1172->1147 1173->1124 1174->1124 1175->1100 1176->1100
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0EAF75
                                          • VariantInit.OLEAUT32(?), ref: 6E0EAF7C
                                          • VariantInit.OLEAUT32(?), ref: 6E0EAF83
                                          • VariantCopy.OLEAUT32(?,?), ref: 6E0EB00D
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB027
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0EB19C
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0EB1AA
                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6E0EB1C5
                                          • _memmove.LIBCMT ref: 6E0EB1E6
                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6E0EB1EF
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB237
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB23E
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB245
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB29D
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB2A4
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB2AB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                          • String ID:
                                          • API String ID: 3403836469-0
                                          • Opcode ID: b217c2f1ed1209892a1bd28873b843939f7ac3cc71ea3caee7c7e9463d5e4e08
                                          • Instruction ID: b44978cdd981e2b2ed7b7ecc8a54686e98355b8370fb5ab136aa6a90eadd6ea8
                                          • Opcode Fuzzy Hash: b217c2f1ed1209892a1bd28873b843939f7ac3cc71ea3caee7c7e9463d5e4e08
                                          • Instruction Fuzzy Hash: 08C156B26083429FD710DFA8C884A5AB7E9FF89704F10896DF659CB254D730E945CF92
                                          Function 6E0FD410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1177 6e0fd410-6e0fd44c 1178 6e0fd44e-6e0fd465 1177->1178 1179 6e0fd472-6e0fd4e0 VariantInit * 3 1177->1179 1180 6e0fd4ec-6e0fd4f2 1179->1180 1181 6e0fd4e2-6e0fd4ea 1179->1181 1182 6e0fd4f6-6e0fd504 1180->1182 1181->1182 1183 6e0fd51e-6e0fd527 1182->1183 1184 6e0fd506-6e0fd50d 1182->1184 1187 6e0fd529-6e0fd530 1183->1187 1188 6e0fd538-6e0fd53c 1183->1188 1185 6e0fd50f-6e0fd512 1184->1185 1186 6e0fd514-6e0fd516 1184->1186 1189 6e0fd518-6e0fd51c 1185->1189 1186->1189 1187->1188 1190 6e0fd532-6e0fd536 1187->1190 1191 6e0fd540-6e0fd544 1188->1191 1189->1183 1189->1184 1190->1191 1192 6e0fd54a-6e0fd5c0 call 6e139d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1191->1192 1193 6e0fd704-6e0fd72f VariantClear * 3 1191->1193 1201 6e0fd5c6-6e0fd5ea call 6e13a530 SafeArrayUnaccessData 1192->1201 1202 6e0fd5c2-6e0fd5c4 1192->1202 1194 6e0fd76c-6e0fd783 1193->1194 1195 6e0fd731-6e0fd757 1193->1195 1198 6e0fd75d 1195->1198 1199 6e0fd470 1195->1199 1199->1179 1203 6e0fd5ec-6e0fd605 SafeArrayPutElement 1201->1203 1202->1203 1206 6e0fd60b-6e0fd629 1203->1206 1207 6e0fd6e5-6e0fd6eb 1203->1207 1208 6e0fd62b-6e0fd630 1206->1208 1209 6e0fd633-6e0fd64f SafeArrayPutElement VariantClear 1206->1209 1210 6e0fd6ed-6e0fd6f3 call 6e139d2c 1207->1210 1211 6e0fd6f6-6e0fd6f8 1207->1211 1208->1209 1209->1207 1213 6e0fd655-6e0fd664 1209->1213 1210->1211 1214 6e0fd6fa-6e0fd6fb SafeArrayDestroy 1211->1214 1215 6e0fd701 1211->1215 1217 6e0fd66a-6e0fd694 1213->1217 1218 6e0fd762-6e0fd767 call 6e14c1e0 1213->1218 1214->1215 1215->1193 1230 6e0fd697 call 119d149 1217->1230 1231 6e0fd697 call 119d148 1217->1231 1218->1194 1220 6e0fd699-6e0fd69b 1220->1207 1221 6e0fd69d-6e0fd6a9 1220->1221 1221->1207 1222 6e0fd6ab-6e0fd6c1 call 6e0edb30 1221->1222 1222->1207 1225 6e0fd6c3-6e0fd6d5 call 6e0f56b0 call 6e0f6880 1222->1225 1229 6e0fd6da-6e0fd6e0 1225->1229 1229->1207 1230->1220 1231->1220
                                          APIs
                                          • VariantInit.OLEAUT32 ref: 6E0FD4B3
                                          • VariantInit.OLEAUT32 ref: 6E0FD4C5
                                          • VariantInit.OLEAUT32(?), ref: 6E0FD4CC
                                          • _malloc.LIBCMT ref: 6E0FD551
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0FD58B
                                          • SafeArrayCreateVector.OLEAUT32 ref: 6E0FD5A6
                                          • SafeArrayAccessData.OLEAUT32 ref: 6E0FD5B8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                          • String ID:
                                          • API String ID: 1552365394-0
                                          • Opcode ID: 80c5541fd3a711b34ec4fa2e99db70458b93d036b7ff180fd3d1e44e43a772e5
                                          • Instruction ID: 0e085b8d737b5d62e9465b191f04c516aab5a3c0f8b4d4069aeb7751862e177b
                                          • Opcode Fuzzy Hash: 80c5541fd3a711b34ec4fa2e99db70458b93d036b7ff180fd3d1e44e43a772e5
                                          • Instruction Fuzzy Hash: CBB143B66083019FD714CF68C880B5AB7E9FF89714F14895DE8998B350E731E906CF92
                                          Function 6E0FD468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1232 6e0fd468 1233 6e0fd470-6e0fd4e0 VariantInit * 3 1232->1233 1235 6e0fd4ec-6e0fd4f2 1233->1235 1236 6e0fd4e2-6e0fd4ea 1233->1236 1237 6e0fd4f6-6e0fd504 1235->1237 1236->1237 1238 6e0fd51e-6e0fd527 1237->1238 1239 6e0fd506-6e0fd50d 1237->1239 1242 6e0fd529-6e0fd530 1238->1242 1243 6e0fd538-6e0fd53c 1238->1243 1240 6e0fd50f-6e0fd512 1239->1240 1241 6e0fd514-6e0fd516 1239->1241 1244 6e0fd518-6e0fd51c 1240->1244 1241->1244 1242->1243 1245 6e0fd532-6e0fd536 1242->1245 1246 6e0fd540-6e0fd544 1243->1246 1244->1238 1244->1239 1245->1246 1247 6e0fd54a-6e0fd5c0 call 6e139d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1246->1247 1248 6e0fd704-6e0fd72f VariantClear * 3 1246->1248 1255 6e0fd5c6-6e0fd5ea call 6e13a530 SafeArrayUnaccessData 1247->1255 1256 6e0fd5c2-6e0fd5c4 1247->1256 1249 6e0fd76c-6e0fd783 1248->1249 1250 6e0fd731-6e0fd757 1248->1250 1250->1233 1253 6e0fd75d 1250->1253 1257 6e0fd5ec-6e0fd605 SafeArrayPutElement 1255->1257 1256->1257 1260 6e0fd60b-6e0fd629 1257->1260 1261 6e0fd6e5-6e0fd6eb 1257->1261 1262 6e0fd62b-6e0fd630 1260->1262 1263 6e0fd633-6e0fd64f SafeArrayPutElement VariantClear 1260->1263 1264 6e0fd6ed-6e0fd6f3 call 6e139d2c 1261->1264 1265 6e0fd6f6-6e0fd6f8 1261->1265 1262->1263 1263->1261 1267 6e0fd655-6e0fd664 1263->1267 1264->1265 1268 6e0fd6fa-6e0fd6fb SafeArrayDestroy 1265->1268 1269 6e0fd701 1265->1269 1271 6e0fd66a-6e0fd694 1267->1271 1272 6e0fd762-6e0fd767 call 6e14c1e0 1267->1272 1268->1269 1269->1248 1284 6e0fd697 call 119d149 1271->1284 1285 6e0fd697 call 119d148 1271->1285 1272->1249 1274 6e0fd699-6e0fd69b 1274->1261 1275 6e0fd69d-6e0fd6a9 1274->1275 1275->1261 1276 6e0fd6ab-6e0fd6c1 call 6e0edb30 1275->1276 1276->1261 1279 6e0fd6c3-6e0fd6ca call 6e0f56b0 1276->1279 1281 6e0fd6cf-6e0fd6d5 call 6e0f6880 1279->1281 1283 6e0fd6da-6e0fd6e0 1281->1283 1283->1261 1284->1274 1285->1274
                                          APIs
                                          • VariantInit.OLEAUT32 ref: 6E0FD4B3
                                          • VariantInit.OLEAUT32 ref: 6E0FD4C5
                                          • VariantInit.OLEAUT32(?), ref: 6E0FD4CC
                                          • _malloc.LIBCMT ref: 6E0FD551
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0FD58B
                                          • SafeArrayCreateVector.OLEAUT32 ref: 6E0FD5A6
                                          • SafeArrayAccessData.OLEAUT32 ref: 6E0FD5B8
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FD601
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FD63E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                          • String ID:
                                          • API String ID: 2723946344-0
                                          • Opcode ID: c0ce6ca29514e8eac2ca1415f379fa9cfe9c87a0d9af89397795a63136a02658
                                          • Instruction ID: adad355b4916dd2317baacbf34d623784665d9ce6d00b78470044f5a90a15198
                                          • Opcode Fuzzy Hash: c0ce6ca29514e8eac2ca1415f379fa9cfe9c87a0d9af89397795a63136a02658
                                          • Instruction Fuzzy Hash: F99133B5608302DFD314CFA8C880B5AB7F9BF89704F14895DE8998B251E771E946CF92
                                          Function 6E0F44C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1286 6e0f44c0-6e0f4538 VariantInit * 2 SafeArrayCreateVector 1287 6e0f453a-6e0f453d 1286->1287 1288 6e0f4542-6e0f4564 SafeArrayPutElement VariantClear 1286->1288 1287->1288 1289 6e0f476f-6e0f4774 1288->1289 1290 6e0f456a-6e0f4598 SafeArrayCreateVector SafeArrayPutElement 1288->1290 1291 6e0f477d-6e0f479b VariantClear * 2 1289->1291 1292 6e0f4776-6e0f4777 SafeArrayDestroy 1289->1292 1290->1289 1293 6e0f459e-6e0f45b9 SafeArrayPutElement 1290->1293 1294 6e0f479d-6e0f47ad 1291->1294 1295 6e0f47b0-6e0f47c4 1291->1295 1292->1291 1293->1289 1296 6e0f45bf-6e0f45d2 SafeArrayPutElement 1293->1296 1294->1295 1296->1289 1297 6e0f45d8-6e0f45e3 1296->1297 1298 6e0f45ef-6e0f4604 1297->1298 1299 6e0f45e5-6e0f45ea call 6e14c1e0 1297->1299 1298->1289 1302 6e0f460a-6e0f4615 1298->1302 1299->1298 1302->1289 1303 6e0f461b-6e0f469f 1302->1303 1310 6e0f46a1-6e0f471f 1303->1310 1316 6e0f4721-6e0f4758 1310->1316 1319 6e0f475f-6e0f476a call 6e0fde60 1316->1319 1320 6e0f475a call 6e13919e 1316->1320 1322 6e0f476c 1319->1322 1320->1319 1322->1289
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F44FF
                                          • VariantInit.OLEAUT32(?), ref: 6E0F4505
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0F4516
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0F4551
                                          • VariantClear.OLEAUT32(?), ref: 6E0F455A
                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6E0F4579
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0F4594
                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6E0F45B5
                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6E0F45CE
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0F475A
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F4777
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4787
                                          • VariantClear.OLEAUT32(?), ref: 6E0F478D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                          • String ID:
                                          • API String ID: 1304965753-0
                                          • Opcode ID: 45e9d34b4510753340de2e76d0093093e3373a7f12889db881d2f6a4f6ec381a
                                          • Instruction ID: 49fbc7f62fcc069b22f5a1714c9c350ceee5271ee6ea12b3c85e0b633c32bf02
                                          • Opcode Fuzzy Hash: 45e9d34b4510753340de2e76d0093093e3373a7f12889db881d2f6a4f6ec381a
                                          • Instruction Fuzzy Hash: 57A13E75A00606EBDB54DBD4C984EAFB7B9BF8C710F144528E906AB781D634F942CB60
                                          Function 6E0FBF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1324 6e0fbf00-6e0fbf6a VariantInit * 4 1325 6e0fbf6c-6e0fbf71 1324->1325 1326 6e0fbf74-6e0fbf86 1324->1326 1325->1326 1327 6e0fbf88-6e0fbf8d 1326->1327 1328 6e0fbf90-6e0fbfbb call 6e0fc150 1326->1328 1327->1328 1331 6e0fc0c4-6e0fc0cd 1328->1331 1332 6e0fbfc1-6e0fbfdf call 6e0fc150 1328->1332 1333 6e0fc0cf-6e0fc0df 1331->1333 1334 6e0fc0e2-6e0fc149 call 6e13a1f7 * 2 VariantClear * 4 call 6e13948b 1331->1334 1332->1331 1339 6e0fbfe5-6e0fc019 call 6e0fdc40 1332->1339 1333->1334 1345 6e0fc01b-6e0fc01e 1339->1345 1346 6e0fc020-6e0fc029 1339->1346 1348 6e0fc035-6e0fc037 call 6e0f44c0 1345->1348 1349 6e0fc02e 1346->1349 1350 6e0fc02b-6e0fc02c 1346->1350 1353 6e0fc03c-6e0fc03e 1348->1353 1352 6e0fc030-6e0fc032 1349->1352 1350->1352 1352->1348 1353->1331 1354 6e0fc044-6e0fc05c VariantInit VariantCopy 1353->1354 1356 6e0fc05e-6e0fc05f call 6e14c1e0 1354->1356 1357 6e0fc064-6e0fc07a 1354->1357 1356->1357 1357->1331 1360 6e0fc07c-6e0fc094 VariantInit VariantCopy 1357->1360 1361 6e0fc09c-6e0fc0af 1360->1361 1362 6e0fc096-6e0fc097 call 6e14c1e0 1360->1362 1361->1331 1365 6e0fc0b1-6e0fc0c0 1361->1365 1362->1361 1365->1331
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Init$Clear$Copy
                                          • String ID:
                                          • API String ID: 3833040332-0
                                          • Opcode ID: 3fdd51dc12e7289d274551c8569d1df150424da171dbd39008a698432b734185
                                          • Instruction ID: 8128707191ba50473a6acb0d6deba945ce44dbe4514e98ecc2396a6d1437ffad
                                          • Opcode Fuzzy Hash: 3fdd51dc12e7289d274551c8569d1df150424da171dbd39008a698432b734185
                                          • Instruction Fuzzy Hash: 68816C71900219EFDB04DFE8C884FEEBBB9FF49304F148559E905AB240DB75A916CB94
                                          Function 6E0F64D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1366 6e0f64d0-6e0f6552 VariantInit * 3 SafeArrayCreateVector 1367 6e0f655c-6e0f657e SafeArrayPutElement VariantClear 1366->1367 1368 6e0f6554-6e0f6559 1366->1368 1369 6e0f6584-6e0f65a1 1367->1369 1370 6e0f6661-6e0f6663 1367->1370 1368->1367 1371 6e0f65ab-6e0f65c7 SafeArrayPutElement VariantClear 1369->1371 1372 6e0f65a3-6e0f65a6 1369->1372 1373 6e0f666c-6e0f669d VariantClear * 3 1370->1373 1374 6e0f6665-6e0f6666 SafeArrayDestroy 1370->1374 1371->1370 1375 6e0f65cd-6e0f65db 1371->1375 1372->1371 1374->1373 1376 6e0f65dd-6e0f65e2 call 6e14c1e0 1375->1376 1377 6e0f65e7-6e0f6613 1375->1377 1376->1377 1389 6e0f6616 call 119d149 1377->1389 1390 6e0f6616 call 119d148 1377->1390 1379 6e0f6618-6e0f661a 1379->1370 1380 6e0f661c-6e0f6628 1379->1380 1380->1370 1381 6e0f662a-6e0f663c call 6e0edb30 1380->1381 1381->1370 1384 6e0f663e-6e0f6650 call 6e0f56b0 call 6e0f6880 1381->1384 1388 6e0f6655-6e0f665c 1384->1388 1388->1370 1389->1379 1390->1379
                                          APIs
                                          • VariantInit.OLEAUT32 ref: 6E0F650C
                                          • VariantInit.OLEAUT32(?), ref: 6E0F6519
                                          • VariantInit.OLEAUT32(?), ref: 6E0F6520
                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6E0F6531
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F656D
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6576
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F65B6
                                          • VariantClear.OLEAUT32(?), ref: 6E0F65BF
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F6666
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6677
                                          • VariantClear.OLEAUT32(?), ref: 6E0F667E
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6685
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                          • String ID:
                                          • API String ID: 1625659656-0
                                          • Opcode ID: 46d2a847a05e502e0d203469d2bd30dccc38e9f494a05bdc9c8c515029e3f820
                                          • Instruction ID: 41b234ea61323ef9e29c36d9388983f00bc79ff19e6b260076d5921ecdf5ff0b
                                          • Opcode Fuzzy Hash: 46d2a847a05e502e0d203469d2bd30dccc38e9f494a05bdc9c8c515029e3f820
                                          • Instruction Fuzzy Hash: EB514BB21187069FC700DFA4D880A5BBBF8EFC9714F108A1DF9559B250EB71E916CB92
                                          Function 6E0FCB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1391 6e0fcb90-6e0fcc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1392 6e0fcce7-6e0fcce9 1391->1392 1393 6e0fcc17-6e0fcc4b SafeArrayPutElement VariantClear 1391->1393 1395 6e0fcceb-6e0fccec SafeArrayDestroy 1392->1395 1396 6e0fccf2-6e0fcd18 VariantClear * 2 1392->1396 1393->1392 1394 6e0fcc51-6e0fcc61 SafeArrayPutElement 1393->1394 1394->1392 1397 6e0fcc67-6e0fcc7b SafeArrayPutElement 1394->1397 1395->1396 1397->1392 1398 6e0fcc7d-6e0fcc8e 1397->1398 1399 6e0fcc9a-6e0fccc8 1398->1399 1400 6e0fcc90-6e0fcc95 call 6e14c1e0 1398->1400 1405 6e0fccc9 call 119d149 1399->1405 1406 6e0fccc9 call 119d148 1399->1406 1400->1399 1402 6e0fcccb-6e0fcccd 1402->1392 1403 6e0fcccf-6e0fcce1 1402->1403 1403->1392 1404 6e0fcce3 1403->1404 1404->1392 1405->1402 1406->1402
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FCBCA
                                          • VariantInit.OLEAUT32(?), ref: 6E0FCBD3
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0FCBE4
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0FCBF6
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FCC0D
                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6E0FCC39
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCC42
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E0FCC5D
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E0FCC77
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0FCCEC
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCCFC
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCD02
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                          • String ID:
                                          • API String ID: 3548156019-0
                                          • Opcode ID: abd4bca3c8a85960601500a9879cc019c82c936c84521b0d38552e7e730f64b9
                                          • Instruction ID: deea80cf1e0ad369b18e42dceabf77fd8982c4c103c18764c8c5b7fbeb9fd20c
                                          • Opcode Fuzzy Hash: abd4bca3c8a85960601500a9879cc019c82c936c84521b0d38552e7e730f64b9
                                          • Instruction Fuzzy Hash: B9513EB5D0024ADFDB00DFA4C885EDEBBB8FF49710F04815AEA15A7341D771A956CBA0
                                          Function 6E0EA350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1407 6e0ea350-6e0ea3bd VariantInit * 3 call 6e0f38e0 1410 6e0ea505-6e0ea528 VariantClear * 3 1407->1410 1411 6e0ea3c3-6e0ea3d6 1407->1411 1412 6e0ea52a-6e0ea52d 1410->1412 1413 6e0ea532-6e0ea546 1410->1413 1414 6e0ea3d8-6e0ea3dd 1411->1414 1415 6e0ea3e0-6e0ea3f7 VariantCopy 1411->1415 1412->1413 1414->1415 1416 6e0ea3ff-6e0ea411 VariantClear 1415->1416 1417 6e0ea3f9-6e0ea3fa call 6e14c1e0 1415->1417 1419 6e0ea41d-6e0ea42b 1416->1419 1420 6e0ea413-6e0ea418 call 6e14c1e0 1416->1420 1417->1416 1422 6e0ea42d-6e0ea42f 1419->1422 1423 6e0ea431-6e0ea433 1419->1423 1420->1419 1424 6e0ea436-6e0ea43a 1422->1424 1423->1424 1425 6e0ea43c-6e0ea43e 1424->1425 1426 6e0ea440 1424->1426 1427 6e0ea442-6e0ea477 1425->1427 1426->1427 1443 6e0ea47a call 119d149 1427->1443 1444 6e0ea47a call 119d148 1427->1444 1428 6e0ea47c-6e0ea47e 1428->1410 1429 6e0ea484-6e0ea493 1428->1429 1430 6e0ea49f-6e0ea4b0 1429->1430 1431 6e0ea495-6e0ea49a call 6e14c1e0 1429->1431 1433 6e0ea4b6-6e0ea4b8 1430->1433 1434 6e0ea4b2-6e0ea4b4 1430->1434 1431->1430 1435 6e0ea4bb-6e0ea4bf 1433->1435 1434->1435 1436 6e0ea4c5 1435->1436 1437 6e0ea4c1-6e0ea4c3 1435->1437 1438 6e0ea4c7-6e0ea503 1436->1438 1437->1438 1438->1410 1440 6e0ea549-6e0ea578 VariantClear * 3 1438->1440 1441 6e0ea57a-6e0ea57f 1440->1441 1442 6e0ea582-6e0ea596 1440->1442 1441->1442 1443->1428 1444->1428
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$Init$Copy
                                          • String ID:
                                          • API String ID: 3214764494-0
                                          • Opcode ID: efff67c3f812246af740aba7f90b4886499d72b781770a5589a70a427d684d20
                                          • Instruction ID: 71d38b563ac1b76f76b4ff3b073e754cbdff6a75f6056ffe50d82f536c62c0fd
                                          • Opcode Fuzzy Hash: efff67c3f812246af740aba7f90b4886499d72b781770a5589a70a427d684d20
                                          • Instruction Fuzzy Hash: F27116B26083419FD700DFA9C884B5AB7F8EF89710F10896DFA55CB291D731E905CB62
                                          Function 6E0FCD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1499 6e0fcd20-6e0fcd97 VariantInit * 3 SafeArrayCreateVector 1500 6e0fcd99-6e0fcd9c 1499->1500 1501 6e0fcda1-6e0fcdc0 SafeArrayPutElement VariantClear 1499->1501 1500->1501 1502 6e0fcdc6-6e0fcdd1 1501->1502 1503 6e0fd2a0-6e0fd2a2 1501->1503 1504 6e0fcddd-6e0fcdef 1502->1504 1505 6e0fcdd3-6e0fcdd8 call 6e14c1e0 1502->1505 1506 6e0fd2ab-6e0fd2d7 VariantClear * 3 1503->1506 1507 6e0fd2a4-6e0fd2a5 SafeArrayDestroy 1503->1507 1504->1503 1510 6e0fcdf5-6e0fce01 1504->1510 1505->1504 1507->1506 1510->1503 1511 6e0fce07-6e0fcea4 1510->1511 1519 6e0fceba-6e0fcf2b 1511->1519 1520 6e0fcea6-6e0fceb7 1511->1520 1526 6e0fcf2d-6e0fcf3e 1519->1526 1527 6e0fcf41-6e0fd222 1519->1527 1520->1519 1526->1527 1562 6e0fd22e-6e0fd25c 1527->1562 1563 6e0fd224-6e0fd229 call 6e14c1e0 1527->1563 1566 6e0fd25e-6e0fd269 1562->1566 1567 6e0fd29d 1562->1567 1563->1562 1566->1567 1568 6e0fd26b-6e0fd27b call 6e0edb30 1566->1568 1567->1503 1568->1567 1571 6e0fd27d-6e0fd28d call 6e0f56b0 call 6e0f6880 1568->1571 1575 6e0fd292-6e0fd299 1571->1575 1575->1567
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FCD5C
                                          • VariantInit.OLEAUT32(?), ref: 6E0FCD65
                                          • VariantInit.OLEAUT32(?), ref: 6E0FCD6B
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FCD76
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FCDAA
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCDB7
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0FD2A5
                                          • VariantClear.OLEAUT32(?), ref: 6E0FD2B5
                                          • VariantClear.OLEAUT32(?), ref: 6E0FD2BB
                                          • VariantClear.OLEAUT32(?), ref: 6E0FD2C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 2515392200-0
                                          • Opcode ID: 8702a6c5c63640af0ab78bc6ea6f5d32ca9f9b064190f2e29e161292105475fc
                                          • Instruction ID: a30832c613efd8c3c52af35a22b86c0b8ee981cfcea458988b9cd3cf8fd3ee69
                                          • Opcode Fuzzy Hash: 8702a6c5c63640af0ab78bc6ea6f5d32ca9f9b064190f2e29e161292105475fc
                                          • Instruction Fuzzy Hash: 4812E675615706AFC758DBD4DD94DAAB3B9BF8C300F144668F90A9BB91CA30F841CB90
                                          Function 6E0F66A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1576 6e0f66a0-6e0f6725 VariantInit * 2 SafeArrayCreateVector 1577 6e0f672f-6e0f674f SafeArrayPutElement VariantClear 1576->1577 1578 6e0f6727-6e0f672a 1576->1578 1579 6e0f6755-6e0f6772 1577->1579 1580 6e0f6844-6e0f6846 1577->1580 1578->1577 1581 6e0f677c-6e0f679c SafeArrayPutElement VariantClear 1579->1581 1582 6e0f6774-6e0f6779 1579->1582 1583 6e0f684f-6e0f6878 VariantClear * 2 1580->1583 1584 6e0f6848-6e0f6849 SafeArrayDestroy 1580->1584 1581->1580 1585 6e0f67a2-6e0f67b0 1581->1585 1582->1581 1584->1583 1586 6e0f67bc-6e0f67ef 1585->1586 1587 6e0f67b2-6e0f67b7 call 6e14c1e0 1585->1587 1599 6e0f67f2 call 119d149 1586->1599 1600 6e0f67f2 call 119d148 1586->1600 1587->1586 1589 6e0f67f4-6e0f67f6 1589->1580 1590 6e0f67f8-6e0f6805 1589->1590 1590->1580 1591 6e0f6807-6e0f681c call 6e0edb30 1590->1591 1591->1580 1594 6e0f681e-6e0f683f call 6e0f56b0 call 6e0f6880 1591->1594 1594->1580 1599->1589 1600->1589
                                          APIs
                                          • VariantInit.OLEAUT32 ref: 6E0F66DB
                                          • VariantInit.OLEAUT32 ref: 6E0F66EA
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0F6700
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F673A
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6747
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F6787
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6794
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F6849
                                          • VariantClear.OLEAUT32(?), ref: 6E0F685A
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6861
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                          • String ID:
                                          • API String ID: 551789342-0
                                          • Opcode ID: 8fa336dc5421c0d61b3cee74f689c0e7a88d116fbcf60410109f919c63011126
                                          • Instruction ID: e1307f0b5438674edf177ef09a8ec348a3bfd59037e6114d0589e7783666153e
                                          • Opcode Fuzzy Hash: 8fa336dc5421c0d61b3cee74f689c0e7a88d116fbcf60410109f919c63011126
                                          • Instruction Fuzzy Hash: 52515C76504606DFC700CFA4C884B9BBBE9EFC9714F108A5DF9559B250DB30E916CBA2
                                          Function 6E0F840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1601 6e0f840e-6e0f8413 call 6e14c1e0 1603 6e0f8418-6e0f841f 1601->1603 1691 6e0f8422 call 119d149 1603->1691 1692 6e0f8422 call 119d148 1603->1692 1604 6e0f8424-6e0f8426 1605 6e0f842c-6e0f8443 call 6e0edfb0 1604->1605 1606 6e0fae53-6e0fae60 1604->1606 1605->1606 1615 6e0f8449-6e0f8454 1605->1615 1607 6e0fae68-6e0fae70 1606->1607 1608 6e0fae62-6e0fae65 SafeArrayDestroy 1606->1608 1610 6e0fae7b-6e0fae83 1607->1610 1611 6e0fae72-6e0fae75 SafeArrayDestroy 1607->1611 1608->1607 1613 6e0fae8e-6e0fae96 1610->1613 1614 6e0fae85-6e0fae88 SafeArrayDestroy 1610->1614 1611->1610 1616 6e0fae98-6e0fae9b SafeArrayDestroy 1613->1616 1617 6e0faea1-6e0faea9 1613->1617 1614->1613 1618 6e0f8456-6e0f8461 1615->1618 1619 6e0f8464-6e0f846f 1615->1619 1616->1617 1622 6e0faeab-6e0faeae SafeArrayDestroy 1617->1622 1623 6e0faeb4-6e0faebc 1617->1623 1618->1619 1620 6e0f847f-6e0f8487 1619->1620 1621 6e0f8471-6e0f847c 1619->1621 1626 6e0f8489-6e0f848e call 6e14c1e0 1620->1626 1627 6e0f8493-6e0f84a9 1620->1627 1621->1620 1622->1623 1624 6e0faebe-6e0faec1 SafeArrayDestroy 1623->1624 1625 6e0faec7-6e0faed3 1623->1625 1624->1625 1628 6e0faedd-6e0faef8 call 6e13948b 1625->1628 1629 6e0faed5-6e0faeda 1625->1629 1626->1627 1627->1606 1634 6e0f84af-6e0f84e7 SafeArrayGetLBound SafeArrayGetUBound 1627->1634 1629->1628 1635 6e0f84ed-6e0f8512 SafeArrayGetElement 1634->1635 1636 6e0f8616-6e0f862d call 6e0edfb0 1634->1636 1638 6e0f8758-6e0f8761 1635->1638 1639 6e0f8518-6e0f8523 1635->1639 1636->1606 1644 6e0f8633-6e0f864d call 6e0edfb0 1636->1644 1638->1606 1640 6e0f8767-6e0f876f 1638->1640 1642 6e0f852d-6e0f853b 1639->1642 1643 6e0f8525-6e0f8528 1639->1643 1640->1606 1645 6e0f853d-6e0f8542 1642->1645 1646 6e0f8545-6e0f855a 1642->1646 1643->1642 1644->1606 1654 6e0f8653-6e0f866d call 6e0edfb0 1644->1654 1645->1646 1647 6e0f855c-6e0f8561 1646->1647 1648 6e0f8564-6e0f8582 call 6e0f3a90 1646->1648 1647->1648 1655 6e0f858f-6e0f85ab call 6e0f3a90 1648->1655 1656 6e0f8584-6e0f858d 1648->1656 1654->1606 1663 6e0f8673-6e0f868c call 6e0edfb0 1654->1663 1665 6e0f85be-6e0f85f6 call 6e13a1f7 * 2 1655->1665 1666 6e0f85ad-6e0f85b0 1655->1666 1658 6e0f85b6-6e0f85b9 call 6e0ead80 1656->1658 1658->1665 1663->1606 1670 6e0f8692-6e0f86ac call 6e0edfb0 1663->1670 1675 6e0f85f8-6e0f85fd 1665->1675 1676 6e0f8600-6e0f8610 1665->1676 1666->1658 1670->1606 1677 6e0f86b2-6e0f86d1 call 6e0f69c0 1670->1677 1675->1676 1676->1635 1676->1636 1677->1606 1680 6e0f86d7-6e0f86f7 call 6e0f69c0 1677->1680 1680->1606 1683 6e0f86fd-6e0f870b 1680->1683 1684 6e0f870d-6e0f8712 1683->1684 1685 6e0f8715-6e0f8753 call 6e0f69c0 call 6e13a1f7 1683->1685 1684->1685 1685->1606 1691->1604 1692->1604
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F84BF
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F84D2
                                          • SafeArrayGetElement.OLEAUT32 ref: 6E0F850A
                                            • Part of subcall function 6E0F3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F3B71
                                            • Part of subcall function 6E0F3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F3B83
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0EDFF6
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0EE003
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0EE02F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$Destroy$Element
                                          • String ID:
                                          • API String ID: 959723449-0
                                          • Opcode ID: eb38f4df922489995bb3aec6efdb2abcfc1ecd9a750f65b69f8ea7a46ddd70aa
                                          • Instruction ID: 2b115ef7af1431e12bd949f1ac6c057b250f85eac32cb38816c6f63701060b61
                                          • Opcode Fuzzy Hash: eb38f4df922489995bb3aec6efdb2abcfc1ecd9a750f65b69f8ea7a46ddd70aa
                                          • Instruction Fuzzy Hash: E6C16070A00205DFDB50CFA8CC90FADB7B9AF85708F248598E919EB286D771E951CF50
                                          Function 6E0F4170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F41AF
                                          • VariantInit.OLEAUT32(?), ref: 6E0F41B5
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0F41C0
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0F41F5
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4201
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0F4450
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F446D
                                          • VariantClear.OLEAUT32(?), ref: 6E0F447D
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4483
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                          • String ID:
                                          • API String ID: 1774866819-0
                                          • Opcode ID: 570a677083cababa88b1a36b521f97d29b952e5cdaf43ee1f900a198e8f0ddc7
                                          • Instruction ID: b16da2225480ae362ada1af95f6005a30fad966f7e62589e7de64af844026239
                                          • Opcode Fuzzy Hash: 570a677083cababa88b1a36b521f97d29b952e5cdaf43ee1f900a198e8f0ddc7
                                          • Instruction Fuzzy Hash: 74B11975600609EFCB14DF98C984EEAB7F5BF8D310F158568E906AB791DA34F841CB60
                                          Function 6E0FC530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FC56F
                                          • VariantInit.OLEAUT32(?), ref: 6E0FC575
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FC580
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0FC5B5
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC5C1
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0FC7D4
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FC7F1
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC801
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC807
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                          • String ID:
                                          • API String ID: 1774866819-0
                                          • Opcode ID: af1ef68a288a68790ff4693e46ce1f89371f7fe4e8507f535cefb05c51c5559d
                                          • Instruction ID: 7c01c5fcd42cec6eeaf6dc4a7ac75bb7aa4496171b877b2c002a569c6909c8d9
                                          • Opcode Fuzzy Hash: af1ef68a288a68790ff4693e46ce1f89371f7fe4e8507f535cefb05c51c5559d
                                          • Instruction Fuzzy Hash: D7A13975A00609DFCB14DF98C884EEAB7F9BF8D310F15856DE506AB791DA34B841CB60
                                          Function 6E0F6880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F68B2
                                          • VariantInit.OLEAUT32(?), ref: 6E0F68BD
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0F68D7
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F68FD
                                          • VariantClear.OLEAUT32(?), ref: 6E0F6909
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F6923
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F6981
                                          • VariantClear.OLEAUT32(?), ref: 6E0F699E
                                          • VariantClear.OLEAUT32(?), ref: 6E0F69A4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                          • String ID:
                                          • API String ID: 3529038988-0
                                          • Opcode ID: c8d30bd1b5e2395835dbb3a12dbac42277bdd009c26b183762f88b2c04645481
                                          • Instruction ID: f5145b5cf1cee6407530bfb3b207e2f32d0519847a3bfbdc69c35fae2b93869e
                                          • Opcode Fuzzy Hash: c8d30bd1b5e2395835dbb3a12dbac42277bdd009c26b183762f88b2c04645481
                                          • Instruction Fuzzy Hash: BC4162B2900619DFDB00DFA4C884BEFBBB8FF59710F148119E905A7340E775A906DBA1
                                          Function 6E0EC020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ClearInit
                                          • String ID:
                                          • API String ID: 2610073882-0
                                          • Opcode ID: 63c297e22fc12afb6d37a375136f5ceb26306c238931ff7671b56aca01198599
                                          • Instruction ID: b3866c954da5f5f3af2e177158ee7870bca635e4af059b1351debbde7c1b02d2
                                          • Opcode Fuzzy Hash: 63c297e22fc12afb6d37a375136f5ceb26306c238931ff7671b56aca01198599
                                          • Instruction Fuzzy Hash: 45C156716087419FC300CFA8C8C0A5ABBE9BFC9704F248A5DF5A49B365D736E845CB92
                                          Function 6E0F6B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6E0F6C8B
                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6E0F6CA6
                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6E0F6CC7
                                            • Part of subcall function 6E0F5760: std::tr1::_Xweak.LIBCPMT ref: 6E0F5769
                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6E0F6CF9
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F6F13
                                          • InterlockedCompareExchange.KERNEL32(6E17C6A4,45524548,4B4F4F4C), ref: 6E0F6F34
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                          • String ID:
                                          • API String ID: 2722669376-0
                                          • Opcode ID: cf18914c2f1c95b645110fa9ce3ae939aca598eba3d3b3d988b56cdfedbaccad
                                          • Instruction ID: 4d38f88149b49cb68e27ff0385ab51fd6432793bfa483f449057ce297bda3540
                                          • Opcode Fuzzy Hash: cf18914c2f1c95b645110fa9ce3ae939aca598eba3d3b3d988b56cdfedbaccad
                                          • Instruction Fuzzy Hash: E0D10FB1A10205DFDB10CFE4C8A0BEEB7F8BF45304F148968E906AB281D770E955CBA0
                                          Function 6E0E16B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0E1B53
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0E1B5D
                                          • std::exception::exception.LIBCMT ref: 6E0E1C43
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E1C58
                                          Strings
                                          • invalid vector<T> subscript, xrefs: 6E0E1B58
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                          • String ID: invalid vector<T> subscript
                                          • API String ID: 3098024973-3016609489
                                          • Opcode ID: fbc7c8622c9214024503a0e4325562bf1b68daedd0d01946aa031253374e2b75
                                          • Instruction ID: afb49516e07f7c68eda5b527371f47a03110189c32fe20daa211d3b40205b810
                                          • Opcode Fuzzy Hash: fbc7c8622c9214024503a0e4325562bf1b68daedd0d01946aa031253374e2b75
                                          • Instruction Fuzzy Hash: 4B223C71C0070A9FCB14CFE4C4909DEBBF9BF44314F148A6ED55AAB654E774AA88CB90
                                          Function 6E0EDB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(6E0F31EC), ref: 6E0EDB5E
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0EDB6E
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0EDB82
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0EDBF1
                                          • VariantClear.OLEAUT32(?), ref: 6E0EDBFB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                          • String ID:
                                          • API String ID: 182531043-0
                                          • Opcode ID: 3db2578bb0b319e23a1b84de3533310556f2f0a34887aeffd01ee838b81a2e77
                                          • Instruction ID: b8cdb46a5f77f09f3b501d5fdbb0b0dda3e445692dbbafc75eb6af4cd05a171e
                                          • Opcode Fuzzy Hash: 3db2578bb0b319e23a1b84de3533310556f2f0a34887aeffd01ee838b81a2e77
                                          • Instruction Fuzzy Hash: FF3150B6A00605DFD700DFA4C884EEAB7F9EF89750F158169E911AB740D735A901DFA0
                                          Function 6E13A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: T@12
                                          • String ID: a0
                                          • API String ID: 456891419-3188653782
                                          • Opcode ID: 913c96dd53c169e413fdec47c1a505373a0f256ee020283c6bae9e783fa2d6e1
                                          • Instruction ID: f019bc4d236c9d9cb41be7529fb486c39b8b8d2238a2fd74fd2742e432eaa961
                                          • Opcode Fuzzy Hash: 913c96dd53c169e413fdec47c1a505373a0f256ee020283c6bae9e783fa2d6e1
                                          • Instruction Fuzzy Hash: 611127B0D10273AADF709AF64C5CFAF7BBCAB92754F349414A425E6141D738C9C1EAA0
                                          Function 6E139BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                          Download Yara Rule
                                          APIs
                                          • _malloc.LIBCMT ref: 6E139BCF
                                            • Part of subcall function 6E139D66: __FF_MSGBANNER.LIBCMT ref: 6E139D7F
                                            • Part of subcall function 6E139D66: __NMSG_WRITE.LIBCMT ref: 6E139D86
                                            • Part of subcall function 6E139D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E139DAB
                                          • std::exception::exception.LIBCMT ref: 6E139C04
                                          • std::exception::exception.LIBCMT ref: 6E139C1E
                                          • __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                          • String ID:
                                          • API String ID: 615853336-0
                                          • Opcode ID: bd6a33a87a963bced6acccf1637b3a7c585dbefcf1f8e460604557f1aac8eae3
                                          • Instruction ID: 695d6e8554d14ceeadaa70e4dd0022bec4bd5688c48e682ce3116b49a183af43
                                          • Opcode Fuzzy Hash: bd6a33a87a963bced6acccf1637b3a7c585dbefcf1f8e460604557f1aac8eae3
                                          • Instruction Fuzzy Hash: A4F0D1B140053AAADF40EBD4C834EDE7ABDAB01B18B300909D422A628CCF708ED1B650
                                          Function 6E0E6C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6E0E6C73
                                          • SafeArrayAccessData.OLEAUT32(00000000,6E0E6C3C), ref: 6E0E6C87
                                          • _memmove.LIBCMT ref: 6E0E6C9A
                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6E0E6CA3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                          • String ID:
                                          • API String ID: 3147195435-0
                                          • Opcode ID: e92118f125bc6548ef89324ade83b67295bf94b1ac0e49294681591806656419
                                          • Instruction ID: 55625b11ecb4517eaa522d59a18d7a0f59cd8b7cf4f00377945d68addc6a7bab
                                          • Opcode Fuzzy Hash: e92118f125bc6548ef89324ade83b67295bf94b1ac0e49294681591806656419
                                          • Instruction Fuzzy Hash: 70F054B52102187BDB105F91DC85F973B6CEF86750F00C115FA198A140D671D5109BA1
                                          Function 6E101FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E102206
                                          • __CxxThrowException@8.LIBCMT ref: 6E102221
                                            • Part of subcall function 6E106480: __CxxThrowException@8.LIBCMT ref: 6E106518
                                            • Part of subcall function 6E106480: __CxxThrowException@8.LIBCMT ref: 6E106558
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                          • String ID: ILProtector
                                          • API String ID: 84431791-1153028812
                                          • Opcode ID: 71f14436aa95ca5f1efc3d900599254ea59e3681f03978ee83b071df5ca6a6de
                                          • Instruction ID: 1ca9608e850bdc89968db599799c8a37eba89659a42eb9498e5d88dc26f0098d
                                          • Opcode Fuzzy Hash: 71f14436aa95ca5f1efc3d900599254ea59e3681f03978ee83b071df5ca6a6de
                                          • Instruction Fuzzy Hash: 347139B5904259DFCB14CFA8C894BDEBBB8FF49300F1085AAE419A7340DB306A84DF91
                                          Function 6E0E9110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6E0E913B
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6E0E915C
                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6E0E9170
                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6E0E9191
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: bb6cbbdf9395e83b586aeae37343949d335838601e13caa6c4eca3f805bb1abe
                                          • Instruction ID: c6a23ae1d8ef47bf32251594d3f5eb95f1c5c78b8115119c984bf45b40deba15
                                          • Opcode Fuzzy Hash: bb6cbbdf9395e83b586aeae37343949d335838601e13caa6c4eca3f805bb1abe
                                          • Instruction Fuzzy Hash: AD4153B69002099FCB04DF94D5849EEBBF4FF88310B5185AED916A7600D730AA05CFE1
                                          Function 6E0E8E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32 ref: 6E0E8E89
                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6E0E8EAD
                                          • _memset.LIBCMT ref: 6E0E8ED2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave_memset
                                          • String ID:
                                          • API String ID: 3751686142-0
                                          • Opcode ID: 181d6a41d2e456383d79076b2854d4e00d2d8ed5cd501516538192f52dce824a
                                          • Instruction ID: 4dab9740f9ecd589fd2270d85fbc2e5ce2665a323e4c3c6255888f4009b15f47
                                          • Opcode Fuzzy Hash: 181d6a41d2e456383d79076b2854d4e00d2d8ed5cd501516538192f52dce824a
                                          • Instruction Fuzzy Hash: 87514FB46002059FCB48CF98C490F9AB7B6FF89304F648569E91A9B781D731EE55CBA0
                                          Function 6E0ED920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6E0ED949
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6E0ED96C
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0ED9CF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 3149346722-0
                                          • Opcode ID: 6cb6de2872c28221d72698a532f9146eeae4ae854960f77484138c6a6b1fa69f
                                          • Instruction ID: ad7cdb36c7e9ae035f3d8365b74649106e1178a9fa043ce1e315aaf0305adb6d
                                          • Opcode Fuzzy Hash: 6cb6de2872c28221d72698a532f9146eeae4ae854960f77484138c6a6b1fa69f
                                          • Instruction Fuzzy Hash: D7219D75200615AFEB01CFA8CC94FAB77E8EF8A740F1080A8E945DB244D771E902DBA1
                                          Function 6E0FDB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FDB2D
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0FDB45
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0FDBA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 3149346722-0
                                          • Opcode ID: 438aa53bed72f70ea0ec84c8609cf9428c3b6517c537caeee32b642c5c8e2f4b
                                          • Instruction ID: 4a403e4791361ef487e22a5a09a7da41d6d742588770fdf8d024b15ddfd846e8
                                          • Opcode Fuzzy Hash: 438aa53bed72f70ea0ec84c8609cf9428c3b6517c537caeee32b642c5c8e2f4b
                                          • Instruction Fuzzy Hash: 97116D75641205EFD700DFA9C888F9ABBB8FF5A310F048199ED08DB341D731A926CBA1
                                          Function 6E103EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E104042
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          • __CxxThrowException@8.LIBCMT ref: 6E104059
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                          • String ID:
                                          • API String ID: 2813683038-0
                                          • Opcode ID: 258677735cfd857c7249de7f1318ac57f99959e22684453a41dbfdf030699e8a
                                          • Instruction ID: 2ef9993b1b22596b3cf70abe42544520b03763640caf3c785d414c1c375f89a0
                                          • Opcode Fuzzy Hash: 258677735cfd857c7249de7f1318ac57f99959e22684453a41dbfdf030699e8a
                                          • Instruction Fuzzy Hash: B891C1B19043049FD710CFD9C880B9EFBF8FF94740F14896AE5159B290EBB19A859B92
                                          Function 6E0EBDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0EBE2D
                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6E0EBE6D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroyReadSafe
                                          • String ID:
                                          • API String ID: 616443815-0
                                          • Opcode ID: 767daea5d131f0801dc3f5983d208e97b8190cb5fc0a0b86d1d0d07956259a94
                                          • Instruction ID: db067549a2b1ae1b047c4a26747f40b29b029d8b9c0de81ca3483fdd02085b12
                                          • Opcode Fuzzy Hash: 767daea5d131f0801dc3f5983d208e97b8190cb5fc0a0b86d1d0d07956259a94
                                          • Instruction Fuzzy Hash: 677112B09047974EEB71CEB48890769BBF1AB06260F148378D9A5A7BDEC731D442CF50
                                          Function 6E0E62C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0E6466
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E647D
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                          • String ID:
                                          • API String ID: 2299493649-0
                                          • Opcode ID: 620c2cd59f45e71a61ea6d9997bb848e43dd541ae432d13d122fef3e2881e90b
                                          • Instruction ID: e6ae4bc270bc7f8e5acb3afa1def9e905e5aac6190ba8d30b66b0b25551dbc11
                                          • Opcode Fuzzy Hash: 620c2cd59f45e71a61ea6d9997bb848e43dd541ae432d13d122fef3e2881e90b
                                          • Instruction Fuzzy Hash: AA517BB18183409FD710CFA8E891B5ABBE8BB85740F504D7EFA598B390D771D944CB92
                                          Function 6E0FD2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0FD3E8
                                          • __CxxThrowException@8.LIBCMT ref: 6E0FD3FF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                          • String ID:
                                          • API String ID: 4063778783-0
                                          • Opcode ID: 032e9da8f5163e1003ab2d42ffbd7e3eec52f79d6fbb901fae1dbf035f06b829
                                          • Instruction ID: 7a7169ac61aa85fa9e6019a07c404b260e4a44dd1db7062d340f6681dce91cd6
                                          • Opcode Fuzzy Hash: 032e9da8f5163e1003ab2d42ffbd7e3eec52f79d6fbb901fae1dbf035f06b829
                                          • Instruction Fuzzy Hash: ED316B715047059FCB04CF68C480A9ABBF4FF89714F608A2EF8558B350EB31E956CB92
                                          Function 6E0E8400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0E8449
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E845E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                          • String ID:
                                          • API String ID: 4063778783-0
                                          • Opcode ID: 8631d22c703ce58c30b00e5beb6d5fdd83f1e0453ec4ae0dfcdec769ea258026
                                          • Instruction ID: ea581e8c3948d6ff5f2d76baddb9132c04c67d330f349511543dddf4814a35e8
                                          • Opcode Fuzzy Hash: 8631d22c703ce58c30b00e5beb6d5fdd83f1e0453ec4ae0dfcdec769ea258026
                                          • Instruction Fuzzy Hash: 0E01C8B55002089FCB08DF94D4A0C9ABBF5FF54300B54C5BDD92A4B750DB30EA45CB91
                                          Function 054A2278 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: POcq$TJhq
                                          • API String ID: 0-2579739815
                                          • Opcode ID: 0aee3b55059abdabafae2fc4337259aae86d77900ecf895cc9564a795f71e7d8
                                          • Instruction ID: 4f1f291b7c3f1d6a929069a86d79d852060732f70ef8e4b9114eb9759a862944
                                          • Opcode Fuzzy Hash: 0aee3b55059abdabafae2fc4337259aae86d77900ecf895cc9564a795f71e7d8
                                          • Instruction Fuzzy Hash: 9741E971A082059FCB18DFB8D450AAEBBF6EFC5210F1584AAE515DB351DB70AC018B90
                                          Function 6E0E8D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6E0E8C13,?,6E0E8CD3,?,6E0E8C13,00000000,?,?,6E0E8C13,?,?), ref: 6E0E8D73
                                          • LeaveCriticalSection.KERNEL32(?,?,?,6E0E8CD3,?,6E0E8C13,00000000,?,?,6E0E8C13,?,?), ref: 6E0E8D8C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: f4bd50158c40a49ae9e7671938c60797a66779846f9df489d6030ec954d2f881
                                          • Instruction ID: 35f4093307a7058d206418d39123160106e70e6f1bb977ab0861785859394374
                                          • Opcode Fuzzy Hash: f4bd50158c40a49ae9e7671938c60797a66779846f9df489d6030ec954d2f881
                                          • Instruction Fuzzy Hash: AC211475200609AF8B04CF89D890DAEB3BAFFC8210B148559F90A87354CB30EE16DBA1
                                          Function 054A0046 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJhq$Tecq
                                          • API String ID: 0-1580033827
                                          • Opcode ID: 7d3a50b35b033cf6dc6768fa7a00a6346f302e1f15551a053c4e8e7957579a12
                                          • Instruction ID: 2bdd42a6c6f967b0129acfdf8ebdc9fff0e610eeb7f8f07ca75876ee2672a111
                                          • Opcode Fuzzy Hash: 7d3a50b35b033cf6dc6768fa7a00a6346f302e1f15551a053c4e8e7957579a12
                                          • Instruction Fuzzy Hash: 6B11B131B002155FCB18ABB9A4587BFBBA2FFC9250F14056DD61AA7390CF315D0987E2
                                          Function 054A0048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJhq$Tecq
                                          • API String ID: 0-1580033827
                                          • Opcode ID: dc64ace6174ddb1b01740856b01296cfead2eed26727228c4d73d8e068a8a11d
                                          • Instruction ID: cd25b91dca77aa7cf3106eac6e533e826e4cb3070fa7dbb3b8aa5505c955189c
                                          • Opcode Fuzzy Hash: dc64ace6174ddb1b01740856b01296cfead2eed26727228c4d73d8e068a8a11d
                                          • Instruction Fuzzy Hash: 7D11B131B002155BCB18ABB9945877FBAE6FFC9650F140569D61AA7390CF305D0587E2
                                          Function 6E0E8BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6E0E6890,?), ref: 6E0E8BDD
                                          • LeaveCriticalSection.KERNEL32(?), ref: 6E0E8C23
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: e40c063ecb1c65e552bd2eeb2e22f3d5f9242ca967b1819e2b67a8fa7d1d3fd8
                                          • Instruction ID: 9ee99f463b9aa80f000cab549ab99acd4b312eef4d3522a9eb3f846a8e744c18
                                          • Opcode Fuzzy Hash: e40c063ecb1c65e552bd2eeb2e22f3d5f9242ca967b1819e2b67a8fa7d1d3fd8
                                          • Instruction Fuzzy Hash: F101BCB1305104AFC740DFE8C890A9BF3E9FB892107104669E905C7700DB32ED61C7E0
                                          Function 05BA5EE4 Relevance: 1.8, APIs: 1, Instructions: 298processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05BA61BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: c74a969303fc8b45b9545894f386343b91e8e076085f77fde11f8a7eb52be85b
                                          • Instruction ID: b18795a9afe48dfa1cc4ce1a6263f7bc0bbb17d1a47caec8f0e15e0e8a230b80
                                          • Opcode Fuzzy Hash: c74a969303fc8b45b9545894f386343b91e8e076085f77fde11f8a7eb52be85b
                                          • Instruction Fuzzy Hash: 77B126B1D04218CFDF20CFA8C885BEEBBB1FB49300F1491A9E859A7284DB749985CF41
                                          Function 05BA5EF0 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05BA61BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 4b4ce292faccbafcbb19c95329898c6d42c2a5cd409c2f4628b6f22224d8238f
                                          • Instruction ID: fe775b1dd04670ac6b7885fa3a77e34603147ff5728a401e093f403839a8d655
                                          • Opcode Fuzzy Hash: 4b4ce292faccbafcbb19c95329898c6d42c2a5cd409c2f4628b6f22224d8238f
                                          • Instruction Fuzzy Hash: 01B125B1D04218CFDF20CFA8C885BEEBBB1FB49300F1491A9E859A7284DB749985CF41
                                          Function 6E0FE2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _malloc
                                          • String ID:
                                          • API String ID: 1579825452-0
                                          • Opcode ID: ae66d683bf8c4eeaa94a40428b6624ba2b9f6f2a735cc6b19d13adce13b3b403
                                          • Instruction ID: 1a4cda4553406134c8ac94ed0d6e6d41c005313901bada33401183f149beb90a
                                          • Opcode Fuzzy Hash: ae66d683bf8c4eeaa94a40428b6624ba2b9f6f2a735cc6b19d13adce13b3b403
                                          • Instruction Fuzzy Hash: FC81F2B0808341CFEB20DFE8C895B5EB7E4BB41354F144D3DEA598B290EB7494968B53
                                          Function 05BA6610 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05BA66E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: e1f917185a056088bb0a6a772a0feddc69fe6fd90306880ad1891134e1556dce
                                          • Instruction ID: c87acfb189c394dcd3507fc8647aed9f7b9bd14b45b1f953f485068855963687
                                          • Opcode Fuzzy Hash: e1f917185a056088bb0a6a772a0feddc69fe6fd90306880ad1891134e1556dce
                                          • Instruction Fuzzy Hash: FE4187B9D042589FCB10CFA9D984ADEFBF1FB49310F24902AE818BB250D375A945CF64
                                          Function 05BA660A Relevance: 1.6, APIs: 1, Instructions: 114injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05BA66E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 08b3c05e4d9a632c922ed71a02e5ce24d9fa847d0b246aef3d46f0277b84a0b0
                                          • Instruction ID: 45d11da67869aee58bac3982bbd121a32e86e5dad1339ee3a7f48763e730c1b9
                                          • Opcode Fuzzy Hash: 08b3c05e4d9a632c922ed71a02e5ce24d9fa847d0b246aef3d46f0277b84a0b0
                                          • Instruction Fuzzy Hash: 004178B9D042589FCB00CFA9D984AEDFBF1BB49310F24902AE818B7250D375A945CF64
                                          Function 05BA64F0 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05BA659C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 744fbb2c6b81ea0c2a29db60a0757826ecafbde304703944d1a37d66bf672e6e
                                          • Instruction ID: 4436f0e93304e8a1743d3a8b8c212013265c8c0fd15b9726830a39177e3fec3a
                                          • Opcode Fuzzy Hash: 744fbb2c6b81ea0c2a29db60a0757826ecafbde304703944d1a37d66bf672e6e
                                          • Instruction Fuzzy Hash: 543155B9D042589FCF10CFA9D984A9EFBB5FB59310F14901AE818B7214D735A941CF64
                                          Function 05BA64E8 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05BA659C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 1e416c37204715dfec0209fef3f30845372d03519e9339664215377ca820050e
                                          • Instruction ID: 92039166e55d2d2de965189ac533b145cf029f24beceddb576514863f1194196
                                          • Opcode Fuzzy Hash: 1e416c37204715dfec0209fef3f30845372d03519e9339664215377ca820050e
                                          • Instruction Fuzzy Hash: 113174B9D042589FCF10CFA9D984A9EFBB1FB19310F24A01AE818BB314D335A941CF64
                                          Function 6E0E7140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E102820: _malloc.LIBCMT ref: 6E102871
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0E71D2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xweak_mallocstd::tr1::_
                                          • String ID:
                                          • API String ID: 4085767713-0
                                          • Opcode ID: 21db616f92a4e724efe93b44e416b5606a2d4a881acab52d81335582bdc856fb
                                          • Instruction ID: 24c0738f62be7a9e488a9cacb513afb5eeb4a0ea6c298b438ae0a07bf56ecf94
                                          • Opcode Fuzzy Hash: 21db616f92a4e724efe93b44e416b5606a2d4a881acab52d81335582bdc856fb
                                          • Instruction Fuzzy Hash: B4319EB4A0474A9FCB10CFA9C890BABB7F9FF49204B14865DE81597785D731A905CB90
                                          Function 05BA63F0 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05BA647B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 362515d80b6fc211c3bbec16ddba6deb72b2b826c2a3577fb4431d26cbf85d4c
                                          • Instruction ID: 4016a7e06856d82f49c3419a5ca92fac97c2c6aafcd9bc72649ff22d1d2a488d
                                          • Opcode Fuzzy Hash: 362515d80b6fc211c3bbec16ddba6deb72b2b826c2a3577fb4431d26cbf85d4c
                                          • Instruction Fuzzy Hash: 9831CBB5D052589FCB10CFA9D584ADEFBF4EB09310F24905AE419B7350D735A944CF64
                                          Function 02DFC2F0 Relevance: 1.6, APIs: 1, Instructions: 80libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryW.KERNELBASE(?), ref: 02DFC392
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 906e796742be547aa0579276d825b34ec984f5ac4239ebf7be93e8a7d216af26
                                          • Instruction ID: 62f73622e5d547835e7a0783a073b892445b47b20b1b570c94b5d2f2e9aa3d25
                                          • Opcode Fuzzy Hash: 906e796742be547aa0579276d825b34ec984f5ac4239ebf7be93e8a7d216af26
                                          • Instruction Fuzzy Hash: 2231C9B4D002189FCB14CFAAD984ADEFBF5AF49314F14906AE918B7320D335A941CF68
                                          Function 05BA63EA Relevance: 1.6, APIs: 1, Instructions: 80threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05BA647B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: dd111bca22c2ccb35d57fde1f459c852e0c7d99e8ffeba1de86d011eb98bee55
                                          • Instruction ID: 3b0ae462369a05451bfa40644ebe8cd8f43011222bda166768a6043b92373d6f
                                          • Opcode Fuzzy Hash: dd111bca22c2ccb35d57fde1f459c852e0c7d99e8ffeba1de86d011eb98bee55
                                          • Instruction Fuzzy Hash: 8F31AAB9D052589FCB10CFA9E984AEDFBF0AF09310F24945AE419B7350D739A944CF64
                                          Function 02DFC2F8 Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryW.KERNELBASE(?), ref: 02DFC392
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 4a47e11d04bafb25c7f2782cbb76eb74c7f3c6bde503c40c14c97b315aa9d31b
                                          • Instruction ID: 1af29efadf54fb115c8297a5329fc432aef36dc8835bcd50342bbb21f39f1b91
                                          • Opcode Fuzzy Hash: 4a47e11d04bafb25c7f2782cbb76eb74c7f3c6bde503c40c14c97b315aa9d31b
                                          • Instruction Fuzzy Hash: C031DBB4D002089FCB10CFAAD984ADEFBF5AF48314F14802AE818B7320D334A941CF68
                                          Function 05BA6768 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ResumeThread.KERNELBASE(?), ref: 05BA67E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: ccf61e4fbf86d793f843f2b63d9d853d9f75ce0d48ac81f3fad94ffe28dc00cb
                                          • Instruction ID: 476294953a9850985db633a2f6946dc0bc1d842ed36cc49358774031b18fb985
                                          • Opcode Fuzzy Hash: ccf61e4fbf86d793f843f2b63d9d853d9f75ce0d48ac81f3fad94ffe28dc00cb
                                          • Instruction Fuzzy Hash: 8131A7B9D152589FCB10CFA9E984A9EFBF4FB49310F14906AE819B7310C735A905CF64
                                          Function 05BA6760 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ResumeThread.KERNELBASE(?), ref: 05BA67E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: ad25b672b50331ea83f176d3dc05c697f9e541fbad8b7fdd3ab5dd6dcd8428f0
                                          • Instruction ID: 1d240b658871d56bea808ba7a51a9036ad6884f72fba1b355cca57e2be75fecb
                                          • Opcode Fuzzy Hash: ad25b672b50331ea83f176d3dc05c697f9e541fbad8b7fdd3ab5dd6dcd8428f0
                                          • Instruction Fuzzy Hash: 283196B9D112589FCB10CFA9E984A9EFBF4EF09314F14906AE819B7310C735A945CF64
                                          Function 6E0FEA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • SysAllocString.OLEAUT32 ref: 6E0FEA8D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AllocString_malloc
                                          • String ID:
                                          • API String ID: 959018026-0
                                          • Opcode ID: d5313a85dec820c80f2f5ba76ab507506acb3c73c65fda484a5cf82ee7ed41f6
                                          • Instruction ID: ff42161e0bfbfdbae25304cbdd559dab6028f8bd54ab3306265e0d6822a58238
                                          • Opcode Fuzzy Hash: d5313a85dec820c80f2f5ba76ab507506acb3c73c65fda484a5cf82ee7ed41f6
                                          • Instruction Fuzzy Hash: CB01C4B1800A15EBD310CF94C800B5AB7F8FB00B60F10431AEC119B780D7B5A511DAD0
                                          Function 6E139D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog3_catch.LIBCMT ref: 6E13E8DC
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: H_prolog3_catch_malloc
                                          • String ID:
                                          • API String ID: 529455676-0
                                          • Opcode ID: 5dc932bfbe778b5f9f58adb29bbaa2a6f04b4cc3457fff6d7c037f87dccbd062
                                          • Instruction ID: 4212ee4382e8ed9df14316c30cf5c620d56bec25a75a93b06bdfcb3eb699bc28
                                          • Opcode Fuzzy Hash: 5dc932bfbe778b5f9f58adb29bbaa2a6f04b4cc3457fff6d7c037f87dccbd062
                                          • Instruction Fuzzy Hash: 3DD05E31514229DBCF41EBD9C405BAD7BA8AB41365FB00465E0087A284DE724E84A766
                                          Function 6E13A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___security_init_cookie.LIBCMT ref: 6E13A510
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ___security_init_cookie
                                          • String ID:
                                          • API String ID: 3657697845-0
                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                          • Instruction ID: 110c21d8080d13ac8154df50451cb658d7ecf852cb0791b83a1470221149b38d
                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                          • Instruction Fuzzy Hash: 47C09B351443189F8F04CF50F440CDF7719AB54324730D536FC18067509B3195A1F650
                                          Function 011AD964 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: def30ef1e76b11dbf10fe78267b5b7c40d02c6f46d79bbd0a67566ed9f4abeb0
                                          • Instruction ID: 3aa0eff0ef54253353a20d39f9ba8f73498d8b030d4041f65718fd5f6ae3f914
                                          • Opcode Fuzzy Hash: def30ef1e76b11dbf10fe78267b5b7c40d02c6f46d79bbd0a67566ed9f4abeb0
                                          • Instruction Fuzzy Hash: C2213A79504640DFCF09DF58E9C0B26BF66FB88314F64C569E8091B646C336D806CBA2
                                          Function 011ADA4C Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29e7a42b2b228d49a93155682b9ddcad49a81a005800bfeae85bfa0bb9b84b5a
                                          • Instruction ID: 84d0612fd5bd554b80997e3268561db7601aa9793fd6169bce71081e9ea187c9
                                          • Opcode Fuzzy Hash: 29e7a42b2b228d49a93155682b9ddcad49a81a005800bfeae85bfa0bb9b84b5a
                                          • Instruction Fuzzy Hash: 4C2146B9508740DFCF09DF98E9C0B26BF65FB88324F64C569E9094B646C336D406C7A2
                                          Function 011AD44C Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b816a0b501edb6ab2f06a4babe3eaacc6de0cf85721a12ee6e8eee16dbacdb01
                                          • Instruction ID: f2272f811b6d6a30b26c2cfb2f4b64de2ae106df57534ce6153d182d8e96133c
                                          • Opcode Fuzzy Hash: b816a0b501edb6ab2f06a4babe3eaacc6de0cf85721a12ee6e8eee16dbacdb01
                                          • Instruction Fuzzy Hash: D92143B9504700EFDB09DF58E9C4B26BFA4FB84324F60C56DD8090BA46C33AE406C6A2
                                          Function 054A0848 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54f459021e47b6264fb267f6b0f6ad2ff2e975ffba125e9e1733866f2a51c968
                                          • Instruction ID: d280a7df1fce47183cb7f23ba5de4afdae9cd9f690469c62e6845fef9f9c1cac
                                          • Opcode Fuzzy Hash: 54f459021e47b6264fb267f6b0f6ad2ff2e975ffba125e9e1733866f2a51c968
                                          • Instruction Fuzzy Hash: 2111BF313042509FC746EB78D854D6E7FF5EF8A25070641EAE609CB3B3DA209C058B61
                                          Function 011AD95F Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                          • Instruction ID: e76fedf28824eb02c45d7912d0aeb2482283fb3c06ed4be62524e001095b2e26
                                          • Opcode Fuzzy Hash: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                          • Instruction Fuzzy Hash: 7E11D37A504680CFDF16CF54E5C4B16BF72FB84314F24C1A9D8091B656C33AD41ACBA2
                                          Function 011ADA47 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ce6a93c8f98143ca43a8b32964729623134aff39ec95d0e3aee73f4880fc6cc
                                          • Instruction ID: 39100a48b6aa83c2df71d47cf705bf5ad18d1e2bfd88bff078549a8948e296bd
                                          • Opcode Fuzzy Hash: 7ce6a93c8f98143ca43a8b32964729623134aff39ec95d0e3aee73f4880fc6cc
                                          • Instruction Fuzzy Hash: 4A11D07A504680CFDF16CF54E5C4B16BF71FB84324F24C6A9D8090BA56C33AD41ACBA1
                                          Function 011AD447 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037436796.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_11ad000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fb88b0f218b58f290041d903a38aa33e1711f0c5696974066c4efb08e36d8f3
                                          • Instruction ID: ca6dd1e97a478cf4d98f75326b3c5a60ddffbffdc6fb583f24ffe2864f813153
                                          • Opcode Fuzzy Hash: 2fb88b0f218b58f290041d903a38aa33e1711f0c5696974066c4efb08e36d8f3
                                          • Instruction Fuzzy Hash: D811017A504680CFDB16CF14E5C4B5ABF71FB84324F24C2A9D8490BA56C33AE44ACB92
                                          Function 054A0868 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66b27a2bbacf38e418fe6949e7a3ac7edb1f6ac65cd78a5e3a560ccaf325767d
                                          • Instruction ID: 36323c1938799e7414385e3863325770b708b1780f6a81d8ed40dc803c3d105e
                                          • Opcode Fuzzy Hash: 66b27a2bbacf38e418fe6949e7a3ac7edb1f6ac65cd78a5e3a560ccaf325767d
                                          • Instruction Fuzzy Hash: 2B015E313101109FC748EB6DD898C2EBBEAFF8966434141A9E61ACB371DF31EC018BA4
                                          Function 0119D149 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037273704.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c43f82f0fdde98f571dc05f1fc0df542f53800f4aecfeb943fa3265c9bc22a7e
                                          • Instruction ID: 848bd9c937a8724343ac09608a24a29ec7dcec282ec782c709c50269a6eb2d5e
                                          • Opcode Fuzzy Hash: c43f82f0fdde98f571dc05f1fc0df542f53800f4aecfeb943fa3265c9bc22a7e
                                          • Instruction Fuzzy Hash: 4A01A7B21047449AEF299A9AED84766BFD8DF41330F18C52AED194A287C3799841C672
                                          Function 0119D148 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2037273704.000000000119D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0119D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_119d000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 294949a1b1addf5c960b7afbccff9152e9ab981cd6b9add7dbc342431d2e4e03
                                          • Instruction ID: 9ac058d64f4f4cb1250d3d75c2a225267c9fee94c811d835f45812e32290fdb0
                                          • Opcode Fuzzy Hash: 294949a1b1addf5c960b7afbccff9152e9ab981cd6b9add7dbc342431d2e4e03
                                          • Instruction Fuzzy Hash: 4AF062724043449AFB258A5ADD84B62FFD8EB91734F18C46AED184A287C3799845CAB1

                                          Non-executed Functions

                                          Function 6E0F2D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F2DFF
                                          • VariantInit.OLEAUT32(?), ref: 6E0F2E08
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0F2E7E
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F2EB5
                                          • VariantClear.OLEAUT32(?), ref: 6E0F2EC1
                                            • Part of subcall function 6E0FC850: VariantInit.OLEAUT32(?), ref: 6E0FC88F
                                            • Part of subcall function 6E0FC850: VariantInit.OLEAUT32(?), ref: 6E0FC895
                                            • Part of subcall function 6E0FC850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FC8A0
                                            • Part of subcall function 6E0FC850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0FC8D5
                                            • Part of subcall function 6E0FC850: VariantClear.OLEAUT32(?), ref: 6E0FC8E1
                                          • VariantClear.OLEAUT32(?), ref: 6E0F30D5
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F3550
                                          • VariantClear.OLEAUT32(?), ref: 6E0F3563
                                          • VariantClear.OLEAUT32(?), ref: 6E0F3569
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                          • String ID:
                                          • API String ID: 2012514194-0
                                          • Opcode ID: 0c491558d9708f5dd89d0caf3cb451482dcb8f3074a2db38555da29e1a7c30da
                                          • Instruction ID: 830cd00f6e375466a73edb35a1de9ff092307f31e27e7a2753919c4459e71456
                                          • Opcode Fuzzy Hash: 0c491558d9708f5dd89d0caf3cb451482dcb8f3074a2db38555da29e1a7c30da
                                          • Instruction Fuzzy Hash: A3527B71900219DFCB44CFA8C894BDEBBF9BF89710F148599E909AB344DB34A946CF91
                                          Function 6E0EA0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6E160634,6E160738,?), ref: 6E0EA119
                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6E0EA145
                                          • __cftoe.LIBCMT ref: 6E0EA1FB
                                          • GetModuleHandleW.KERNEL32(?), ref: 6E0EA215
                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6E0EA265
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                          • String ID: mscorwks$v2.0.50727$wks
                                          • API String ID: 1312202379-2066655427
                                          • Opcode ID: 9286232a2ff7b3c24be3c6f97cbbb753148202c8766782e4bb29969e4e0e0084
                                          • Instruction ID: dc50b62ba121049d220dd950a432412bb8c3171fb426e45169c5497181b2367b
                                          • Opcode Fuzzy Hash: 9286232a2ff7b3c24be3c6f97cbbb753148202c8766782e4bb29969e4e0e0084
                                          • Instruction Fuzzy Hash: 2C9145B0A042499FDB04DFE8C884A9EBBB5BF4D310F20866DE529EB740D734A945CB95
                                          Function 6E12DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,E0F806C9,6E158180,00000000,?), ref: 6E12DBFB
                                          • GetLastError.KERNEL32 ref: 6E12DC01
                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6E12DC15
                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6E12DC26
                                          • SetLastError.KERNEL32(00000000), ref: 6E12DC2D
                                            • Part of subcall function 6E12D9D0: GetLastError.KERNEL32(00000010,E0F806C9,7508FC30,?,00000000), ref: 6E12DA1A
                                          • __CxxThrowException@8.LIBCMT ref: 6E12DC78
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                          • API String ID: 3279666080-1159690233
                                          • Opcode ID: 4cc05ff74ed3b1d5429c7aaedb1586d6c336ac8adb4689c0c95f6336e36e975a
                                          • Instruction ID: d67e7d0f5ab4a21c7c286843feb320d0dbf85ca910dd0c1ca2fe78bc49e7e0c1
                                          • Opcode Fuzzy Hash: 4cc05ff74ed3b1d5429c7aaedb1586d6c336ac8adb4689c0c95f6336e36e975a
                                          • Instruction Fuzzy Hash: 5A21F6B1258340AFE710DBA4CC45F9B7BECAF49B54F50092DF5419A3C0EBB5A4849B61
                                          Function 6E13948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsDebuggerPresent.KERNEL32 ref: 6E13CE6C
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E13CE81
                                          • UnhandledExceptionFilter.KERNEL32(6E159428), ref: 6E13CE8C
                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6E13CEA8
                                          • TerminateProcess.KERNEL32(00000000), ref: 6E13CEAF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                          • String ID:
                                          • API String ID: 2579439406-0
                                          • Opcode ID: 32661a1821bf431f2a9bd36cc8536c503ca39c02e9ae5c2e5f0819cd11fbfc8c
                                          • Instruction ID: e4390ba5a6b7d89dd1b2ced31b7090a25fcda2471d3206d37cfcc839488ec827
                                          • Opcode Fuzzy Hash: 32661a1821bf431f2a9bd36cc8536c503ca39c02e9ae5c2e5f0819cd11fbfc8c
                                          • Instruction Fuzzy Hash: 462105B4500B24DFCF50EF64D04CA897BB2FB0AB14F20C05AE84A87B48E7704981EF15
                                          Function 6E132310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E1324A1
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • std::exception::exception.LIBCMT ref: 6E13248C
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                          • String ID:
                                          • API String ID: 757275642-0
                                          • Opcode ID: 0305a42b61e94285762af45e86162495bca8ef5efef91fc2219ae29816e2e926
                                          • Instruction ID: 4edf1af7c4e71a96ae7bda86610319ec3a58f4e8b70319a19e92d99417cc70e0
                                          • Opcode Fuzzy Hash: 0305a42b61e94285762af45e86162495bca8ef5efef91fc2219ae29816e2e926
                                          • Instruction Fuzzy Hash: 9A3290B1A006269FDB44DFE8C490A9EB7B6BF99700B34452CE8169B354E730ED84DBD0
                                          Function 6E125DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28528f309b9805bc23c1eaef75380becea6680adade7362386e5ab07e8558811
                                          • Instruction ID: 94ddd3e764f1afaa136406f383fe8c0309e7da4b70dce77628439e16e728981c
                                          • Opcode Fuzzy Hash: 28528f309b9805bc23c1eaef75380becea6680adade7362386e5ab07e8558811
                                          • Instruction Fuzzy Hash: 9702BE704187648FCB64CF69C8A097EBBF2EBCA711F41491EE1F653295C334A558EB21
                                          Function 6E125EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID:
                                          • API String ID: 4104443479-0
                                          • Opcode ID: 22fc11565bd5c0bc02c96490fc8e9dc0a40c0ea168b028d4c1521d8a23a14602
                                          • Instruction ID: 6ff1c9a4ad0632a17a51571ba51d13c6a5e2be7a049a86878a78cf1f943ad0f0
                                          • Opcode Fuzzy Hash: 22fc11565bd5c0bc02c96490fc8e9dc0a40c0ea168b028d4c1521d8a23a14602
                                          • Instruction Fuzzy Hash: A6E1C17041C7A48FCB64CB69C8A097E7BF2EBC6611F41850EE1F547299D334A16CEB21
                                          Function 054A0930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HERE$LOOK$G{q$G{q
                                          • API String ID: 0-1799213883
                                          • Opcode ID: 6d5088dfa78c959fff1c1ec2034e09ce75d2d76ca91376e117c5784f827e5495
                                          • Instruction ID: dbc4b2a50e576b3ad1bf3ae9a7d529bd0b6ee3d1870f84dd987493d7070db4d3
                                          • Opcode Fuzzy Hash: 6d5088dfa78c959fff1c1ec2034e09ce75d2d76ca91376e117c5784f827e5495
                                          • Instruction Fuzzy Hash: A6F1B075E452298FDBA4CF69C988BD9B7F2BB58310F1082E6D40DA7355DB30AE818F50
                                          Function 6E12DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptGenRandom.ADVAPI32(?,?,?,E0F806C9,00000000), ref: 6E12DE6F
                                          • __CxxThrowException@8.LIBCMT ref: 6E12DEB9
                                            • Part of subcall function 6E12DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6E14F0E6,000000FF,6E12DF67,00000000,?), ref: 6E12DDB4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                          • String ID: CryptGenRandom
                                          • API String ID: 1047471967-3616286655
                                          • Opcode ID: 7bade80a87e9e7813a5e124215479404aaeb7a37fc8aace80baacd2f2e83cb8f
                                          • Instruction ID: 59ad21bfaafbd17202b99e04ba6ce79b6667529683cacc7f547f09ff62b0f7c2
                                          • Opcode Fuzzy Hash: 7bade80a87e9e7813a5e124215479404aaeb7a37fc8aace80baacd2f2e83cb8f
                                          • Instruction Fuzzy Hash: 96214D715187409FC700DF64C844B9BBBE9BF89B28F108A1DF46587384E775A588DF92
                                          Function 6E1263B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID:
                                          • API String ID: 4104443479-0
                                          • Opcode ID: 5b6e59a2ef6e70d4e64f2cc1d282c14b8ae1c036868238f17f3e690d3c4fba2d
                                          • Instruction ID: 76c50afc18e9400ccbd6133df5f8899e175e46836948edef73648bbd03cff9cf
                                          • Opcode Fuzzy Hash: 5b6e59a2ef6e70d4e64f2cc1d282c14b8ae1c036868238f17f3e690d3c4fba2d
                                          • Instruction Fuzzy Hash: 125243B01186698FC744CF29C4A1926BBE2EFCA311764C56DD4D68B39AC330F5D1EBA0
                                          Function 6E12D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00000010,E0F806C9,7508FC30,?,00000000), ref: 6E12DA1A
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                          • String ID: operation failed with error $OS_Rng:
                                          • API String ID: 406877150-700108173
                                          • Opcode ID: 48fce604d20bb752a7cf76abdf8dabe63d69b87e967bc9ff7778c6bb1dac57db
                                          • Instruction ID: 52d2d2a08774d727a18f8a1a5f3f1e6096de13d248707eb70dbc8e5ce74aae96
                                          • Opcode Fuzzy Hash: 48fce604d20bb752a7cf76abdf8dabe63d69b87e967bc9ff7778c6bb1dac57db
                                          • Instruction Fuzzy Hash: 17417DB1508390AFD321CFA9C891B9BBBE8BF99744F104D2DE19987340DB759488DB63
                                          Function 02DFB678 Relevance: 4.1, Strings: 3, Instructions: 307COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hgq$$cq$$cq
                                          • API String ID: 0-2948965698
                                          • Opcode ID: 31172ea690b86c79f43e854831b05a4fc5c2c60c5d3ae394d3709013f981776b
                                          • Instruction ID: 5154298e334e31d3aa8ca9fbedc77d9014a8f8e875b0d7967e675eafe0557fa3
                                          • Opcode Fuzzy Hash: 31172ea690b86c79f43e854831b05a4fc5c2c60c5d3ae394d3709013f981776b
                                          • Instruction Fuzzy Hash: 18B16D74F042598BCB44DFAAD4542BEBBF6BF88308F15842AD616E7355DB348D01CB98
                                          Function 6E131CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::exception::exception.LIBCMT ref: 6E131E1D
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          • __CxxThrowException@8.LIBCMT ref: 6E131E32
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                          • String ID:
                                          • API String ID: 757275642-0
                                          • Opcode ID: b2e71a34f35131f265d4eb1ff67b0fb181379af8d50c2019e717bb9881354d30
                                          • Instruction ID: 35e2d0f331b3a97c356aca2e7a1cc54bb693b07fdceaa68c3491188a34dc3210
                                          • Opcode Fuzzy Hash: b2e71a34f35131f265d4eb1ff67b0fb181379af8d50c2019e717bb9881354d30
                                          • Instruction Fuzzy Hash: A9329F71B006169FDB48DFD9C8909AEB3BABF89700B34452DE5169B354EB30ED84DB90
                                          Function 02DF9898 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4|hq$4|hq
                                          • API String ID: 0-2328431178
                                          • Opcode ID: f85743576b45598b718f0de4f26fc3153bcb5fba688b27616accf2cffec4f046
                                          • Instruction ID: e3dfb12e2c380b67fb36c82f175d1bc5e89ab84ca78ec3442fc170756d12a056
                                          • Opcode Fuzzy Hash: f85743576b45598b718f0de4f26fc3153bcb5fba688b27616accf2cffec4f046
                                          • Instruction Fuzzy Hash: C3C1E931F00215CFCB59DF29C0A4BAA7BE2AF85304B1B8499D6469B365CB31DC81CB99
                                          Function 02DF16B8 Relevance: 2.8, Strings: 2, Instructions: 269COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Xgq$$cq
                                          • API String ID: 0-2122769152
                                          • Opcode ID: 1bfb1d5e54ad7ca04d6d9c89e3bae8cbaa3f2ee1cb8d4ea071fdc6827622ef90
                                          • Instruction ID: 119f6fd017b04af6556c6a48d04452ae0a2e22065823d8b0cee67c8c53734cca
                                          • Opcode Fuzzy Hash: 1bfb1d5e54ad7ca04d6d9c89e3bae8cbaa3f2ee1cb8d4ea071fdc6827622ef90
                                          • Instruction Fuzzy Hash: DF91AF75B00218DBCB589B78945467E7BB3BFC8780B06862DE55AE7398CE34DC02CB95
                                          Function 6E140B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f7b382ed9e705cb6476deda40f3ab032603918dd531fa90dcf228c99e21e48b
                                          • Instruction ID: 9cb420b679ce6d5cfa8121af8fdb469bbff08fe230d9a3887b02368ac27ac2db
                                          • Opcode Fuzzy Hash: 0f7b382ed9e705cb6476deda40f3ab032603918dd531fa90dcf228c99e21e48b
                                          • Instruction Fuzzy Hash: 0C3235A1E68F418DDB639634C832326635DAFB73D4F11C727E829B5E99EB29C4C36101
                                          Function 6E12DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4760: __CxxThrowException@8.LIBCMT ref: 6E0D47F9
                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6E12DF7B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextCryptException@8ReleaseThrow
                                          • String ID:
                                          • API String ID: 3140249258-0
                                          • Opcode ID: 8ed1e511ad3c4fa34374a3e5f9bca57886343434f3a7f73016f8960881950e5d
                                          • Instruction ID: 6da62764befc9a35ed2cf807f6538ff12edfae91dbdc3f2a7e5d0e5264ec5dde
                                          • Opcode Fuzzy Hash: 8ed1e511ad3c4fa34374a3e5f9bca57886343434f3a7f73016f8960881950e5d
                                          • Instruction Fuzzy Hash: 0721B3B5508344AFC340DF54C840B8BBBE8EF9A768F100A2DF84593381D771E589CBA6
                                          Function 6E12DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6E14F0E6,000000FF,6E12DF67,00000000,?), ref: 6E12DDB4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: ea43b8b92d67fe99aedaee8a81f95609448ce86bc862dfbc9b45a5d62b88e90e
                                          • Instruction ID: 2f32c89260fe70d535f674339367b8c6adcf14a3c8a6c7793c9fdecec45a8a0d
                                          • Opcode Fuzzy Hash: ea43b8b92d67fe99aedaee8a81f95609448ce86bc862dfbc9b45a5d62b88e90e
                                          • Instruction Fuzzy Hash: 1511B4B1608B619FEB10CF98CC84B5673E8FB05B10F28493DED15C7384EB799884AB91
                                          Function 6E12D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6E12D803
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: 47f9ced5c51ad5f78d535b95fba484457e3a82d58bc4f957b3ce34ad5a5e1f25
                                          • Instruction ID: 0a25ccfc0ff0fdfce2530719b4f8a53b5ab54f5acf54a28d08c9871f62b35be7
                                          • Opcode Fuzzy Hash: 47f9ced5c51ad5f78d535b95fba484457e3a82d58bc4f957b3ce34ad5a5e1f25
                                          • Instruction Fuzzy Hash: B6D02EB07003211BD2209AA4CC00B8777CC0F20B00F248838F95ED2280C6B0C8C0ABD4
                                          Function 6E1535E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6E1535F5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: c34b27a1e3e9e086630681729da274693ce2235770948fa3c895bc723d2893a1
                                          • Instruction ID: 8dde45d483de311eba469fe559dfbbd5d56d478ff11c481916d3b264aa2f70ba
                                          • Opcode Fuzzy Hash: c34b27a1e3e9e086630681729da274693ce2235770948fa3c895bc723d2893a1
                                          • Instruction Fuzzy Hash: 41D0A7F150162257FF51CEA4DC19F8633DC5B12640F2C0014F524C7288DF74D991EB64
                                          Function 6E12D7D4 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6E12D7E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: 8ae1258a183dbe66f51cd636dae96737d08f317ef66296b29f8f11ba34ba3849
                                          • Instruction ID: da5fb4a231a5f0d3353b75ac411da9b9375a6dab2f26fab25acf8850ccb47e96
                                          • Opcode Fuzzy Hash: 8ae1258a183dbe66f51cd636dae96737d08f317ef66296b29f8f11ba34ba3849
                                          • Instruction Fuzzy Hash: 5FB012F0A113011AFD681B114E1875D15009F01609F3008183506A00408368D8407508
                                          Function 6E125830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: ca7acf1c51f96ad49a47fdd901b1677f1c44465e397fc8120bc37ebd8b8058f3
                                          • Instruction ID: e18317a461aed9dd5d2206e3e6d9107040182bb92daf10128407c18de5ed0a95
                                          • Opcode Fuzzy Hash: ca7acf1c51f96ad49a47fdd901b1677f1c44465e397fc8120bc37ebd8b8058f3
                                          • Instruction Fuzzy Hash: A6917D71818B868BE701CF6DC8825AAB7A0FFD9354F149B2DFDD462200EB749584C782
                                          Function 6E14BFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: N@
                                          • API String ID: 0-1509896676
                                          • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                          • Instruction ID: 555a31599c4c31bc24c76a848e7e85d723d1de8ac11b2565420de5a01f7c64ae
                                          • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                          • Instruction Fuzzy Hash: 67613871A00316CFEB19CF88C49469EBBB2BF84710F26C5AED9195F351C7B19998DB80
                                          Function 02DF08A0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq
                                          • API String ID: 0-182294849
                                          • Opcode ID: 41ffcf2caaec52d756ec680aabecbef52040ee9674f76c348c2b56e8d677a69a
                                          • Instruction ID: 9b223c2facb044c8bf47596cb0a51614dc21325519dffc2473563f2b7ca1f3b3
                                          • Opcode Fuzzy Hash: 41ffcf2caaec52d756ec680aabecbef52040ee9674f76c348c2b56e8d677a69a
                                          • Instruction Fuzzy Hash: 1471ECB09006098FDB49DFBAE84069ABFF2FF88304F54C539D025AB369DB795845DB90
                                          Function 02DF08B0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq
                                          • API String ID: 0-182294849
                                          • Opcode ID: fe74c6540d7e62007fa370fb4b75d187f41996ee0c57f694d48c32a5affb070b
                                          • Instruction ID: e4029121e6862ec8879a6d0b1f5bf07c29184acc68967dabc3772cf906f8c2f0
                                          • Opcode Fuzzy Hash: fe74c6540d7e62007fa370fb4b75d187f41996ee0c57f694d48c32a5affb070b
                                          • Instruction Fuzzy Hash: 0D71DAB0A006098FDB49DFBAE84069ABFF2FF88304F54C539D025AB269DB795845DB50
                                          Function 6E1258D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 762bafddbdb15f74d9bbbdc72c3d6f25c6634c1525734cfed01f65a83827ae4b
                                          • Instruction ID: 3ca58fa7129d5b2e5c8c425b2f58c925c5be5ce5ee3d0ba0616ec00cc349a128
                                          • Opcode Fuzzy Hash: 762bafddbdb15f74d9bbbdc72c3d6f25c6634c1525734cfed01f65a83827ae4b
                                          • Instruction Fuzzy Hash: 37518371818B868BE711CF6DC8825AAF7A0BFE5344F20DB2DFDD462601EB758584D782
                                          Function 6E1258D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: ab31d30b10002834dd80908612962ec80bbbe9655db30bdb273920597ba60174
                                          • Instruction ID: 5eb093046c20d328c1c79949c647df7c88472c790d93ac065036f823a671f697
                                          • Opcode Fuzzy Hash: ab31d30b10002834dd80908612962ec80bbbe9655db30bdb273920597ba60174
                                          • Instruction Fuzzy Hash: 2D517271818B868BE701CF6DC8825AAF7A0BFE5344F20DB2DFDD462601EB758584D782
                                          Function 02DFD850 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: lhq
                                          • API String ID: 0-1723968774
                                          • Opcode ID: b8e9fd5ee4cf6a084eb5fefdbd3768c49c57005b13cd6b659b5696b24b86bf2c
                                          • Instruction ID: 3248a9b259981a623c2b9c2815b126684910bdc59e4b2a2633eab0182136bfdd
                                          • Opcode Fuzzy Hash: b8e9fd5ee4cf6a084eb5fefdbd3768c49c57005b13cd6b659b5696b24b86bf2c
                                          • Instruction Fuzzy Hash: 1231C675E01208AFDB04DFA9D440AEEBBB5FF49310F109069E911B7260DB719A44CFA5
                                          Function 02DFD84B Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: lhq
                                          • API String ID: 0-1723968774
                                          • Opcode ID: c33b5f7d026ff9aabc9a8b12bcab1d2d915487a0cfe87308979aba07b4a87484
                                          • Instruction ID: facd5b0d74f2b3eb7c24f45ff9f921f40635ed87b34790492a83286cec1b8a64
                                          • Opcode Fuzzy Hash: c33b5f7d026ff9aabc9a8b12bcab1d2d915487a0cfe87308979aba07b4a87484
                                          • Instruction Fuzzy Hash: C131C6B5E01209AFDB05DFA8D480AEEBBB5FF49310F10906AE911B7260DB319A44CF95
                                          Function 6E113460 Relevance: .7, Instructions: 681COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                          • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                          • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                          • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                          Function 05BA5A59 Relevance: .5, Instructions: 522COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10e8a4a53111be046cd9d833f4e33dbffc5d46805472bd4235e4062cb718d047
                                          • Instruction ID: cb7ee4c9a554e079213e103d17ce77d9e1c9c4485c89db3e396d21eba1e36304
                                          • Opcode Fuzzy Hash: 10e8a4a53111be046cd9d833f4e33dbffc5d46805472bd4235e4062cb718d047
                                          • Instruction Fuzzy Hash: 43416FB5C093958FDB12CFA8D8906DDBFF0EF0A310F19509AD884AB292D7345806CB65
                                          Function 6E113E50 Relevance: .5, Instructions: 514COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                          • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                          • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                          • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                          Function 6E114AC0 Relevance: .4, Instructions: 424COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                          • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                          • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                          • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                          Function 6E125050 Relevance: .4, Instructions: 401COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 544601dab2bd1831da06776b5efc11facca1cf757547b4e899257077deb06830
                                          • Instruction ID: 1b053d292a8b291796a19551907c60e32ee0e58f72c82847b4e09e30e45d97f3
                                          • Opcode Fuzzy Hash: 544601dab2bd1831da06776b5efc11facca1cf757547b4e899257077deb06830
                                          • Instruction Fuzzy Hash: 2E02AF3280A2B49FDB92EF5ED8405AB73F4FF90355F43892ADC8163241D331EA499795
                                          Function 6E114550 Relevance: .3, Instructions: 326COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                          • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                          • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                          • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                          Function 6E125274 Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                          • Instruction ID: 8d4e4b8b15cc1ad3f6c0a9d67ce7897268364257c8d8ecbfe49bba81ce7e92b5
                                          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                          • Instruction Fuzzy Hash: E6A144324192B49FDB92EF6ED8400AB73E5EF94355F43892FDCC167281C235EA089795
                                          Function 6E113260 Relevance: .2, Instructions: 177COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                          • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                          • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                          • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                          Function 6E113C90 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                          • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                          • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                          • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                          Function 6E114970 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                          • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                          • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                          • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                          Function 02DFC655 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 218334f5e70e13d7f3fe00af96afdf2b44e3016cd04aad3dba2292779c8e18e4
                                          • Instruction ID: e9237090dfad97c2130cb5bea2334c9b2e878baf03644bfa7864ba8f5ac8381f
                                          • Opcode Fuzzy Hash: 218334f5e70e13d7f3fe00af96afdf2b44e3016cd04aad3dba2292779c8e18e4
                                          • Instruction Fuzzy Hash: BD510EB4D1024C9FDB54CFA9D884B9DBBF1BF49314F20912AE829AB394D7749885CF44
                                          Function 02DF6AFC Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4738db1bf5a7143d94e618f94ff0febdf4fa7a8250156f889a112ec582475e29
                                          • Instruction ID: e4e0c6d8d73c83a19e0817ff2977625ce874b0748d470b988aa2631d93b4cc5a
                                          • Opcode Fuzzy Hash: 4738db1bf5a7143d94e618f94ff0febdf4fa7a8250156f889a112ec582475e29
                                          • Instruction Fuzzy Hash: EE41FEB4D1024C9FDB54CFA9D984B9EBBF1FB09304F20902AE915AB394D7749885CF49
                                          Function 6E124EE0 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53858189e1f610743d9ddbe3cff9e2269d9b2d9d2202f1730939682212240197
                                          • Instruction ID: 68b0813609cc3e2c484dd8f3601b7e894d674555eae76b083cbc337fa8b7b50e
                                          • Opcode Fuzzy Hash: 53858189e1f610743d9ddbe3cff9e2269d9b2d9d2202f1730939682212240197
                                          • Instruction Fuzzy Hash: 4641AD7120C30D0FD35CFEE896DB397B6D4E389280F41943FAA018B1A2FEA4995996C4
                                          Function 02DFD958 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc590697aebb0e57c95ba3e8fd18099d9b66d7eda46482fa02c0a091490dc08a
                                          • Instruction ID: dbd02a401d6373c6760dcc57b9b352805bd624a5a0a14ff4e42e1380a65f3e7b
                                          • Opcode Fuzzy Hash: fc590697aebb0e57c95ba3e8fd18099d9b66d7eda46482fa02c0a091490dc08a
                                          • Instruction Fuzzy Hash: 8D31E6B6E012089FDB05CFA8D491AEEBBB1FF49310F10906AE911B7361DB319A05CF95
                                          Function 02DFD73B Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a68845d7e55ee269b2bd17c834704d9ed5ec34ceae1601e8539b725247bf144
                                          • Instruction ID: 8d659edb5d10288f9c023da540026727bac790d5cb5cb95a094506ac17632bfb
                                          • Opcode Fuzzy Hash: 2a68845d7e55ee269b2bd17c834704d9ed5ec34ceae1601e8539b725247bf144
                                          • Instruction Fuzzy Hash: 1C31E675E01208AFDB05CFA8D481AEEBBB5FF49310F109069E911B7360DB709A05CFA5
                                          Function 05BA62E0 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b705f99afbe6413494e6bfc6c5aa87da61b0ef0679d8612d3da3ce68aa58c4d8
                                          • Instruction ID: 6735f9db93d29af45db88dc91f65a6138828e6766a41696df9b616d573052775
                                          • Opcode Fuzzy Hash: b705f99afbe6413494e6bfc6c5aa87da61b0ef0679d8612d3da3ce68aa58c4d8
                                          • Instruction Fuzzy Hash: 7931BBB9D04258DFCB10CFAAD884AEEFBF4BB49310F14906AE415B7250D738A949CF64
                                          Function 05BA62DA Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6ad3420156cb6e6b1f09141bde9fa4ba1c08e20b190f12d97162f28f55612fc
                                          • Instruction ID: 9d9978ae30610f32bdbfd42f245d05cf6bc37cb95d982010a0a6e1fbee6bb0f0
                                          • Opcode Fuzzy Hash: e6ad3420156cb6e6b1f09141bde9fa4ba1c08e20b190f12d97162f28f55612fc
                                          • Instruction Fuzzy Hash: 6531CAB9D04258DFCB10CFA9D984AEEFBF4AB49310F14905AE415B7240D738A949CF64
                                          Function 02DFD740 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6465fd2e9a1137427d129f1eb900cd06b3de6044131ed6dd0250d87f1c3d713
                                          • Instruction ID: d5d9ec056e67b94cb4a2ce80d0f70386f70889d9f7af9f446348a29ab0df3bc3
                                          • Opcode Fuzzy Hash: b6465fd2e9a1137427d129f1eb900cd06b3de6044131ed6dd0250d87f1c3d713
                                          • Instruction Fuzzy Hash: BA31C775E01209AFDB04CFA9D480AEEBBB5FF49310F109069E911B7360DB709A04CFA5
                                          Function 02DFD960 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2038228184.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2df0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f17f8093d1234d5e11be7e5feb318ba688674922c2dd94992b61679e3a90951e
                                          • Instruction ID: ca58ecd6e12706bce8903b7e6a5023e5c762a353781014f44a994b213b2ae567
                                          • Opcode Fuzzy Hash: f17f8093d1234d5e11be7e5feb318ba688674922c2dd94992b61679e3a90951e
                                          • Instruction Fuzzy Hash: 8E31C7B5E012089FDB04CFA9D440AEEBBB5FF49310F109069E911B7360DB719A04CF95
                                          Function 6E0D6650 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                          • Instruction ID: 214c0046ebfdc1117554bf9c9e5c408f98e86d7fa9de341354f9709d95af27b1
                                          • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                          • Instruction Fuzzy Hash: 1C21E7367155534BE705CE2ED8908A6B7A7EF8D31471D81F9E808CB283CA70E916C7D0
                                          Function 6E0D8B30 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                          • Instruction ID: 0cde919a6b2a04368dfa53ec590402ed56d4d326d8999c2573cd4d9271e6c56f
                                          • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                          • Instruction Fuzzy Hash: F7219F757046874BE715CF2EC84059BBBA3EFD9310B1A80B7E858DB242C674E866CBD0
                                          Function 6E0DC7B0 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                          • Instruction ID: c80b95a666d233b861a40461aee8ffdaa188da57853212599e23c2f58252a354
                                          • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                          • Instruction Fuzzy Hash: 8311E935709B430BF304CE6EE880583B793AFCD32475A85AEA454DF146C771E41AC781
                                          Function 6E0DA7E0 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                          • Instruction ID: 958688d64b3fb265ae6283e295fbbdbe90669f8d05abd1232cd565dbc221b279
                                          • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                          • Instruction Fuzzy Hash: 83110631A157964BD7018E2DC8406C6BBB7AFCE710B1A81EAE854DF217C774982BC7D0
                                          Function 05BA5E18 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2051527121.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5ba0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b7d8bac053f19ebcc01183e6163c04606930d6b5c77b3901fc0845c0720df2f
                                          • Instruction ID: ac8823d569f93858e3a719109ea20b48a6cee03c4ff286a2fa1967470c4565ae
                                          • Opcode Fuzzy Hash: 6b7d8bac053f19ebcc01183e6163c04606930d6b5c77b3901fc0845c0720df2f
                                          • Instruction Fuzzy Hash: DC21AAB9D05218DFCB20CFA9D984AEEBBF4EB49310F24905AE818B3351C735A905CF64
                                          Function 6E1384B0 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e493728e9728076c69b9a35793f3276b2110232aa8bc7a1717f3c239621cdfb
                                          • Instruction ID: 58f91fd4f4409196e974216054225b6661a48f90337bb95f85b72f3a47513649
                                          • Opcode Fuzzy Hash: 4e493728e9728076c69b9a35793f3276b2110232aa8bc7a1717f3c239621cdfb
                                          • Instruction Fuzzy Hash: 971152B2908609EFC714CF59D841B9AFBF5FB44720F20822EE819D7780D7356950CB90
                                          Function 6E146FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • operator+.LIBCMT ref: 6E146FCC
                                            • Part of subcall function 6E144147: DName::DName.LIBCMT ref: 6E14415A
                                            • Part of subcall function 6E144147: DName::operator+.LIBCMT ref: 6E144161
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: NameName::Name::operator+operator+
                                          • String ID:
                                          • API String ID: 2937105810-0
                                          • Opcode ID: 79dec60f4a9cd9560185ea330304ef270841d4dc984d9adc9fe1392455b51328
                                          • Instruction ID: eb6e7b1179cbdea0133365c000ef395d8b483b08ca3346c68feebdb2da51eae3
                                          • Opcode Fuzzy Hash: 79dec60f4a9cd9560185ea330304ef270841d4dc984d9adc9fe1392455b51328
                                          • Instruction Fuzzy Hash: FED130B5900209EFDF01DFE8C895AEDBBF8EF19314F10445AE515AB390DB349A86DB60
                                          Function 6E13EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ECA5
                                          • __mtterm.LIBCMT ref: 6E13ECB1
                                            • Part of subcall function 6E13E97C: DecodePointer.KERNEL32(00000012,6E13A397,6E13A37D,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13E98D
                                            • Part of subcall function 6E13E97C: TlsFree.KERNEL32(0000000A,6E13A397,6E13A37D,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13E9A7
                                            • Part of subcall function 6E13E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6E13A397,6E13A37D,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E142325
                                            • Part of subcall function 6E13E97C: DeleteCriticalSection.KERNEL32(0000000A,?,?,6E13A397,6E13A37D,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E14234F
                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6E13ECC7
                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6E13ECD4
                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6E13ECE1
                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6E13ECEE
                                          • TlsAlloc.KERNEL32(?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED3E
                                          • TlsSetValue.KERNEL32(00000000,?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED59
                                          • __init_pointers.LIBCMT ref: 6E13ED63
                                          • EncodePointer.KERNEL32(?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED74
                                          • EncodePointer.KERNEL32(?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED81
                                          • EncodePointer.KERNEL32(?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED8E
                                          • EncodePointer.KERNEL32(?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13ED9B
                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13EDBC
                                          • __calloc_crt.LIBCMT ref: 6E13EDD1
                                          • DecodePointer.KERNEL32(00000000,?,?,6E13A2D4,6E1695C0,00000008,6E13A468,?,?,?,6E1695E0,0000000C,6E13A523,?), ref: 6E13EDEB
                                          • GetCurrentThreadId.KERNEL32 ref: 6E13EDFD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                          • API String ID: 1868149495-3819984048
                                          • Opcode ID: 951a47451895a54ee74d43829159ceed9adbc0c9c0d46129fb6cfcedd1afeafb
                                          • Instruction ID: d5add1b25a1744778e0aee95a45c0d5dc4be264277f204ca1421e36170e7ebcb
                                          • Opcode Fuzzy Hash: 951a47451895a54ee74d43829159ceed9adbc0c9c0d46129fb6cfcedd1afeafb
                                          • Instruction Fuzzy Hash: E531A371800B359BDF50DFB5AC0865A3FA5F71AB10730852AE8259B290DB309991FF90
                                          Function 6E0E0EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                          • String ID: invalid string position$string too long
                                          • API String ID: 1771113911-4289949731
                                          • Opcode ID: 87f526dc70327de244d71eaa75612d09790d601c618b4236607b5ed5094f9ba2
                                          • Instruction ID: 22c2a1882a01e404ecee40ac31910caaba3587a1a0c08d20b04350113efabcfd
                                          • Opcode Fuzzy Hash: 87f526dc70327de244d71eaa75612d09790d601c618b4236607b5ed5094f9ba2
                                          • Instruction Fuzzy Hash: 57B15D713141459FEB18CF9CCC90B9F73A6EB897447644928F4928BF81DA70EC95CBA1
                                          Function 6E147FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6E147FFF
                                          • DName::operator=.LIBCMT ref: 6E148013
                                          • DName::operator+=.LIBCMT ref: 6E148021
                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6E14804D
                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6E1480CA
                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6E1480D3
                                          • operator+.LIBCMT ref: 6E148166
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                          • String ID: std::nullptr_t$volatile
                                          • API String ID: 2203807771-3726895890
                                          • Opcode ID: dbfc638f0b81bad4030e043a83cd585c77e0f7347b32cbe074b5905a27f8f7b7
                                          • Instruction ID: 48f4cbe01f37f662461752cfeaca49138a3d9af3c68acfe617b5e9a3b37e3830
                                          • Opcode Fuzzy Hash: dbfc638f0b81bad4030e043a83cd585c77e0f7347b32cbe074b5905a27f8f7b7
                                          • Instruction Fuzzy Hash: 4F419BB2818149EFCF51DFD4C8949EEBB78FB16745F208466F9646B341C7309AC2AB90
                                          Function 6E0F5140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F5177
                                            • Part of subcall function 6E102820: _malloc.LIBCMT ref: 6E102871
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6E0F51B9
                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6E0F51D5
                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6E0F51E5
                                          • _memmove.LIBCMT ref: 6E0F51FF
                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6E0F5208
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0F522C
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E0F5263
                                          • VariantClear.OLEAUT32(?), ref: 6E0F526C
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6E0F52AD
                                          • VariantClear.OLEAUT32(?), ref: 6E0F52B6
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6E0F52D2
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F534E
                                          • VariantClear.OLEAUT32(?), ref: 6E0F5358
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                          • String ID:
                                          • API String ID: 452649785-0
                                          • Opcode ID: fc72a7845dc32ca5049e2de9c854287cb6bdfb184a9ffedee4ad2166a18f6cf2
                                          • Instruction ID: bdee3e31263dde2eb5899fce59f21b2b893a9eb0da3463e1df48703944291f5d
                                          • Opcode Fuzzy Hash: fc72a7845dc32ca5049e2de9c854287cb6bdfb184a9ffedee4ad2166a18f6cf2
                                          • Instruction Fuzzy Hash: E8711AB5A0061AEBDB00CFA9C884BEFBBB8FF59354F108119E91597240D774E956CBA0
                                          Function 6E0EF95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0EFA0F
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0EFA22
                                          • SafeArrayGetElement.OLEAUT32 ref: 6E0EFA5A
                                            • Part of subcall function 6E0F3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F3B71
                                            • Part of subcall function 6E0F3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F3B83
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0EDFF6
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0EE003
                                            • Part of subcall function 6E0EDFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0EE02F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$Destroy$Element
                                          • String ID: RS7m$RS{m
                                          • API String ID: 959723449-144615663
                                          • Opcode ID: eb38f4df922489995bb3aec6efdb2abcfc1ecd9a750f65b69f8ea7a46ddd70aa
                                          • Instruction ID: 568601eba350b649eae84f13cbe0818074da025209b406bdb6e0e6a70244fb64
                                          • Opcode Fuzzy Hash: eb38f4df922489995bb3aec6efdb2abcfc1ecd9a750f65b69f8ea7a46ddd70aa
                                          • Instruction Fuzzy Hash: C5C15FB0A00205DFDB54CFA8CD90F9DB7BDAF85304F2445A8E945AB286DB75E981CF50
                                          Function 6E0F3690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Init$Clear$Copy
                                          • String ID:
                                          • API String ID: 3833040332-0
                                          • Opcode ID: 0a055058256c95cdbd326ec8fe19e307a41b724799262d71bd6e2a7ffac46d5e
                                          • Instruction ID: 420536cbe117ea950cd03573732b80fc7c9d106523f36221d82145f2b4202821
                                          • Opcode Fuzzy Hash: 0a055058256c95cdbd326ec8fe19e307a41b724799262d71bd6e2a7ffac46d5e
                                          • Instruction Fuzzy Hash: B6814CB1900219EFDB04DFE8C884FEEBBB9BF49314F144559E905AB240DB35A916CB91
                                          Function 6E0FD880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FD8EC
                                          • VariantInit.OLEAUT32 ref: 6E0FD902
                                          • VariantInit.OLEAUT32(?), ref: 6E0FD90D
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E0FD929
                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6E0FD966
                                          • VariantClear.OLEAUT32(?), ref: 6E0FD973
                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6E0FD9B4
                                          • VariantClear.OLEAUT32(?), ref: 6E0FD9C1
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FDA6F
                                          • VariantClear.OLEAUT32(?), ref: 6E0FDA80
                                          • VariantClear.OLEAUT32(?), ref: 6E0FDA87
                                          • VariantClear.OLEAUT32(?), ref: 6E0FDA99
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                          • String ID:
                                          • API String ID: 1625659656-0
                                          • Opcode ID: 73b5856a772a6793634ee7861e4b353211fe8d9a01af310b825d9aa80dc11638
                                          • Instruction ID: 31c2d875faa2236f140c4129e431795047886421afb2777a8d59fe366a008108
                                          • Opcode Fuzzy Hash: 73b5856a772a6793634ee7861e4b353211fe8d9a01af310b825d9aa80dc11638
                                          • Instruction Fuzzy Hash: 64811572208702DFC700CFA4C884B5AB7E8BF89714F048A5DE9959B250E774E916CF92
                                          Function 6E0E12A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                          • String ID: invalid string position$string too long
                                          • API String ID: 2168136238-4289949731
                                          • Opcode ID: 61f1305257c28a363950aee4cfc8407ba14091d4252eb46349e0a975208fda50
                                          • Instruction ID: f2db60c5089030e48f648002b0519c496eac0bd11e874aa7e8326f1c0bfab561
                                          • Opcode Fuzzy Hash: 61f1305257c28a363950aee4cfc8407ba14091d4252eb46349e0a975208fda50
                                          • Instruction Fuzzy Hash: 9C4173713002159FE714CFEDD890B9EB3AAEB89354764093EE4A2CBF45D770D88987A1
                                          Function 6E0F4BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F4BDC
                                          • VariantInit.OLEAUT32(?), ref: 6E0F4BE5
                                          • VariantInit.OLEAUT32(?), ref: 6E0F4BEB
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0F4BF6
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F4C2A
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4C37
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F5107
                                          • VariantClear.OLEAUT32(?), ref: 6E0F5117
                                          • VariantClear.OLEAUT32(?), ref: 6E0F511D
                                          • VariantClear.OLEAUT32(?), ref: 6E0F5123
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 2515392200-0
                                          • Opcode ID: ec7cc0080c02e614e2659f995749b4c0bfdbee430f8b85e6844c87d8ff8338d7
                                          • Instruction ID: b738a3f09bd278dc00e4bf2c57bef7514c1521ecdba8e9e78661cb228a4fef0a
                                          • Opcode Fuzzy Hash: ec7cc0080c02e614e2659f995749b4c0bfdbee430f8b85e6844c87d8ff8338d7
                                          • Instruction Fuzzy Hash: DE12D675615705AFC758DBD8DD84DAAB3B9BF8D300F148668F90A9BB91CA30F841CB90
                                          Function 6E0F49B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(6E1505A8), ref: 6E0F49EE
                                          • VariantInit.OLEAUT32(?), ref: 6E0F49F7
                                          • VariantInit.OLEAUT32(?), ref: 6E0F49FD
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0F4A08
                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6E0F4A39
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4A45
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F4B66
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4B76
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4B7C
                                          • VariantClear.OLEAUT32(6E1505A8), ref: 6E0F4B82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 2515392200-0
                                          • Opcode ID: 4cf86fc9bbe6878f68f810841ebe9eb85e0ca46ea65bb28da9ca15a8e612134b
                                          • Instruction ID: 659670d9cf198761289baf1fbcde32e6b4f82403b3b9e8f9af65ff6ba64bedb3
                                          • Opcode Fuzzy Hash: 4cf86fc9bbe6878f68f810841ebe9eb85e0ca46ea65bb28da9ca15a8e612134b
                                          • Instruction Fuzzy Hash: 77513DB2A00219EFDB04DFA4CD84FAEB7B8FF89310F044559E915EB245D735A902CBA0
                                          Function 6E0F47D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F480C
                                          • VariantInit.OLEAUT32(?), ref: 6E0F4815
                                          • VariantInit.OLEAUT32(?), ref: 6E0F481B
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0F4826
                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6E0F485B
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4868
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0F4974
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4984
                                          • VariantClear.OLEAUT32(?), ref: 6E0F498A
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4990
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 2515392200-0
                                          • Opcode ID: 53924adee7a18d40a6b273f2f7366eaf6e1404b164a23a26cfd81abf82a7af2c
                                          • Instruction ID: 4b6135dfa292966fd67ffd4eacf8c175d102c7761c9e87d1dee09679259f1a55
                                          • Opcode Fuzzy Hash: 53924adee7a18d40a6b273f2f7366eaf6e1404b164a23a26cfd81abf82a7af2c
                                          • Instruction Fuzzy Hash: 87513DB2904249EFDB14DFE4CD84EAEB7B9FF89310F14456DE906AB640D730A906CB90
                                          Function 6E0EDCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0EDD00
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6E0EDD10
                                          • SafeArrayPutElement.OLEAUT32(00000000,6E0F2FFF,?), ref: 6E0EDD47
                                          • VariantClear.OLEAUT32(?), ref: 6E0EDD4F
                                          • SafeArrayPutElement.OLEAUT32(00000000,6E0F2FFF,?), ref: 6E0EDD6D
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6E0EDDA4
                                          • VariantClear.OLEAUT32(?), ref: 6E0EDDAC
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0EDE16
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0EDE27
                                          • VariantClear.OLEAUT32(?), ref: 6E0EDE31
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                          • String ID:
                                          • API String ID: 3525949229-0
                                          • Opcode ID: 93e11c39dab46146d137a29b26c12cd8ee018687aa1e54a03f52bacc8c43fb9d
                                          • Instruction ID: f333a0e1ad26aa7a668a60e770cc0f48a6ebc0615585a59397bdf5748e0baa55
                                          • Opcode Fuzzy Hash: 93e11c39dab46146d137a29b26c12cd8ee018687aa1e54a03f52bacc8c43fb9d
                                          • Instruction Fuzzy Hash: 22515D75A00609AFDB00DFA4D898FDEBBB8FF99700F108129EA1597714DB34A901CFA0
                                          Function 6E10C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E10C213
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                          • API String ID: 1823113695-1254974138
                                          • Opcode ID: 40fc02f4f3436877f566211d31084dd30553a8e15663b762fb9d7cc1f3eec76c
                                          • Instruction ID: c4d13c2c4f65d3e62eef97d114338f94e0227d3dcc0a966b6cd2a0b7dfb48826
                                          • Opcode Fuzzy Hash: 40fc02f4f3436877f566211d31084dd30553a8e15663b762fb9d7cc1f3eec76c
                                          • Instruction Fuzzy Hash: 92916871A00209AFC718CF99DC90EEEB7B9EB88314F14861DE555DB744DB70BA44CB91
                                          Function 6E0E0CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                          • String ID: invalid string position$string too long
                                          • API String ID: 2168136238-4289949731
                                          • Opcode ID: 4b1f09f37d81845e92e9bcae9077029d4165db93b337cb6d27f8647bbbc77451
                                          • Instruction ID: 92a50e27f0850d1877cb7b07258c730e9934d10432f02eae3c2f7c509fa2bdac
                                          • Opcode Fuzzy Hash: 4b1f09f37d81845e92e9bcae9077029d4165db93b337cb6d27f8647bbbc77451
                                          • Instruction Fuzzy Hash: C35192323181059FD724CE9CD890B5EB3EADB89354B20893AE895C7B88EF70E8518791
                                          Function 6E101B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6E101C5E
                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6E101C69
                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6E101CA2
                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6E101CC1
                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6E101CCC
                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6E101D0A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AddressHandleLibraryLoadModuleProc
                                          • String ID: User32.dll$kernel32.dll
                                          • API String ID: 310444273-1965990335
                                          • Opcode ID: 672353cf081edbe0c56580ae0a7a0e8294b672567fa0993695097d232f6ba8d5
                                          • Instruction ID: 5fdd42f7b237f0b0acec3413c804b8a67b563930f32d9091ce12cab1c939b7e4
                                          • Opcode Fuzzy Hash: 672353cf081edbe0c56580ae0a7a0e8294b672567fa0993695097d232f6ba8d5
                                          • Instruction Fuzzy Hash: C8615074200B019FC760CF98C591B6BBBF2FB45314F608958D5968BB42DB36EC8ADB41
                                          Function 6E144409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • UnDecorator::getArgumentList.LIBCMT ref: 6E14442E
                                            • Part of subcall function 6E143FC9: Replicator::operator[].LIBCMT ref: 6E14404C
                                            • Part of subcall function 6E143FC9: DName::operator+=.LIBCMT ref: 6E144054
                                          • DName::operator+.LIBCMT ref: 6E144487
                                          • DName::DName.LIBCMT ref: 6E1444DF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                          • API String ID: 834187326-2211150622
                                          • Opcode ID: cb8f79654c5d8e2a1c7766c4139caba3a65839ebcc8b7b8dac63e719fe6124d5
                                          • Instruction ID: 8f520f8d4b28f840f0dcd4f486c609b54b2b2cea9c76c4d57b632271ef84ff6b
                                          • Opcode Fuzzy Hash: cb8f79654c5d8e2a1c7766c4139caba3a65839ebcc8b7b8dac63e719fe6124d5
                                          • Instruction Fuzzy Hash: D021C5B0204509DFCF01CF98C4949A97BF5EB5A789B14C195E865DF356CB30D983EB50
                                          Function 6E145D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • UnDecorator::UScore.LIBCMT ref: 6E145D40
                                          • DName::DName.LIBCMT ref: 6E145D4C
                                            • Part of subcall function 6E143B3B: DName::doPchar.LIBCMT ref: 6E143B6C
                                          • UnDecorator::getScopedName.LIBCMT ref: 6E145D8B
                                          • DName::operator+=.LIBCMT ref: 6E145D95
                                          • DName::operator+=.LIBCMT ref: 6E145DA4
                                          • DName::operator+=.LIBCMT ref: 6E145DB0
                                          • DName::operator+=.LIBCMT ref: 6E145DBD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                          • String ID: void
                                          • API String ID: 1480779885-3531332078
                                          • Opcode ID: 5ab51e58ab26e54242e051da80388a816a8c99e66d80e210d0f6f19300b1f4a6
                                          • Instruction ID: 00f877dfce703fe9769d15b9c967e39eb9c7a3ecc31fc906ccb51191538e630f
                                          • Opcode Fuzzy Hash: 5ab51e58ab26e54242e051da80388a816a8c99e66d80e210d0f6f19300b1f4a6
                                          • Instruction Fuzzy Hash: 721182B1504204EFDB05EBE8C89CBED7BB4AF11705F104498E4699B391DB70AAC7EB41
                                          Function 6E0FC850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0FC88F
                                          • VariantInit.OLEAUT32(?), ref: 6E0FC895
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FC8A0
                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E0FC8D5
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC8E1
                                          • std::tr1::_Xweak.LIBCPMT ref: 6E0FCB1C
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FCB39
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCB49
                                          • VariantClear.OLEAUT32(?), ref: 6E0FCB4F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                          • String ID:
                                          • API String ID: 1774866819-0
                                          • Opcode ID: 442e7d3470bf5d14e16acbd028399b15a796ffb967184e14bfbbdb6dcf93c627
                                          • Instruction ID: a4ec218efae8038e2da466d2f0634145e367f5a68bed1e324c340d15e1cc6b93
                                          • Opcode Fuzzy Hash: 442e7d3470bf5d14e16acbd028399b15a796ffb967184e14bfbbdb6dcf93c627
                                          • Instruction Fuzzy Hash: 2CB12875600649EFCB14DFA8C884EEAB7F5BF8D310F15856CE906AB791DA34B841CB60
                                          Function 6E0F3F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0F3F7B
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F3F8D
                                          • VariantInit.OLEAUT32(?), ref: 6E0F3FB7
                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F3FD0
                                          • VariantClear.OLEAUT32(?), ref: 6E0F40C9
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4105
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F4123
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4157
                                          • VariantClear.OLEAUT32(?), ref: 6E0F4168
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                          • String ID:
                                          • API String ID: 758290628-0
                                          • Opcode ID: d59e4759fdc866c97e15878a69c26bb9c2ed8a3892b1bac2e212e6c51b543e0c
                                          • Instruction ID: 7d550765ce5c2c6215b42073020bcd2207247efe71530244e1f4d0dff8039c90
                                          • Opcode Fuzzy Hash: d59e4759fdc866c97e15878a69c26bb9c2ed8a3892b1bac2e212e6c51b543e0c
                                          • Instruction Fuzzy Hash: 35716B76108342EFC700DFA8C8C4A5BBBE8BBD9350F144A2DF99587250D735E95ACB92
                                          Function 6E0DFC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,E0F806C9), ref: 6E0DFC98
                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,E0F806C9), ref: 6E0DFCAD
                                          • CloseHandle.KERNEL32(?,?,?,00000000,E0F806C9), ref: 6E0DFCB7
                                          • SetLastError.KERNEL32(00000000,?,?,00000000,E0F806C9), ref: 6E0DFCBA
                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,E0F806C9), ref: 6E0DFD01
                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,E0F806C9), ref: 6E0DFD14
                                          • GetLastError.KERNEL32(?,?,00000000,E0F806C9), ref: 6E0DFD2A
                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,E0F806C9), ref: 6E0DFD6B
                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,E0F806C9), ref: 6E0DFD98
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                          • String ID:
                                          • API String ID: 1303881157-0
                                          • Opcode ID: 1afc6115176b9239d98cd6745a1a61da1e283e618c522279557e5a1fcfffe4ee
                                          • Instruction ID: e77458848406e497ebe4e7c2f8e6de83c800f80b4781d247f104883b54284e20
                                          • Opcode Fuzzy Hash: 1afc6115176b9239d98cd6745a1a61da1e283e618c522279557e5a1fcfffe4ee
                                          • Instruction Fuzzy Hash: 1C51B6B5604302AFDB008FB4CC95B9A77E9AF493A4F25C659EC15CF2C5D770D81A8BA0
                                          Function 6E1342B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E1342DD
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E134363
                                          • _memmove.LIBCMT ref: 6E134381
                                          • _memmove.LIBCMT ref: 6E1343E6
                                          • _memmove.LIBCMT ref: 6E134453
                                          • _memmove.LIBCMT ref: 6E134474
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 4034224661-3788999226
                                          • Opcode ID: 2a8664f6c7f1123078a6631c7af58a7e0e5c2824e4b614e971cd706e8c9beb62
                                          • Instruction ID: 5b032d2f4ba967b7c8fbbb95690b5fd1886c0a47123a063e1e747d10b77314be
                                          • Opcode Fuzzy Hash: 2a8664f6c7f1123078a6631c7af58a7e0e5c2824e4b614e971cd706e8c9beb62
                                          • Instruction Fuzzy Hash: 7B51D1B27042128FD718CFA8DC94D6BB7E9EBD4314F244E2DE856C3344EA71E945C6A1
                                          Function 6E104B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                          • String ID: invalid string position$string too long
                                          • API String ID: 2168136238-4289949731
                                          • Opcode ID: 20f70ac6a211ea6a4d7753796fc558221388099df0676d84e5dc0e50fa0e1030
                                          • Instruction ID: cb3f17bfc40b45acc62ac2396914c34280532ed3ca0b44013140eec71053deab
                                          • Opcode Fuzzy Hash: 20f70ac6a211ea6a4d7753796fc558221388099df0676d84e5dc0e50fa0e1030
                                          • Instruction Fuzzy Hash: 3141D5723046118BE324CE9CD9D0A5EF3EAEBF5314B610D1EE161C7694CF609CC69361
                                          Function 6E0EFFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RSDi
                                          • API String ID: 4225690600-559181253
                                          • Opcode ID: 0e2ea8be5b02a8629b2d9514955cc999f1917ca1b91b1790908b75e4a5ec171f
                                          • Instruction ID: d718f90913e78c630ea885001ce30995bba48cbbae25be2934038b850da9d46d
                                          • Opcode Fuzzy Hash: 0e2ea8be5b02a8629b2d9514955cc999f1917ca1b91b1790908b75e4a5ec171f
                                          • Instruction Fuzzy Hash: A5414B74A00619DFCB40CFA9C990B5EB7FAAF89300F60858AE909DB355DB31E842CF50
                                          Function 6E0F0815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RSUa
                                          • API String ID: 4225690600-2086061799
                                          • Opcode ID: 6701f4a60c28281386c086a2347008753d08a07c3b2973e2554d338bc9424d70
                                          • Instruction ID: 79b3777b4dab144e8c3e4598ac42cbee3053152d61b6a9d2f3bab99bf9c6e20a
                                          • Opcode Fuzzy Hash: 6701f4a60c28281386c086a2347008753d08a07c3b2973e2554d338bc9424d70
                                          • Instruction Fuzzy Hash: E7314CB0E00619DFDB40CBA9C990B5DB7F9AF89300F208586E818E7251DB71E982CF50
                                          Function 6E0F06F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RSqb
                                          • API String ID: 4225690600-347567867
                                          • Opcode ID: 3dbd39ee482ec30c6772147375ef0ac1451d7b5bae4ba5b80335cbe7a2b1128b
                                          • Instruction ID: 617b4467edfc90128df5ce547673e36ad96c1202ee1c753a3cecb5cd5549d86b
                                          • Opcode Fuzzy Hash: 3dbd39ee482ec30c6772147375ef0ac1451d7b5bae4ba5b80335cbe7a2b1128b
                                          • Instruction Fuzzy Hash: F2312AB0E00619DFCB40CFA9CD90B9EB7F9AF89300F208596E919E7251DB75E9818F50
                                          Function 6E0F0787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RSa
                                          • API String ID: 4225690600-3169278968
                                          • Opcode ID: 84eee558194cf744c348ef85da959d4e41121bc31b13c84825df3871407a806e
                                          • Instruction ID: 0f7636f78ac72d4fbd8633d353195b4580433a4b1d9556b570aed48b6f261309
                                          • Opcode Fuzzy Hash: 84eee558194cf744c348ef85da959d4e41121bc31b13c84825df3871407a806e
                                          • Instruction Fuzzy Hash: C5314AB0E00619DFCB40CFA9C990B5DB7F9AF89300F208596E818E7251DB75E9828F50
                                          Function 6E0F0237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RS3g
                                          • API String ID: 4225690600-2794631155
                                          • Opcode ID: 47a9a46d6f0a83550e1166d402d4736eadfb67f9664652d2441e13acdaa16b6c
                                          • Instruction ID: d8a70152a116a641462021b54527f34c54eaa872c3f7fa383a68cfdf2942e28c
                                          • Opcode Fuzzy Hash: 47a9a46d6f0a83550e1166d402d4736eadfb67f9664652d2441e13acdaa16b6c
                                          • Instruction Fuzzy Hash: AD314BB0A00619DFCB40CFA8CD90B9DB7F9AF89300F608696E818E7255DB71E981CF50
                                          Function 6E0F012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RS:h
                                          • API String ID: 4225690600-3891202347
                                          • Opcode ID: 39cbe7f74ecfbb4fad7a2ee889aca6c931efbc05b56e396a66472298c9949dfe
                                          • Instruction ID: 6e72a10fcc68fe4afa19c85ea47079cb06a104179013556628f2d48d398e61de
                                          • Opcode Fuzzy Hash: 39cbe7f74ecfbb4fad7a2ee889aca6c931efbc05b56e396a66472298c9949dfe
                                          • Instruction Fuzzy Hash: CA312AB0E00619DFDB50CFA9CD90B5EB7F9AF89300F208596E818E7255DB75E9828F50
                                          Function 6E12C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          • type_info::operator!=.LIBCMT ref: 6E12C7EB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: type_info::operator!=
                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                          • API String ID: 2241493438-339133643
                                          • Opcode ID: 16d6ccece6c880c3317ade94d24196a00c31cf7fb87b806caaf45fb75a55eedd
                                          • Instruction ID: bdb9d705bb2b8649a776376ebaeb97b73ae056776dc70d61201f2c30cc0c5751
                                          • Opcode Fuzzy Hash: 16d6ccece6c880c3317ade94d24196a00c31cf7fb87b806caaf45fb75a55eedd
                                          • Instruction Fuzzy Hash: 543139B09143458FCB40DFA8C85658ABBE5BFD5204F144A2EF555AF360EB70D8C8DB86
                                          Function 6E0F0457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID: RS%e
                                          • API String ID: 4225690600-1409579784
                                          • Opcode ID: 63b72bab352b0f312b0cafcf7a85bee105dc69ee7349a74c83c181875ee39ac7
                                          • Instruction ID: 705c2119d8d8d9f02e5221125de7bbb0fc70abdfbe7ba9140c30ca8b6415fc50
                                          • Opcode Fuzzy Hash: 63b72bab352b0f312b0cafcf7a85bee105dc69ee7349a74c83c181875ee39ac7
                                          • Instruction Fuzzy Hash: 80314BB0A00658DFCB10CBA9CC80B9DB7F9AF85300F20859AE959E7241CB75ED81CF50
                                          Function 6E0EAA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ClearInit
                                          • String ID:
                                          • API String ID: 2610073882-0
                                          • Opcode ID: e9c816572e6c38a04492a6d534013b14c0edd44d64768f2a3e2cc2863b874db4
                                          • Instruction ID: 3e44ca52d193c8a303a625bb16459c2df8d35718edbdb1fd158039ea86db78d9
                                          • Opcode Fuzzy Hash: e9c816572e6c38a04492a6d534013b14c0edd44d64768f2a3e2cc2863b874db4
                                          • Instruction Fuzzy Hash: F4C146716087019FC300DFA8C880A5AB7FABFCC744F248A6DE5959B365D735E845CB92
                                          Function 6E0E9D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0E9DEB
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0E9DFB
                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0E9E29
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0E9F25
                                          • VariantClear.OLEAUT32(?), ref: 6E0E9FE5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                          • String ID: @
                                          • API String ID: 3214203402-2766056989
                                          • Opcode ID: 677612086654c1aa49660d4e42671331f406b64ea7eda9118d916100d4ec36b2
                                          • Instruction ID: 02a81f58bdc597e7bd0e731a0ff36243e78592c3873a97dacc98c39222b49e52
                                          • Opcode Fuzzy Hash: 677612086654c1aa49660d4e42671331f406b64ea7eda9118d916100d4ec36b2
                                          • Instruction Fuzzy Hash: 8FD16971D0024ACFDB04DFE8C880AADBBF5BF88304F6485A9E515AB755D731AA46CF90
                                          Function 6E0EB300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0EB3EB
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0EB3FB
                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0EB429
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0EB525
                                          • VariantClear.OLEAUT32(?), ref: 6E0EB5E5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                          • String ID: @
                                          • API String ID: 3214203402-2766056989
                                          • Opcode ID: ea5a000ac2044dd5944b3b5b03c489681730eacd2f85624cf8c9cd3c5ea46de4
                                          • Instruction ID: c556da6b68bc342a53c70e309e2079878fd5ff8181e15d481a7612658c584909
                                          • Opcode Fuzzy Hash: ea5a000ac2044dd5944b3b5b03c489681730eacd2f85624cf8c9cd3c5ea46de4
                                          • Instruction Fuzzy Hash: B1D147B190024ACFDB10DFE8C890BADBBF5FF48304F648569E515AB658D734AA46CF90
                                          Function 6E111580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E1116B2
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • __CxxThrowException@8.LIBCMT ref: 6E11180A
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          Strings
                                          • : this key is too short to encrypt any messages, xrefs: 6E11162A
                                          • exceeds the maximum of , xrefs: 6E11173F
                                          • for this public key, xrefs: 6E111771
                                          • : message length of , xrefs: 6E11170D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                          • API String ID: 3807434085-412673420
                                          • Opcode ID: b1d3d6c19b37213f8832a07264801ed8b18a2bb47c78aefbeba89a367dec59dd
                                          • Instruction ID: c7e11d70ab9dc2ef85e78e4b16ef60e1b78f1ec5c2be15523c65a65455150d10
                                          • Opcode Fuzzy Hash: b1d3d6c19b37213f8832a07264801ed8b18a2bb47c78aefbeba89a367dec59dd
                                          • Instruction Fuzzy Hash: 0CB14B712083809FD320DBA8C890FDBB7E9AFD9304F14891DE59D87351DB30A9498BA3
                                          Function 6E131250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E13126E
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E1312E0
                                          • _memmove.LIBCMT ref: 6E131305
                                          • _memmove.LIBCMT ref: 6E131342
                                          • _memmove.LIBCMT ref: 6E13135F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: deque<T> too long
                                          • API String ID: 4034224661-309773918
                                          • Opcode ID: 77e34aa1468139727dda7cb49607bc10a904952116944c08f8755da28c92e6ba
                                          • Instruction ID: 524828a5344c6b100902f8429923efa4f33d00451507dc04aa2a9488af7d1505
                                          • Opcode Fuzzy Hash: 77e34aa1468139727dda7cb49607bc10a904952116944c08f8755da28c92e6ba
                                          • Instruction Fuzzy Hash: 1B410A72B042114BD714CE68DC9056BB7DAEBD4320F298A2CE809D7348FA34ED49C791
                                          Function 6E1313A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E1313BE
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E131431
                                          • _memmove.LIBCMT ref: 6E131456
                                          • _memmove.LIBCMT ref: 6E131493
                                          • _memmove.LIBCMT ref: 6E1314B0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: deque<T> too long
                                          • API String ID: 4034224661-309773918
                                          • Opcode ID: 6a763088b94370931e299a0966d7ee10226981406f6d41436d711aae6e6d1658
                                          • Instruction ID: e31d41c7e78daced8c0ae16cb0dd443d0c1fda1bc72d6b7d95214cfd59fd35f1
                                          • Opcode Fuzzy Hash: 6a763088b94370931e299a0966d7ee10226981406f6d41436d711aae6e6d1658
                                          • Instruction Fuzzy Hash: 08410B72B042155BD704CE68DC9156BB7DAEBD4310F298A2CE849D7344FB34ED45C7A1
                                          Function 6E0D4D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DA9
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E13913A
                                            • Part of subcall function 6E139125: __CxxThrowException@8.LIBCMT ref: 6E13914F
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E139160
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DCA
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DE5
                                          • _memmove.LIBCMT ref: 6E0D4E4D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                          • String ID: invalid string position$string too long
                                          • API String ID: 443534600-4289949731
                                          • Opcode ID: 0450877654adc40dfa86117fdf28e1334e48f2c12ff21e9eb70277f590f57ba9
                                          • Instruction ID: b24a6b0e3f51aa55722613f547ae10aebdd6b412081abd4666eb157bcc99a02b
                                          • Opcode Fuzzy Hash: 0450877654adc40dfa86117fdf28e1334e48f2c12ff21e9eb70277f590f57ba9
                                          • Instruction Fuzzy Hash: 9331D632304311AFD724CFDCE890B6AF3EDAB94364B200A2EE552CB744C770D8458391
                                          Function 6E1444E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::
                                          • String ID: throw(
                                          • API String ID: 168861036-3159766648
                                          • Opcode ID: 28403aa753db2b52af55f1e38f2e434ac8967d4dd7c745afc71734f33792eea0
                                          • Instruction ID: 2dfbfe844368ba863a434dde206897bec5831121f85b28b26d6358a5092e21cd
                                          • Opcode Fuzzy Hash: 28403aa753db2b52af55f1e38f2e434ac8967d4dd7c745afc71734f33792eea0
                                          • Instruction Fuzzy Hash: B60180B0600109EFCF04DFE4C899DEE7BB9AB44308F044455E9119F394DB30A987AB90
                                          Function 6E13CCF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • __getptd_noexit.LIBCMT ref: 6E13CCFA
                                            • Part of subcall function 6E13EA6D: GetLastError.KERNEL32(?,?,6E13D7DD,6E139DEF,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E13EA71
                                            • Part of subcall function 6E13EA6D: ___set_flsgetvalue.LIBCMT ref: 6E13EA7F
                                            • Part of subcall function 6E13EA6D: __calloc_crt.LIBCMT ref: 6E13EA93
                                            • Part of subcall function 6E13EA6D: DecodePointer.KERNEL32(00000000,?,?,6E13D7DD,6E139DEF,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E13EAAD
                                            • Part of subcall function 6E13EA6D: GetCurrentThreadId.KERNEL32 ref: 6E13EAC3
                                            • Part of subcall function 6E13EA6D: SetLastError.KERNEL32(00000000,?,?,6E13D7DD,6E139DEF,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E13EADB
                                          • __calloc_crt.LIBCMT ref: 6E13CD1C
                                          • __get_sys_err_msg.LIBCMT ref: 6E13CD3A
                                          • _strcpy_s.LIBCMT ref: 6E13CD42
                                          • __invoke_watson.LIBCMT ref: 6E13CD57
                                          Strings
                                          • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 6E13CD07, 6E13CD2A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                          • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                          • API String ID: 3117964792-798102604
                                          • Opcode ID: 85209ed9f0431e4ab8739ed9c78b29547428c82a153811003766b2fd5924eb08
                                          • Instruction ID: 701b3ff6c38c81daa4d1e1066a35d07e7bab3e5f2b597f0fa60acf66b5871ebe
                                          • Opcode Fuzzy Hash: 85209ed9f0431e4ab8739ed9c78b29547428c82a153811003766b2fd5924eb08
                                          • Instruction Fuzzy Hash: A7F024B36083346BC31065EA9C8098B7AAD9B91769B310C3AF559BF200E625ECC171F5
                                          Function 6E13E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6E169880,00000008,6E13EAC1,00000000,00000000,?,?,6E13D7DD,6E139DEF,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E13E9CA
                                          • __lock.LIBCMT ref: 6E13E9FE
                                            • Part of subcall function 6E142438: __mtinitlocknum.LIBCMT ref: 6E14244E
                                            • Part of subcall function 6E142438: __amsg_exit.LIBCMT ref: 6E14245A
                                            • Part of subcall function 6E142438: EnterCriticalSection.KERNEL32(6E139BD4,6E139BD4,?,6E13EA03,0000000D), ref: 6E142462
                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6E13EA0B
                                          • __lock.LIBCMT ref: 6E13EA1F
                                          • ___addlocaleref.LIBCMT ref: 6E13EA3D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                          • String ID: KERNEL32.DLL
                                          • API String ID: 637971194-2576044830
                                          • Opcode ID: 4ce2171c2010d5dc01e3fe6c6f24dceebd88f02fe75ce063d43e40f2c1956da1
                                          • Instruction ID: 55f80f2f48f2cb8eba36d727ef4b34638c1e27cfc6c0cce149f433393ca66004
                                          • Opcode Fuzzy Hash: 4ce2171c2010d5dc01e3fe6c6f24dceebd88f02fe75ce063d43e40f2c1956da1
                                          • Instruction Fuzzy Hash: B5015BB1545B04DED720DFA5C405789BBE4EF41328F208909D5A6973A0CB70AAC4EB11
                                          Function 6E0EE120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6E0EE29B
                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6E0EE2B6
                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6E0EE2D7
                                            • Part of subcall function 6E0F5760: std::tr1::_Xweak.LIBCPMT ref: 6E0F5769
                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6E0EE309
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0EE523
                                          • InterlockedCompareExchange.KERNEL32(6E17C6A4,45524548,4B4F4F4C), ref: 6E0EE544
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                          • String ID:
                                          • API String ID: 2722669376-0
                                          • Opcode ID: e81a4d6608f0dcb7f9d5c089a81ed95c2313f0816e6fb70d053852817ecddb27
                                          • Instruction ID: 47135fc523e5e3fe9143d37c3caddc83979719d2f7f16f0fa33ad887abdc9b9a
                                          • Opcode Fuzzy Hash: e81a4d6608f0dcb7f9d5c089a81ed95c2313f0816e6fb70d053852817ecddb27
                                          • Instruction Fuzzy Hash: 02D1C3B1A002099FDB10CFE4C894BEE77F8EF45304F148979E916AB681E774E945CBA1
                                          Function 6E0F8A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 0e2ea8be5b02a8629b2d9514955cc999f1917ca1b91b1790908b75e4a5ec171f
                                          • Instruction ID: d2d2e949745aa60fe5fe029bf0f6de4d539140978238edf04ab410058c5d3c72
                                          • Opcode Fuzzy Hash: 0e2ea8be5b02a8629b2d9514955cc999f1917ca1b91b1790908b75e4a5ec171f
                                          • Instruction Fuzzy Hash: E7413B74A01619DFDB40DFA9C990B5EB7FAAF89300F20858AE919DB355DB31E842CF50
                                          Function 6E0F8DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 147b4f80eda68db4544855175a2e0199eb17c23a1387a9daa10839a6864cdb2c
                                          • Instruction ID: d44d8dd4ff510eb8c931ce1eda30a96703373137711715fef8c9d65a7eee0b32
                                          • Opcode Fuzzy Hash: 147b4f80eda68db4544855175a2e0199eb17c23a1387a9daa10839a6864cdb2c
                                          • Instruction Fuzzy Hash: C5414C70A00619DFDB00CFA9CC90B9EB7F9AF89200F608596E919E7255C731E941CF50
                                          Function 6E0F0338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 147b4f80eda68db4544855175a2e0199eb17c23a1387a9daa10839a6864cdb2c
                                          • Instruction ID: 532683ff4f1fac09e1e8c74c1363bb853f0dc3ce95333e0c66a1ff681068a5d1
                                          • Opcode Fuzzy Hash: 147b4f80eda68db4544855175a2e0199eb17c23a1387a9daa10839a6864cdb2c
                                          • Instruction Fuzzy Hash: EE415DB0A00619DFDB40CFA9CD90B9DB7F9AF89300F24859AE918E7255DB71E941CF50
                                          Function 6E0F8F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: dbffba81367f660e2e5c3dfe9fd515b8ab1685e49e731ece1787aad1aef622b5
                                          • Instruction ID: b9f73c31a88c1bb8efe1b364d908fe2f20c4a7adf1d48c9d27a7fa6cd12fb236
                                          • Opcode Fuzzy Hash: dbffba81367f660e2e5c3dfe9fd515b8ab1685e49e731ece1787aad1aef622b5
                                          • Instruction Fuzzy Hash: F9310870A00619DFCB50CFA9CC90B9EB7FAAF89200F608586E919E7255DB75E942CF50
                                          Function 6E0F8CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 47a9a46d6f0a83550e1166d402d4736eadfb67f9664652d2441e13acdaa16b6c
                                          • Instruction ID: 18c06a33fa3290a1a36862a942470f43cbd9acebef68fa5875dd6c003889da28
                                          • Opcode Fuzzy Hash: 47a9a46d6f0a83550e1166d402d4736eadfb67f9664652d2441e13acdaa16b6c
                                          • Instruction Fuzzy Hash: 80313A70E00619DFCB40CFA9CD90B9EB7F9AF89200F208696E819EB255CB75E941CF50
                                          Function 6E0F8BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 39cbe7f74ecfbb4fad7a2ee889aca6c931efbc05b56e396a66472298c9949dfe
                                          • Instruction ID: d41def8cb7d07ca9540e918b7b6ab893a63df05293c5208eb77cd27782627f73
                                          • Opcode Fuzzy Hash: 39cbe7f74ecfbb4fad7a2ee889aca6c931efbc05b56e396a66472298c9949dfe
                                          • Instruction Fuzzy Hash: 4A313970E00619DFDB50CFA9CC90B9EB7F9AF89200F248596E819E7255C775E981CF50
                                          Function 6E0F0668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: b9244fbd6309801b1099a24629abf63316a5eda22c9995a1c84569e7c18d5d8a
                                          • Instruction ID: 0749dcaed4e98932eb19f6a4a0cddfdbadbe1075e07aa0f8710fc3e0013b947d
                                          • Opcode Fuzzy Hash: b9244fbd6309801b1099a24629abf63316a5eda22c9995a1c84569e7c18d5d8a
                                          • Instruction Fuzzy Hash: 7D313BB0A00619DFCB40CFA9CD90B9DB7F9AF89300F20859AE919E7251DB75E981CF50
                                          Function 6E0F04D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: dbffba81367f660e2e5c3dfe9fd515b8ab1685e49e731ece1787aad1aef622b5
                                          • Instruction ID: d9001bf7eff6dab6671c87cbd64be43da452c4b2f2571f32fa70d6e096c5c72a
                                          • Opcode Fuzzy Hash: dbffba81367f660e2e5c3dfe9fd515b8ab1685e49e731ece1787aad1aef622b5
                                          • Instruction Fuzzy Hash: 0D313DB0A00619DFCB40CFA9CD90B5EB7F9AF89300F208596E918E7255DB75E9818F50
                                          Function 6E0F05DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: ac5166c0ea7945122a3ba0cbc937a7810e39d36de102b9d626286c13ec2ef949
                                          • Instruction ID: 25cc750032615b6e9d7d934d5dbdcee3cbd09b7d7bd9458629cdd640849f9c08
                                          • Opcode Fuzzy Hash: ac5166c0ea7945122a3ba0cbc937a7810e39d36de102b9d626286c13ec2ef949
                                          • Instruction Fuzzy Hash: 6B314BB0A00619DFCB40CFA8CD90B5DB7F9AF89300F208596E818E7241DB75E981CF50
                                          Function 6E0F9237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 84eee558194cf744c348ef85da959d4e41121bc31b13c84825df3871407a806e
                                          • Instruction ID: c2907261a88b6eb003a6f57004d9fbf57511087d26967845401e580de8e91655
                                          • Opcode Fuzzy Hash: 84eee558194cf744c348ef85da959d4e41121bc31b13c84825df3871407a806e
                                          • Instruction Fuzzy Hash: 57312870A00619DFCB50DFA8CC90B9EB7F9AF89200F608586E819E7255CB75E942CF50
                                          Function 6E0F92C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 6701f4a60c28281386c086a2347008753d08a07c3b2973e2554d338bc9424d70
                                          • Instruction ID: 494552a6d977d202c34872614ac374821680bf0c9ae630b21f9c4a6b9d4dcd17
                                          • Opcode Fuzzy Hash: 6701f4a60c28281386c086a2347008753d08a07c3b2973e2554d338bc9424d70
                                          • Instruction Fuzzy Hash: DB312870A00619DFCB50CFA8C890B9EB7F9AF89300F608586E819E7255CB75E981CF50
                                          Function 6E0F908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: ac5166c0ea7945122a3ba0cbc937a7810e39d36de102b9d626286c13ec2ef949
                                          • Instruction ID: 63dc5ea19b33be5be36cf1681f29c94b02edf25e282e5bd5438c041c6101e813
                                          • Opcode Fuzzy Hash: ac5166c0ea7945122a3ba0cbc937a7810e39d36de102b9d626286c13ec2ef949
                                          • Instruction Fuzzy Hash: 28312870E00619DFCB50CFA8C990B9EB7F9AF89200F60858AE919E7255D775E942CF50
                                          Function 6E0F9118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: b9244fbd6309801b1099a24629abf63316a5eda22c9995a1c84569e7c18d5d8a
                                          • Instruction ID: 454e57ec7a52791ec9eab269f07d10397926938799de541c1c4ec7282ca0c940
                                          • Opcode Fuzzy Hash: b9244fbd6309801b1099a24629abf63316a5eda22c9995a1c84569e7c18d5d8a
                                          • Instruction Fuzzy Hash: 0B312870A00619DFCB50CFA8CD90B9EB7F9AF89200F60859AE819EB255CB75E941CF50
                                          Function 6E0F91A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 3dbd39ee482ec30c6772147375ef0ac1451d7b5bae4ba5b80335cbe7a2b1128b
                                          • Instruction ID: 08a6712fbb28b343077ff1d1e391b1b91fb5ad81b808413c471ccbb375dfd8ec
                                          • Opcode Fuzzy Hash: 3dbd39ee482ec30c6772147375ef0ac1451d7b5bae4ba5b80335cbe7a2b1128b
                                          • Instruction Fuzzy Hash: 2B314970E00619DFCB50CFA8CD90B9EB7F9AF89200F608596E819E7245CB35E981CF50
                                          Function 6E0FC150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6E0FC180
                                          • SafeArrayPutElement.OLEAUT32(00000000,6E0F3749,?), ref: 6E0FC1B8
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC1C4
                                          • VariantCopy.OLEAUT32(6E0F3749,?), ref: 6E0FC21B
                                          • VariantClear.OLEAUT32(?), ref: 6E0FC22F
                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E0FC23E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                          • String ID:
                                          • API String ID: 3979206172-0
                                          • Opcode ID: 25928c66a01e442e1e10ed6a56f9274e9c0dbf885e774ce5bc089b329a3b502a
                                          • Instruction ID: 3dc8ccc248a6159044a83de646ed93807a1faef8c7d2da2fe63dbfe708696cd0
                                          • Opcode Fuzzy Hash: 25928c66a01e442e1e10ed6a56f9274e9c0dbf885e774ce5bc089b329a3b502a
                                          • Instruction Fuzzy Hash: 41313EB5A00609DFDB00DFE4C895B9EBBB8EF99300F108519E916D7350EB35E912CB60
                                          Function 6E0E7370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6E1511FD,000000FF,?,6E0E8B80,00000000,?,00000000,?,6E0E8C13,?,?), ref: 6E0E7415
                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6E1511FD,000000FF,?,6E0E8B80,00000000,?,00000000,?,6E0E8C13,?,?), ref: 6E0E741B
                                          • std::exception::exception.LIBCMT ref: 6E0E743D
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E7452
                                          • std::exception::exception.LIBCMT ref: 6E0E7461
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E7476
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                          • String ID:
                                          • API String ID: 189561132-0
                                          • Opcode ID: 379d188bbc22c1d2d9750460eb7a25dde8086f9abc17a49a0142794f8f1596d4
                                          • Instruction ID: 21445b070207d1f547b138537ae7ccacc783ac75620696d84f38fb69e50b3d6c
                                          • Opcode Fuzzy Hash: 379d188bbc22c1d2d9750460eb7a25dde8086f9abc17a49a0142794f8f1596d4
                                          • Instruction Fuzzy Hash: 77318BB1900B549FCB50CFA9C880A9AFBF8FF58300B54895EE85697B40D731F544CBA1
                                          Function 6E0F8E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 1fa4a7c24614acfb001b7528d2189f81e1a35a4e66f63596cda71809c70b9422
                                          • Instruction ID: 96c68f8a712f0c02684a169834660cd1dddbabe9ed763a87451a1feb07b8f469
                                          • Opcode Fuzzy Hash: 1fa4a7c24614acfb001b7528d2189f81e1a35a4e66f63596cda71809c70b9422
                                          • Instruction Fuzzy Hash: 07313C70E00619DFCB50CFA9CC90B9EB7F9AF89200F24868AE859E7249C775E941CF50
                                          Function 6E0F8F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 63b72bab352b0f312b0cafcf7a85bee105dc69ee7349a74c83c181875ee39ac7
                                          • Instruction ID: 876b504eda32166d896d1c80d722455648a50c87d0bf36c6065818c92159b40f
                                          • Opcode Fuzzy Hash: 63b72bab352b0f312b0cafcf7a85bee105dc69ee7349a74c83c181875ee39ac7
                                          • Instruction Fuzzy Hash: 94312970E00619DFDB50CBA9CC90B9EB7FAAF89300F24869AE819E7245C775E941CF50
                                          Function 6E0F8C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 18e99f8490cb705eca6a32db37992cc12776a323a59a436589d79aa98bb3b9cd
                                          • Instruction ID: 8aa93c7a32e450e5848c2f5a6b0b3e4a9b932cf8118fcfbb36e56048e0a3d678
                                          • Opcode Fuzzy Hash: 18e99f8490cb705eca6a32db37992cc12776a323a59a436589d79aa98bb3b9cd
                                          • Instruction Fuzzy Hash: CA313A70E00619DFDB50DBA9CC90B9EB7F9AF89200F24859AE819E7245C775ED81CF50
                                          Function 6E0F8D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 5aad8302d4da81d665ed8095e274aeff5179d9c6e3e69586ce905283745a169c
                                          • Instruction ID: d6047eeea466166f8cafb8bdcce78309dd7c11e464467aa971ee5843d8f80f26
                                          • Opcode Fuzzy Hash: 5aad8302d4da81d665ed8095e274aeff5179d9c6e3e69586ce905283745a169c
                                          • Instruction Fuzzy Hash: 9C315A70E00618DFCB10CBA9CC90B9EB7F9AF89300F20868AE859E7245C771E981CF50
                                          Function 6E0F8B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 67bd8b4dbdbb15671cfc4b8098259668497a63e8cbc04944cc99cf49119d5772
                                          • Instruction ID: 4b240334956e4cb9f7da4d68f86326e34d1b063c6a1d9b62bc595177daa44efd
                                          • Opcode Fuzzy Hash: 67bd8b4dbdbb15671cfc4b8098259668497a63e8cbc04944cc99cf49119d5772
                                          • Instruction Fuzzy Hash: 0F312970E00618DFCB50CBA9CC90B9EB7F9AF99200F24858AE819E7245C775E942CF50
                                          Function 6E0F884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: b4be868c5ea870a0aa23a79980e4d77a69c87f235e723d13dae21c3ea46e697c
                                          • Instruction ID: e94c851f904a292687a0233fd29a6d31edda80782a943176d428ed7ddf7ad6fa
                                          • Opcode Fuzzy Hash: b4be868c5ea870a0aa23a79980e4d77a69c87f235e723d13dae21c3ea46e697c
                                          • Instruction Fuzzy Hash: E1312B70E00618DFDB50CBA9CC90B9EB7F9AF89200F24858AE819E7245C775E942CF50
                                          Function 6E0F0561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: a9b7704d79281e79abefe58647e5b1f3ad726374d8efaf6ade292b804b8d3a65
                                          • Instruction ID: f0c16bbefb624f9e8bbbe6aad4f785f0184e84f61c32edea0fa5b8a8e11eac3f
                                          • Opcode Fuzzy Hash: a9b7704d79281e79abefe58647e5b1f3ad726374d8efaf6ade292b804b8d3a65
                                          • Instruction Fuzzy Hash: 7B313EB0E00618DFCB50CBA9CD90B9DB7F9AF89300F20859AE919E7245DB75E9918F50
                                          Function 6E0F02C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 5aad8302d4da81d665ed8095e274aeff5179d9c6e3e69586ce905283745a169c
                                          • Instruction ID: a604e7767c8bbc651e1795a55db113fd7a22637c5f1b6460273bc57fdaa94833
                                          • Opcode Fuzzy Hash: 5aad8302d4da81d665ed8095e274aeff5179d9c6e3e69586ce905283745a169c
                                          • Instruction Fuzzy Hash: FE312DB0A00618DFCB50CBA9CD90B9DB7F9AF85300F60869AE859E7245DB71E981CF50
                                          Function 6E0F03DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 1fa4a7c24614acfb001b7528d2189f81e1a35a4e66f63596cda71809c70b9422
                                          • Instruction ID: af75c5b17aa56bab4992010943d33689fd222981048443bc13ba616054c6942e
                                          • Opcode Fuzzy Hash: 1fa4a7c24614acfb001b7528d2189f81e1a35a4e66f63596cda71809c70b9422
                                          • Instruction Fuzzy Hash: 8E313CB0E00618DFCB10CBA9CC90B9DB7F9AF85300F60869AE818E7245CB71E9818F50
                                          Function 6E0F00B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 67bd8b4dbdbb15671cfc4b8098259668497a63e8cbc04944cc99cf49119d5772
                                          • Instruction ID: 79411647916dbe9e17d082de6e917727f5851366718f54987f2c5e7b950296ba
                                          • Opcode Fuzzy Hash: 67bd8b4dbdbb15671cfc4b8098259668497a63e8cbc04944cc99cf49119d5772
                                          • Instruction Fuzzy Hash: 71312BB0A00618DFCB50CBA9CC90B9DB7F9AF85300F20859AE819E7241DB75E9918F50
                                          Function 6E0F01BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: 18e99f8490cb705eca6a32db37992cc12776a323a59a436589d79aa98bb3b9cd
                                          • Instruction ID: b82795d059efc3bb9d25d09a7f020ff1ccd4de969c88f400a27f1db4be9ef22f
                                          • Opcode Fuzzy Hash: 18e99f8490cb705eca6a32db37992cc12776a323a59a436589d79aa98bb3b9cd
                                          • Instruction Fuzzy Hash: D5312DB0E00619DFDB50DBA9CC90B9DB7FAAF85300F24859AE819E7245DB71E9818F50
                                          Function 6E0EFD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: b4be868c5ea870a0aa23a79980e4d77a69c87f235e723d13dae21c3ea46e697c
                                          • Instruction ID: d5fd984d4aead9f124a8a8edce408083c449e1b30a4fa22c19cf04c5bf9483f2
                                          • Opcode Fuzzy Hash: b4be868c5ea870a0aa23a79980e4d77a69c87f235e723d13dae21c3ea46e697c
                                          • Instruction Fuzzy Hash: D8312DB0E00618DFCB50CBA9CD90B9DB7F9AF85200F20859AE459E7241CB71E9818F50
                                          Function 6E0F9011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArrayDestroySafe
                                          • String ID:
                                          • API String ID: 4225690600-0
                                          • Opcode ID: a9b7704d79281e79abefe58647e5b1f3ad726374d8efaf6ade292b804b8d3a65
                                          • Instruction ID: d7aa6516454b21b43f86221587b03e3355656c18cc3358a3bf717ef39fc53fae
                                          • Opcode Fuzzy Hash: a9b7704d79281e79abefe58647e5b1f3ad726374d8efaf6ade292b804b8d3a65
                                          • Instruction Fuzzy Hash: 47312770E00618DFCB50CBA8CC90B9EB7F9AF89300F64868AE819E7245C775E981CF50
                                          Function 6E14249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6E1425B1,?,00000000,?), ref: 6E1424E6
                                          • _malloc.LIBCMT ref: 6E14251B
                                          • _memset.LIBCMT ref: 6E14253B
                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6E142550
                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E14255E
                                          • __freea.LIBCMT ref: 6E142568
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                          • String ID:
                                          • API String ID: 525495869-0
                                          • Opcode ID: 15a240f6da90ea29b41bf99e53fb7a9501e97d74b68d820493b41d118f080732
                                          • Instruction ID: e402f5d0ef3adb7b3862d62f08b674b27ebec2ad127e54e8ac04721aa21a4a90
                                          • Opcode Fuzzy Hash: 15a240f6da90ea29b41bf99e53fb7a9501e97d74b68d820493b41d118f080732
                                          • Instruction Fuzzy Hash: F03149B160021AEFEB01DFA5DC90DEE7BA9EB49354F214425F915DB250E730DDE0EA60
                                          Function 6E0F8A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Destroy$Bound$Element
                                          • String ID:
                                          • API String ID: 757764206-0
                                          • Opcode ID: 8c24d4a169f585c317a5db2fca07f27a28fae9d0f074899beab1c35ad810b69c
                                          • Instruction ID: 240d125d85c1e54b95ef9b1fa86f51a066398779d1e1cdcb5cd674b4ebdb8ffd
                                          • Opcode Fuzzy Hash: 8c24d4a169f585c317a5db2fca07f27a28fae9d0f074899beab1c35ad810b69c
                                          • Instruction Fuzzy Hash: A7310C71E00618DFCB50CBA9CC90B9EB7F9AF95300F64468AE419E7245C775E991CF50
                                          Function 6E0F87EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE63
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE73
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE86
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAE99
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEAC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FAEBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Destroy$Bound$Element
                                          • String ID:
                                          • API String ID: 757764206-0
                                          • Opcode ID: 3623415f41ed2574ed6b9e2c3bd2ec771bd69ad23b64cfbfe21641a0f66830c1
                                          • Instruction ID: 831f80bb2685dda8cdaa70581fefc9a5637641c5a5b97f18ea6afb85973ba7b8
                                          • Opcode Fuzzy Hash: 3623415f41ed2574ed6b9e2c3bd2ec771bd69ad23b64cfbfe21641a0f66830c1
                                          • Instruction Fuzzy Hash: CE312A71E00618DFCB10CBA9CC90B9EB7BAAF95300F70468AE819E7245C775E991CF50
                                          Function 6E0EFF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Destroy$Bound$Element
                                          • String ID:
                                          • API String ID: 757764206-0
                                          • Opcode ID: 8c24d4a169f585c317a5db2fca07f27a28fae9d0f074899beab1c35ad810b69c
                                          • Instruction ID: 6144a7db067d95a9530a50d81ef0ef55a5ddf32ce6d57f27390f30abf83f7ab4
                                          • Opcode Fuzzy Hash: 8c24d4a169f585c317a5db2fca07f27a28fae9d0f074899beab1c35ad810b69c
                                          • Instruction Fuzzy Hash: 51312CB0E00658DFCB50CBA9CC90B9DB7FAAF85300F60469AE419E7241CB75A9818F50
                                          Function 6E0EFD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0F69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6E0F6A08
                                            • Part of subcall function 6E0F69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0F6A15
                                            • Part of subcall function 6E0F69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6E0F6A41
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23B3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23C3
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23D6
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23E9
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F23FC
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0F240F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Destroy$Bound$Element
                                          • String ID:
                                          • API String ID: 757764206-0
                                          • Opcode ID: 3623415f41ed2574ed6b9e2c3bd2ec771bd69ad23b64cfbfe21641a0f66830c1
                                          • Instruction ID: e92a384f7d2e7d3a26f157b11f005dfec61bbccd5b57214bfe122bd8f09b80ec
                                          • Opcode Fuzzy Hash: 3623415f41ed2574ed6b9e2c3bd2ec771bd69ad23b64cfbfe21641a0f66830c1
                                          • Instruction Fuzzy Hash: EA314AB0E00658DFCB10CBA9CC90B9DB7FAAF85300F60858AE859E7241CB75ED818F50
                                          Function 6E1306A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4760: __CxxThrowException@8.LIBCMT ref: 6E0D47F9
                                          • _memmove.LIBCMT ref: 6E130907
                                          • _memmove.LIBCMT ref: 6E130936
                                          • _memmove.LIBCMT ref: 6E130959
                                          • __CxxThrowException@8.LIBCMT ref: 6E130A25
                                          Strings
                                          • PSSR_MEM: message recovery disabled, xrefs: 6E1309E3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$Exception@8Throw
                                          • String ID: PSSR_MEM: message recovery disabled
                                          • API String ID: 2655171816-3051149714
                                          • Opcode ID: f947e0c2db0862694f33f07d2633474cbba405f69eebb29e035ce1da09ee611d
                                          • Instruction ID: 794e74c699b56d92fc5a7c332e6d8c9e710737776f898fcbc287bb770532d99f
                                          • Opcode Fuzzy Hash: f947e0c2db0862694f33f07d2633474cbba405f69eebb29e035ce1da09ee611d
                                          • Instruction Fuzzy Hash: 72C16A746083419FD754CF68C890B6BBBE5BFD9304F248A5CE58987385EB30E945CB92
                                          Function 6E137FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E1380EA
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                          • String ID: Max$Min$RandomNumberType$invalid bit length
                                          • API String ID: 3718517217-2498579642
                                          • Opcode ID: 39792c954b90a5e18a0a928c1f847d416c125ca213aa680fdcb0c6b1dee0a248
                                          • Instruction ID: c11b2e2cf579573c042b7dd4e6b7e494c047ed764be9cac1af25dddc653b5985
                                          • Opcode Fuzzy Hash: 39792c954b90a5e18a0a928c1f847d416c125ca213aa680fdcb0c6b1dee0a248
                                          • Instruction Fuzzy Hash: A6C17D7150C7809FE324CBA8C850B8FB7D9BBD9314F544A2CE59983391EB749988D7A3
                                          Function 6E13BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __CreateFrameInfo.LIBCMT ref: 6E13BEB6
                                            • Part of subcall function 6E13AB70: __getptd.LIBCMT ref: 6E13AB7E
                                            • Part of subcall function 6E13AB70: __getptd.LIBCMT ref: 6E13AB8C
                                          • __getptd.LIBCMT ref: 6E13BEC0
                                            • Part of subcall function 6E13EAE6: __getptd_noexit.LIBCMT ref: 6E13EAE9
                                            • Part of subcall function 6E13EAE6: __amsg_exit.LIBCMT ref: 6E13EAF6
                                          • __getptd.LIBCMT ref: 6E13BECE
                                          • __getptd.LIBCMT ref: 6E13BEDC
                                          • __getptd.LIBCMT ref: 6E13BEE7
                                          • _CallCatchBlock2.LIBCMT ref: 6E13BF0D
                                            • Part of subcall function 6E13AC15: __CallSettingFrame@12.LIBCMT ref: 6E13AC61
                                            • Part of subcall function 6E13BFB4: __getptd.LIBCMT ref: 6E13BFC3
                                            • Part of subcall function 6E13BFB4: __getptd.LIBCMT ref: 6E13BFD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                          • String ID:
                                          • API String ID: 1602911419-0
                                          • Opcode ID: 49647e3687c2c169e6a237e7912ca2b0720008e82677e49a6e9f325171bc78f6
                                          • Instruction ID: 447064939a89940ce9a08cf744a4ce64d3009d1077854ae7f8f39dd396b9c9ad
                                          • Opcode Fuzzy Hash: 49647e3687c2c169e6a237e7912ca2b0720008e82677e49a6e9f325171bc78f6
                                          • Instruction Fuzzy Hash: 0111B4B1C003199FDF10DFE4D544ADEBBB4BF44318F208969E814A7250EB389A95AF50
                                          Function 054A0F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2049716438.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54a0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HERE$HERE$LOOK$LOOK$p<cq$p<cq$G{q
                                          • API String ID: 0-1505969064
                                          • Opcode ID: b839f4c09d59df74283f701ca7b5178c626aa8258478385eef1e92edb1948f42
                                          • Instruction ID: c9f533c92d093d0dec2c07d33e2d69d8a650a8a802c3e2c5f927c0a3d32f7ffe
                                          • Opcode Fuzzy Hash: b839f4c09d59df74283f701ca7b5178c626aa8258478385eef1e92edb1948f42
                                          • Instruction Fuzzy Hash: 41A191B5E002298FDB68DF69C984BD9B7B2BB58310F1481E9D50DAB361DB309E81CF50
                                          Function 6E1070E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E107267
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw
                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                          • API String ID: 2005118841-1273958906
                                          • Opcode ID: f4b46d511eac870ebfea360326e822aa9d18226244f90f310cda46fb2b23166f
                                          • Instruction ID: 12c46e6a98643be56d2ff459242e5411e7fadd294fcff4cf6e4470a7092af303
                                          • Opcode Fuzzy Hash: f4b46d511eac870ebfea360326e822aa9d18226244f90f310cda46fb2b23166f
                                          • Instruction Fuzzy Hash: 086173B1108390AFD321DBA8C884FDFB7E8AF99348F104A1DE59D87341DB759949C7A2
                                          Function 6E12AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _strncmptype_info::operator!=
                                          • String ID: ThisPointer:$ValueNames
                                          • API String ID: 1333309372-2375088429
                                          • Opcode ID: 57804bf00614e057b2e19e6ddef5e081e2344adca5b427d982ceb9279edeaa79
                                          • Instruction ID: d5604f3232189a73a0df97e1d5ecf0c433c4677b2fb11e2640335c7f266510d1
                                          • Opcode Fuzzy Hash: 57804bf00614e057b2e19e6ddef5e081e2344adca5b427d982ceb9279edeaa79
                                          • Instruction Fuzzy Hash: AA51F3712083415FC314CFE4CC90E6BB7FAAF96348F244A2DE5A68B385C722E8C99755
                                          Function 6E10A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _strncmptype_info::operator!=
                                          • String ID: ThisPointer:$ValueNames
                                          • API String ID: 1333309372-2375088429
                                          • Opcode ID: 127cb148d83bd1a9cc235c3f9950c4a9f979f4dadf891d9ac1b97e2795ec1d2a
                                          • Instruction ID: b886cd0cfaed74d475ae2f49714e1b7c3a2a4ca314e8af3a9190cb64fae2abf5
                                          • Opcode Fuzzy Hash: 127cb148d83bd1a9cc235c3f9950c4a9f979f4dadf891d9ac1b97e2795ec1d2a
                                          • Instruction Fuzzy Hash: E25125752183405FC314CFE4C894A67BBEEAF96318F148A1CE5D68B382CF22E989D751
                                          Function 6E12B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _strncmptype_info::operator!=
                                          • String ID: ThisPointer:$ValueNames
                                          • API String ID: 1333309372-2375088429
                                          • Opcode ID: bc4d479322b306367a4176eeea04b237c6b215d83b78fc4df62a017507093e6a
                                          • Instruction ID: 003bef69db669fc0a9cff6d1c5aaf4445bb72fc32f41167ec8685c727232f5a4
                                          • Opcode Fuzzy Hash: bc4d479322b306367a4176eeea04b237c6b215d83b78fc4df62a017507093e6a
                                          • Instruction Fuzzy Hash: 4651B0712083455FC310CFE9CC90E67B7EAAF96358F244A2DE5A68B349C722E8C9D751
                                          Function 6E111B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E111C1A
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • __CxxThrowException@8.LIBCMT ref: 6E111CDE
                                          • __CxxThrowException@8.LIBCMT ref: 6E111D3E
                                          Strings
                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6E111C67
                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6E111CF0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$ExceptionRaise
                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                          • API String ID: 3476068407-3371871069
                                          • Opcode ID: a7720d4e2aa2bb9cfb97e078009c732e50f9564d62d4d3c78e4b6708f9790125
                                          • Instruction ID: 51971a83074a5b7b0d4084e1a4ee613e11d05e82e9434224e6e1997e959b95d1
                                          • Opcode Fuzzy Hash: a7720d4e2aa2bb9cfb97e078009c732e50f9564d62d4d3c78e4b6708f9790125
                                          • Instruction Fuzzy Hash: FD516D752087419FD320DF98C890F9BF7E9BFC8304F10891DE59987391DB70A9458BA2
                                          Function 6E0D4010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E13913A
                                            • Part of subcall function 6E139125: __CxxThrowException@8.LIBCMT ref: 6E13914F
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E139160
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E0D40C8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                          • String ID: invalid string position$string too long
                                          • API String ID: 1615890066-4289949731
                                          • Opcode ID: 2bb9bf080314c980e350b82d9ac08d7fc1e94c4a9b1a3f7b56d869521718bc8f
                                          • Instruction ID: ac6b107e8041e07b5c8b237767f1b0b58946430d9c6b67d6a1157d28421f8b38
                                          • Opcode Fuzzy Hash: 2bb9bf080314c980e350b82d9ac08d7fc1e94c4a9b1a3f7b56d869521718bc8f
                                          • Instruction Fuzzy Hash: 8531B632304714ABD3209FDCE880B5EFBE9DB95664F200A2FF151CB281D7B29C4687A1
                                          Function 6E13C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___BuildCatchObject.LIBCMT ref: 6E13C24E
                                            • Part of subcall function 6E13C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6E13C1DF
                                          • _UnwindNestedFrames.LIBCMT ref: 6E13C265
                                          • ___FrameUnwindToState.LIBCMT ref: 6E13C273
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                          • String ID: csm$csm
                                          • API String ID: 2163707966-3733052814
                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                          • Instruction ID: 5ce0c6b8fca739e52a416b414ded113665b155892470b0c64c5c20c9269de3c2
                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                          • Instruction Fuzzy Hash: D701243100052ABBEF229F91CC40EEA7F6AEF58354F204420BD1819120DB7698F2EBA0
                                          Function 6E112300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID:
                                          • API String ID: 4104443479-0
                                          • Opcode ID: ed28214ad32f95235f4feedd21bd46e44dbffded425fc210ceb0ee522c827332
                                          • Instruction ID: a32dc9fa45478942d027c8e9af8b559b4331d89ba1f2d50eb909323d6a6d1e2a
                                          • Opcode Fuzzy Hash: ed28214ad32f95235f4feedd21bd46e44dbffded425fc210ceb0ee522c827332
                                          • Instruction Fuzzy Hash: 32919FB1208702DFD714CF98D890A5BB7E9FB99604F204A2DE495C3740E734E945EBA2
                                          Function 6E0F3C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetElement.OLEAUT32(?,?,E0F806C9), ref: 6E0F3C49
                                          • VariantInit.OLEAUT32(?), ref: 6E0F3C81
                                          • VariantClear.OLEAUT32(?), ref: 6E0F3D26
                                          • VariantClear.OLEAUT32(?), ref: 6E0F3D30
                                          • VariantClear.OLEAUT32(?), ref: 6E0F3D89
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                          • String ID:
                                          • API String ID: 4110538090-0
                                          • Opcode ID: 0126cc03a86664083983d2f64d24561f5e475d1a634da10a71e87677868e4464
                                          • Instruction ID: 3f8a377330d0eb93e3267c61cf89fe56ca6d82605385935c03c47ef82115c45e
                                          • Opcode Fuzzy Hash: 0126cc03a86664083983d2f64d24561f5e475d1a634da10a71e87677868e4464
                                          • Instruction Fuzzy Hash: AA616D72A00249DFCB00DFE8C884ADEB7B5FF49320F248569E915AB350D735AD46DB91
                                          Function 6E101D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Timetime$Sleep
                                          • String ID:
                                          • API String ID: 4176159691-0
                                          • Opcode ID: d39f13d37a0559769e9a486e8cc55b680f4b7c7f1a988042a7d5a1109f0dfd86
                                          • Instruction ID: 3f266edb65a74d5a1c530e89874cc152031291b6297b6c0e5589c6f85d3648b5
                                          • Opcode Fuzzy Hash: d39f13d37a0559769e9a486e8cc55b680f4b7c7f1a988042a7d5a1109f0dfd86
                                          • Instruction Fuzzy Hash: 6D51E5B1A042549FDF01DFE8C895B9D7FB8BB19704F20847EE518DB340DB749984AB91
                                          Function 6E0E6D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • _rand.LIBCMT ref: 6E0E6DEA
                                            • Part of subcall function 6E139E0C: __getptd.LIBCMT ref: 6E139E0C
                                          • std::exception::exception.LIBCMT ref: 6E0E6E17
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E6E2C
                                          • std::exception::exception.LIBCMT ref: 6E0E6E3B
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E6E50
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                          • String ID:
                                          • API String ID: 2791304714-0
                                          • Opcode ID: 59c4360f2446afd06f90898e3dd76c3ee6385f5ddae6b8fd09e2bb7fc7cb9984
                                          • Instruction ID: 947cec2c05a76ede541ec083756262f192b774082db5d2a26dac02187ec5cdf8
                                          • Opcode Fuzzy Hash: 59c4360f2446afd06f90898e3dd76c3ee6385f5ddae6b8fd09e2bb7fc7cb9984
                                          • Instruction Fuzzy Hash: C33116B19007449FCB60CFA8D880A8AFBF4FB18314F54896ED85A9BB41D775E644CBA1
                                          Function 6E0E7750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6E0E7761
                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6E0E7782
                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6E0E7796
                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6E0E77CE
                                          • QueueUserWorkItem.KERNEL32(6E101D50,00000000,00000010), ref: 6E0E780C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                          • String ID:
                                          • API String ID: 584243675-0
                                          • Opcode ID: fe9b07db93d7a21522c0e634c55ada99773aac97fc20b8c3dd2735f6235f4627
                                          • Instruction ID: a30b3a1044f33a5e6908a124298568ed80fa32fd26e257701a34d857fdb2a6e7
                                          • Opcode Fuzzy Hash: fe9b07db93d7a21522c0e634c55ada99773aac97fc20b8c3dd2735f6235f4627
                                          • Instruction Fuzzy Hash: 3A21BC72541309AFCB40CFA4C984BDFBBF8FB45340F148869E49687A81D730EA49CBA0
                                          Function 6E0D5AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::exception::exception.LIBCMT ref: 6E0D5ACB
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D5ABC
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D5AE0
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0D5B18
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D5B2D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                          • String ID:
                                          • API String ID: 921928366-0
                                          • Opcode ID: 1c86cf18241c330511e098cf415b020a4468525eecc23e37b28b654cb0fd0e82
                                          • Instruction ID: b562363ca1b01a637ec29403de096125688c742c3ad53903a11897c94537fa98
                                          • Opcode Fuzzy Hash: 1c86cf18241c330511e098cf415b020a4468525eecc23e37b28b654cb0fd0e82
                                          • Instruction Fuzzy Hash: 470152B2810218AFDF04DFE4E850DDF7BBCEF14340F508559E91AA7204EB309694DBA1
                                          Function 6E13F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __getptd.LIBCMT ref: 6E13F047
                                            • Part of subcall function 6E13EAE6: __getptd_noexit.LIBCMT ref: 6E13EAE9
                                            • Part of subcall function 6E13EAE6: __amsg_exit.LIBCMT ref: 6E13EAF6
                                          • __amsg_exit.LIBCMT ref: 6E13F067
                                          • __lock.LIBCMT ref: 6E13F077
                                          • InterlockedDecrement.KERNEL32(?), ref: 6E13F094
                                          • InterlockedIncrement.KERNEL32(05BF1668), ref: 6E13F0BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                          • String ID:
                                          • API String ID: 4271482742-0
                                          • Opcode ID: cb6bacc80942cd27cddb65631189189f92b1a1aacf331163d3f791ebb94e052d
                                          • Instruction ID: 5866835d8bebde84c20efa36ce215f2cc44ae904d9c4001ad64d1330090888ed
                                          • Opcode Fuzzy Hash: cb6bacc80942cd27cddb65631189189f92b1a1aacf331163d3f791ebb94e052d
                                          • Instruction Fuzzy Hash: 4E018B31A01B329BEF51DBE880147DE7769BB09B24F304545E834A7284CB3468D9FBD1
                                          Function 6E13F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __getptd.LIBCMT ref: 6E13F7C8
                                            • Part of subcall function 6E13EAE6: __getptd_noexit.LIBCMT ref: 6E13EAE9
                                            • Part of subcall function 6E13EAE6: __amsg_exit.LIBCMT ref: 6E13EAF6
                                          • __getptd.LIBCMT ref: 6E13F7DF
                                          • __amsg_exit.LIBCMT ref: 6E13F7ED
                                          • __lock.LIBCMT ref: 6E13F7FD
                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6E13F811
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                          • String ID:
                                          • API String ID: 938513278-0
                                          • Opcode ID: a3501623900ca35093ef9cb1eda069079a7973ea6a8cc59d52aec6e086c5579c
                                          • Instruction ID: 8218e7e948a02e3a0b2ffca9a0aa1cc29b6690b0a99b36f8c173a47fddc6c155
                                          • Opcode Fuzzy Hash: a3501623900ca35093ef9cb1eda069079a7973ea6a8cc59d52aec6e086c5579c
                                          • Instruction Fuzzy Hash: FAF0B432A447359BDB60EBF89405BCE33A47F04728F314A49E464A72C0DB2459C5FA56
                                          Function 6E11E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memcpy_s
                                          • String ID:
                                          • API String ID: 2001391462-3916222277
                                          • Opcode ID: 00197cf4bb534994d3b6f2132dded7eb8e203f625a3ed9c4fb9c9071d34375e2
                                          • Instruction ID: 30a4ef9e560126784b620e16e867ff6cc2e3b21524f5f1ae72cac7a83927d40c
                                          • Opcode Fuzzy Hash: 00197cf4bb534994d3b6f2132dded7eb8e203f625a3ed9c4fb9c9071d34375e2
                                          • Instruction Fuzzy Hash: A8C18B716083068FE744CFA8C890AAAB7E2FFC8314F14493DE592C7654E771EA85CB42
                                          Function 6E138B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memcpy_s_memmove_memset
                                          • String ID: EncodingParameters
                                          • API String ID: 4034675494-55378216
                                          • Opcode ID: ca20431e0dc7c769fb8be2d90fa6b6da1783ce008dc48aab626ae518de35372f
                                          • Instruction ID: e0797283d99592e071c62fccdece06f63caecad5f65aafb7a9c49b646041d16b
                                          • Opcode Fuzzy Hash: ca20431e0dc7c769fb8be2d90fa6b6da1783ce008dc48aab626ae518de35372f
                                          • Instruction Fuzzy Hash: 769168B46083819FD700CF68C880B5BBBE5BFDA744F24491DF89887391D671E985CB92
                                          Function 6E111200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E12D820: _memmove.LIBCMT ref: 6E12D930
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E1113D4
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E108D80: _malloc.LIBCMT ref: 6E108D8A
                                            • Part of subcall function 6E108D80: _malloc.LIBCMT ref: 6E108DAF
                                          Strings
                                          • doesn't match the required length of , xrefs: 6E111316
                                          • : ciphertext length of , xrefs: 6E1112E4
                                          • for this key, xrefs: 6E111348
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                          • API String ID: 1025790555-2559040249
                                          • Opcode ID: 7ad749079387a8130bf83b5c5a7ad3b6c575a0285237a27f2e672e0a365635e0
                                          • Instruction ID: 504b255a3078b0488beaa9232fd8ab8ad57cfb2ce155a89af75531fd7f9dcd7c
                                          • Opcode Fuzzy Hash: 7ad749079387a8130bf83b5c5a7ad3b6c575a0285237a27f2e672e0a365635e0
                                          • Instruction Fuzzy Hash: 56A15E7160C3809FD364CBA8D850BDBB7E9AFD9304F144A2DE59987350EB30A949DB93
                                          Function 6E13B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                          Download Yara Rule
                                          APIs
                                          • __startOneArgErrorHandling.LIBCMT ref: 6E13B50D
                                            • Part of subcall function 6E141AA0: __87except.LIBCMT ref: 6E141ADB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ErrorHandling__87except__start
                                          • String ID: pow
                                          • API String ID: 2905807303-2276729525
                                          • Opcode ID: 7df7861a1f552239d912c8c552a893506f79dfc11cf30134f12001e7ac13c462
                                          • Instruction ID: f862d3b9b5d9489b5bd0ffb4043b6aa6ff1d9cc8c6a53d9e7eb907f639982745
                                          • Opcode Fuzzy Hash: 7df7861a1f552239d912c8c552a893506f79dfc11cf30134f12001e7ac13c462
                                          • Instruction Fuzzy Hash: 3B515CB1B1CA16C6CB41A694C910B9A3BB4EB51750F708D58E4E58239CFB348CECBB46
                                          Function 6E0E8560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule
                                          APIs
                                          • __cftoe.LIBCMT ref: 6E0E88ED
                                            • Part of subcall function 6E13A116: __mbstowcs_s_l.LIBCMT ref: 6E13A12C
                                          • __cftoe.LIBCMT ref: 6E0E8911
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __cftoe$__mbstowcs_s_l
                                          • String ID: zX$P
                                          • API String ID: 1494777130-2079734279
                                          • Opcode ID: 89711cd21ca776d242bcca533b05817bf79def6fb7c0b112eff5f250a3bf4c0f
                                          • Instruction ID: 96de1a78ed11bca923ed33233f04978b001cd59c73cdce4618ee2051f406fbc9
                                          • Opcode Fuzzy Hash: 89711cd21ca776d242bcca533b05817bf79def6fb7c0b112eff5f250a3bf4c0f
                                          • Instruction Fuzzy Hash: FC910FB11187819FC376CF54C894BEBBBE8BB88714F508A1DE1994B280EB716645CF92
                                          Function 6E1089D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E108ABB
                                          • __CxxThrowException@8.LIBCMT ref: 6E108B82
                                          Strings
                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6E108A8E
                                          • : invalid ciphertext, xrefs: 6E108B48
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw
                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                          • API String ID: 2005118841-483996327
                                          • Opcode ID: 5a2726072005f578e859f5e7f6806f6aca0e71b9c285e0143a4542b6aa4cdd2d
                                          • Instruction ID: 6ae7b714773b61803e39179b9e6f870431dbef9945a4a45bb8c1daccaf292c25
                                          • Opcode Fuzzy Hash: 5a2726072005f578e859f5e7f6806f6aca0e71b9c285e0143a4542b6aa4cdd2d
                                          • Instruction Fuzzy Hash: D6515BB51087419FD324CF94C890EABB7E8FB98704F108E1DE59A87740DB31E949DB62
                                          Function 6E106B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E106BA6
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E0D4010: _memmove.LIBCMT ref: 6E0D40C8
                                          • __CxxThrowException@8.LIBCMT ref: 6E106C56
                                          Strings
                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6E106B33
                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6E106BE3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
                                          • API String ID: 1902190269-184618050
                                          • Opcode ID: 893005a1439011196036cc636b35aab58104a79e3545cb2bd9679ea815591352
                                          • Instruction ID: 4f7a2be8a0cd5abe471b0a65f9a6a4be558d1f44d0af9459dfc19685c43ef955
                                          • Opcode Fuzzy Hash: 893005a1439011196036cc636b35aab58104a79e3545cb2bd9679ea815591352
                                          • Instruction Fuzzy Hash: 165138B1108380AFC300CFA9C890A5BFBE8BB99754F504E1DF5A697390D774D948DB52
                                          Function 6E0D4E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4EFC
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4F16
                                          • _memmove.LIBCMT ref: 6E0D4F6C
                                            • Part of subcall function 6E0D4D90: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DA9
                                            • Part of subcall function 6E0D4D90: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DCA
                                            • Part of subcall function 6E0D4D90: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4DE5
                                            • Part of subcall function 6E0D4D90: _memmove.LIBCMT ref: 6E0D4E4D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                          • String ID: string too long
                                          • API String ID: 2168136238-2556327735
                                          • Opcode ID: bdc168fd5e51ea83f11526dcb8eb5660afa2e0c5699b102ed079c1069b8a9934
                                          • Instruction ID: 954e857326c00f3ce2d5ad6a1b73fd3ab26720d26629185ac8396f2ca2fadc3f
                                          • Opcode Fuzzy Hash: bdc168fd5e51ea83f11526dcb8eb5660afa2e0c5699b102ed079c1069b8a9934
                                          • Instruction Fuzzy Hash: DD310632310710ABE724DFDCE490B6EF7EEEFD5661B20492EF0558B694C731984A87A1
                                          Function 6E0D2090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D211F
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E0D4010: _memmove.LIBCMT ref: 6E0D40C8
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D21BF
                                          Strings
                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6E0D20BD
                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6E0D215D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                          • API String ID: 1902190269-1268710280
                                          • Opcode ID: 63072c07dbcabbf564e4dab3f9fae1f876ad22e26e2a2cdf69f004e542bc7191
                                          • Instruction ID: f7f19cc0ede84f73fca13be7abe62a05f535d16c5cae38fc7e73eaf0bd157762
                                          • Opcode Fuzzy Hash: 63072c07dbcabbf564e4dab3f9fae1f876ad22e26e2a2cdf69f004e542bc7191
                                          • Instruction Fuzzy Hash: A6413AB0C0428CAFDB01DFE8D890BDEFBB8BB19354F508669E421A7391DB745688DB50
                                          Function 6E0D1D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D1DC9
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E0D4010: _memmove.LIBCMT ref: 6E0D40C8
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D1E74
                                          Strings
                                          • BufferedTransformation: this object is not attachable, xrefs: 6E0D1D67
                                          • CryptoMaterial: this object contains invalid values, xrefs: 6E0D1E16
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                          • API String ID: 1902190269-3853263434
                                          • Opcode ID: 22d3ce5cb0d93cab20ace8ff58ef38c71fa1966d3a72f4ef9f9e5863fa790975
                                          • Instruction ID: e7397f660d052645abe26d2f5576c073af4760d7371eb186527829c6787dbf3f
                                          • Opcode Fuzzy Hash: 22d3ce5cb0d93cab20ace8ff58ef38c71fa1966d3a72f4ef9f9e5863fa790975
                                          • Instruction Fuzzy Hash: 43412EB1C04298AFDB14DFE8D890BDEFBB8FB09354F10865AE425A7390DB345648DB50
                                          Function 6E1074C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E12D820: _memmove.LIBCMT ref: 6E12D930
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E10761A
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                          • API String ID: 39012651-1139078987
                                          • Opcode ID: 5d7ad2e447bda36ec2436222975320c552ba53d8a31b5ec875b313424571c42a
                                          • Instruction ID: d59e43425052ee0d1ce080e742b2a77dc160117a8d1e17febba87bf138f95f81
                                          • Opcode Fuzzy Hash: 5d7ad2e447bda36ec2436222975320c552ba53d8a31b5ec875b313424571c42a
                                          • Instruction Fuzzy Hash: 56416F711083D0AED330CB94C844FDBBBE8ABD9314F104E2DE69A97380DB7555889BA6
                                          Function 6E10BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E10BF2D
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: gfff$gfff$vector<T> too long
                                          • API String ID: 1823113695-3369487235
                                          • Opcode ID: 167bc1640f987a8446a4f38ec63a65311cd794d9c6cdeec8b87e9bcd6c72e94c
                                          • Instruction ID: ea518b716662a6890b5efbbc0807bf0f75d50625bf2d3cedb5a7dfd5f00570bc
                                          • Opcode Fuzzy Hash: 167bc1640f987a8446a4f38ec63a65311cd794d9c6cdeec8b87e9bcd6c72e94c
                                          • Instruction Fuzzy Hash: F231CAB1A006059FC718CF99D890EAAF7A9FB48710F10862DE959DB384DB30B944CB91
                                          Function 6E138E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • QueryPerformanceFrequency.KERNEL32(E0F806C9,E0F806C9), ref: 6E138E7F
                                          • GetLastError.KERNEL32(0000000A), ref: 6E138E8F
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E138F14
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6E138EA5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                          • API String ID: 2175244869-348333943
                                          • Opcode ID: 39889ca705776279a60e0e91914fb308a7093b7ac5fb370abfa32161bc56522e
                                          • Instruction ID: 8aaddc7713a3a4011d62cc543bdf187240cec95338de2306e1ab28214a471583
                                          • Opcode Fuzzy Hash: 39889ca705776279a60e0e91914fb308a7093b7ac5fb370abfa32161bc56522e
                                          • Instruction Fuzzy Hash: 7A213BB1508380AFD310CF64C844B9BBBE8BB89714F504E1DF5AA87381DB3594489BA3
                                          Function 6E138F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32(E0F806C9,E0F806C9,?,00000000), ref: 6E138F7F
                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6E138F8F
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E139014
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6E138FA5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                          • API String ID: 1823523280-4075696077
                                          • Opcode ID: fb630774d2a5a96b092b3903bf88e03a5da159ecae73bfc07827456813cb2e57
                                          • Instruction ID: 8b9b7c851e185f69113b4c99cfa61e75ffea671e70c427f1e435a83000843047
                                          • Opcode Fuzzy Hash: fb630774d2a5a96b092b3903bf88e03a5da159ecae73bfc07827456813cb2e57
                                          • Instruction Fuzzy Hash: 07213BB1108380AFD310CF64C884B9BBBE8BB89714F504E1DF5AA87381DB3594489BA3
                                          Function 6E106480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E106518
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • __CxxThrowException@8.LIBCMT ref: 6E106558
                                          Strings
                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6E1064E7
                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6E106527
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$ExceptionRaise
                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                          • API String ID: 3476068407-3345525433
                                          • Opcode ID: 5de0b379c859c8b0f66bc9a8d4b9b80596f33c193071b0dea5782df1ef14dda9
                                          • Instruction ID: 2b9a4c8344746700cdc70f7adbf0f53d6acc3846f6cd1356ac359621d73c3528
                                          • Opcode Fuzzy Hash: 5de0b379c859c8b0f66bc9a8d4b9b80596f33c193071b0dea5782df1ef14dda9
                                          • Instruction Fuzzy Hash: 8A21DEB11283909ED720CFE4C854FDBB3E8AF49748F604E1DE49587244EF3590899B62
                                          Function 6E10C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E10C14E
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                          • String ID: gfff$gfff$vector<T> too long
                                          • API String ID: 1823113695-3369487235
                                          • Opcode ID: c32fcfd2735654c70e0b2c306e2ab0607183816dc416e1dcde904ad148b85b52
                                          • Instruction ID: 4ddfa92dbf5cd8f81f8b1b04576951997d557649d848a95add3d6eb058fb2293
                                          • Opcode Fuzzy Hash: c32fcfd2735654c70e0b2c306e2ab0607183816dc416e1dcde904ad148b85b52
                                          • Instruction Fuzzy Hash: AD01A273F140255F831099BFED4444EE68796D4394319CA36D608DF359E971DC8266D2
                                          Function 6E1125D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove$Exception@8Throw
                                          • String ID:
                                          • API String ID: 2655171816-0
                                          • Opcode ID: 509c6f032cfd1a5227952dda0cf842a18124003fb5c9ef9730d3c156ad2279b1
                                          • Instruction ID: 1e17825cbbace924e40cc8c4495a186936b8e97719984bbb48a80fe148fa72fa
                                          • Opcode Fuzzy Hash: 509c6f032cfd1a5227952dda0cf842a18124003fb5c9ef9730d3c156ad2279b1
                                          • Instruction Fuzzy Hash: C451AF753087068FD704DFA9C990A5BB3E9AF99640F20492CE895C3380EB34E845EB92
                                          Function 6E0ED4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0ED5E4
                                          • __CxxThrowException@8.LIBCMT ref: 6E0ED5F9
                                          • std::exception::exception.LIBCMT ref: 6E0ED608
                                          • __CxxThrowException@8.LIBCMT ref: 6E0ED61D
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                          • String ID:
                                          • API String ID: 2621100827-0
                                          • Opcode ID: a3f48bd40fec26d83c5acc822964fd1cbd4890c65f050a1d378cef56643be8f7
                                          • Instruction ID: 3134d442e4441fb8873852e7b1ff7b47d12ca42842fb4a2a2865960b2c3c2462
                                          • Opcode Fuzzy Hash: a3f48bd40fec26d83c5acc822964fd1cbd4890c65f050a1d378cef56643be8f7
                                          • Instruction Fuzzy Hash: 7E515CB1A00649AFCB44CFA8C980A9AFBF4FF48304F54866AD419D7B41D771E954CFA1
                                          Function 6E0F5F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0F6035
                                          • __CxxThrowException@8.LIBCMT ref: 6E0F604A
                                          • std::exception::exception.LIBCMT ref: 6E0F6059
                                          • __CxxThrowException@8.LIBCMT ref: 6E0F606E
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                          • String ID:
                                          • API String ID: 2621100827-0
                                          • Opcode ID: ab3dbdd4d526d19b30ba7036901103e7c18f0f4d15559b35390854f6f285bfaa
                                          • Instruction ID: aea35c96e23f4eb0025d5540a5bcafc1a29167fec10bd1670068aa890e50dc07
                                          • Opcode Fuzzy Hash: ab3dbdd4d526d19b30ba7036901103e7c18f0f4d15559b35390854f6f285bfaa
                                          • Instruction Fuzzy Hash: 33515DB1A0064AEFC744CFA8C880A8AFBF4FF08304F50866AD519D7B41D771E964CBA1
                                          Function 6E0EDE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$Init
                                          • String ID:
                                          • API String ID: 3740757921-0
                                          • Opcode ID: a122a06b28d76e3cc364074b1eee70eac3bc9c29a3708d8bef494c080fe91cd1
                                          • Instruction ID: 0de57095ad14dab0ef22c079e6c3991be7dba6f021421c977945e80fd8748e41
                                          • Opcode Fuzzy Hash: a122a06b28d76e3cc364074b1eee70eac3bc9c29a3708d8bef494c080fe91cd1
                                          • Instruction Fuzzy Hash: 39419A722083019FD700DF69C840B5AB7E8FFC9B64F048A69F9449B754D731E805CB92
                                          Function 6E0F5DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0F5E87
                                          • __CxxThrowException@8.LIBCMT ref: 6E0F5E9C
                                          • std::exception::exception.LIBCMT ref: 6E0F5EAB
                                          • __CxxThrowException@8.LIBCMT ref: 6E0F5EC0
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                          • String ID:
                                          • API String ID: 2621100827-0
                                          • Opcode ID: 99e6babd55c102d8f7351026db315a7e10c25bef3b08030590c8737189a37503
                                          • Instruction ID: 2a16fdd8100589ed2b42cf9dd2fce4888922f6ad4a9e2271dc36ee3f0fb2369c
                                          • Opcode Fuzzy Hash: 99e6babd55c102d8f7351026db315a7e10c25bef3b08030590c8737189a37503
                                          • Instruction Fuzzy Hash: 46417EB19007589FC720CFA8D880A8AFBF8FF08304F508A6ED85A97741E771E544CBA1
                                          Function 6E0ED360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0ED437
                                          • __CxxThrowException@8.LIBCMT ref: 6E0ED44C
                                          • std::exception::exception.LIBCMT ref: 6E0ED45B
                                          • __CxxThrowException@8.LIBCMT ref: 6E0ED470
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                          • String ID:
                                          • API String ID: 2621100827-0
                                          • Opcode ID: 903a2e98f9affe4d785b5645879e4073165baef145254f8d0ba5a5b7a53c3f7a
                                          • Instruction ID: 9bc443168b90f33a0673d883c19540803c22b4c8ee8ce129f86fd24760942d1d
                                          • Opcode Fuzzy Hash: 903a2e98f9affe4d785b5645879e4073165baef145254f8d0ba5a5b7a53c3f7a
                                          • Instruction Fuzzy Hash: 6B413CB19007589FC720CFA9D480A8AFBF4FF19304F50896ED95A97B41D771E544CBA1
                                          Function 6E132B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E106480: __CxxThrowException@8.LIBCMT ref: 6E106518
                                            • Part of subcall function 6E106480: __CxxThrowException@8.LIBCMT ref: 6E106558
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E132C9A
                                          • __CxxThrowException@8.LIBCMT ref: 6E132CB1
                                          • std::exception::exception.LIBCMT ref: 6E132CC3
                                          • __CxxThrowException@8.LIBCMT ref: 6E132CDA
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C04
                                            • Part of subcall function 6E139BB5: std::exception::exception.LIBCMT ref: 6E139C1E
                                            • Part of subcall function 6E139BB5: __CxxThrowException@8.LIBCMT ref: 6E139C2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                          • String ID:
                                          • API String ID: 3942750879-0
                                          • Opcode ID: f655034e9ac4cb29d4c59adee1e63f08e0b3bace257c0f7808f92de70a2b947d
                                          • Instruction ID: b4baf3a049d84f2396ee19994bfc1af5a3cf1b5a5e92e2c4008e65899be3955a
                                          • Opcode Fuzzy Hash: f655034e9ac4cb29d4c59adee1e63f08e0b3bace257c0f7808f92de70a2b947d
                                          • Instruction Fuzzy Hash: 58414AB15187419FC314CF98C490A4AFBF8BF99714F608E2EE1A687740D771A584CB92
                                          Function 6E0FC410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6E0FC478
                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6E0FC488
                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6E0FC4B4
                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6E0FC512
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Bound$DestroyElement
                                          • String ID:
                                          • API String ID: 3987547017-0
                                          • Opcode ID: 89b2c9d14afa0e400ce57236cb5fb5a7bb42e26361430afc9ccb2f73e5e85506
                                          • Instruction ID: 196ce0530fa7ec9f171bc277796356efaf7483d4dbe1581d26c50eb0dce094eb
                                          • Opcode Fuzzy Hash: 89b2c9d14afa0e400ce57236cb5fb5a7bb42e26361430afc9ccb2f73e5e85506
                                          • Instruction Fuzzy Hash: 6E41FD75A0014AEFDB00DFD8C8C5EEEB7B8EB49750F108569E919EB240D730AA56DB60
                                          Function 6E0FB580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(6E1502A0), ref: 6E0FB5D5
                                          • VariantInit.OLEAUT32(?), ref: 6E0FB5E2
                                          • VariantClear.OLEAUT32(?), ref: 6E0FB685
                                          • VariantClear.OLEAUT32(6E1502A0), ref: 6E0FB68B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ClearInit
                                          • String ID:
                                          • API String ID: 2610073882-0
                                          • Opcode ID: 810e10a0b839b25e833f8cc05b31c5237cc245fa79a16c179048f9f988612637
                                          • Instruction ID: 7d4410d26b9aaa77cc4ce0897564ffb6c562ab7ecb9680fc70de8af0489a9c77
                                          • Opcode Fuzzy Hash: 810e10a0b839b25e833f8cc05b31c5237cc245fa79a16c179048f9f988612637
                                          • Instruction Fuzzy Hash: AA418272A00609DFDB10DFA8C980B9AF7F9EF49354F208199E9049B354D775E942CF90
                                          Function 6E1488C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6E1488FD
                                          • __isleadbyte_l.LIBCMT ref: 6E148930
                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6E148961
                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6E1489CF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                          • String ID:
                                          • API String ID: 3058430110-0
                                          • Opcode ID: 8b90d7f568b54edf6d7337031390cfe0184965516d970e91a6a7433f0b529bb5
                                          • Instruction ID: b87b5b7f66beefa530c6945b81b6159fcd5871642378170898301893c3b24ecb
                                          • Opcode Fuzzy Hash: 8b90d7f568b54edf6d7337031390cfe0184965516d970e91a6a7433f0b529bb5
                                          • Instruction Fuzzy Hash: 41319131A14257EFDB01DFE8C8A09AD3BB5BF41314F214569F6659B290D730D9C0EB91
                                          Function 6E0D5A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0D5ACB
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D5AE0
                                          • std::exception::exception.LIBCMT ref: 6E0D5B18
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D5B2D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                          • String ID:
                                          • API String ID: 3153320871-0
                                          • Opcode ID: b16d1c76a0390039bd824726f43c1c901750c7677d6d43dffd54b33e03fdbf99
                                          • Instruction ID: 19468870b649483542c242d3e409b22a8dfbf12255818976eb3cd870074e0834
                                          • Opcode Fuzzy Hash: b16d1c76a0390039bd824726f43c1c901750c7677d6d43dffd54b33e03fdbf99
                                          • Instruction Fuzzy Hash: B13175B5910718ABCB14DFD8D840ADAB7F8FF48750F10866AE81597744EB30A954CBA1
                                          Function 6E0E8470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6E0E5D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6E0E84EA
                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6E0E84F0
                                          • std::exception::exception.LIBCMT ref: 6E0E853C
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E8551
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                          • String ID:
                                          • API String ID: 3005353045-0
                                          • Opcode ID: 9738e235e19b62d9c5d3e7c0f715dbacf73240aa1f732c4144206d8c3ba2bcda
                                          • Instruction ID: aca95b467f6139d7dd120940d57023c04597445b0b684182564d90270ad0d565
                                          • Opcode Fuzzy Hash: 9738e235e19b62d9c5d3e7c0f715dbacf73240aa1f732c4144206d8c3ba2bcda
                                          • Instruction Fuzzy Hash: 52314DB16017059FCB14CFA8C480A9AFBF8FF08310F508A6ED95697B41D770E654CB90
                                          Function 6E0FDC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::exception::exception.LIBCMT ref: 6E0FDCC5
                                            • Part of subcall function 6E139533: std::exception::_Copy_str.LIBCMT ref: 6E13954E
                                          • __CxxThrowException@8.LIBCMT ref: 6E0FDCDA
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                          • std::exception::exception.LIBCMT ref: 6E0FDD09
                                          • __CxxThrowException@8.LIBCMT ref: 6E0FDD1E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                          • String ID:
                                          • API String ID: 399550787-0
                                          • Opcode ID: 2c9fa670d4ecb505aa979116fd58793a713e5510deab2405b133a4695ca53a99
                                          • Instruction ID: bcf108bb2aa4eab61051128b7af94541c29392c40ccce8fcd2e3b1f147ea22b6
                                          • Opcode Fuzzy Hash: 2c9fa670d4ecb505aa979116fd58793a713e5510deab2405b133a4695ca53a99
                                          • Instruction Fuzzy Hash: 383190B19002199FCB04CFD9D890A9EBBF8FF44300F4085AEE91997350D770EA54DBA1
                                          Function 6E142645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _malloc.LIBCMT ref: 6E142653
                                            • Part of subcall function 6E139D66: __FF_MSGBANNER.LIBCMT ref: 6E139D7F
                                            • Part of subcall function 6E139D66: __NMSG_WRITE.LIBCMT ref: 6E139D86
                                            • Part of subcall function 6E139D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E139DAB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: AllocateHeap_malloc
                                          • String ID:
                                          • API String ID: 501242067-0
                                          • Opcode ID: 2b19f1394a2fbef60b6031486b1f7f9a4127975a2a42c16842607299ba8cbe02
                                          • Instruction ID: 8f06a539dcd72deff3625bbbc693ad63a8ef8cde2f826ba43e110850d4619f9e
                                          • Opcode Fuzzy Hash: 2b19f1394a2fbef60b6031486b1f7f9a4127975a2a42c16842607299ba8cbe02
                                          • Instruction Fuzzy Hash: 5511C432404635EBCB215BF5A80468E3B9C9F56375B314825EC68DB350DB3089D0FB94
                                          Function 6E0E7240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E104410: _malloc.LIBCMT ref: 6E10446E
                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6E0E7287
                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6E0E729B
                                          • _memmove.LIBCMT ref: 6E0E72AF
                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6E0E72B8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                          • String ID:
                                          • API String ID: 583974297-0
                                          • Opcode ID: 5fcc2526fa17d57e9dd95dfc6a237a11f6ddaee3ddc801fcc64b8c978eef04dd
                                          • Instruction ID: 10471982fdfc3a43fcd8c6b6bcc903b167c260418d12f2817da9d6e658fbad74
                                          • Opcode Fuzzy Hash: 5fcc2526fa17d57e9dd95dfc6a237a11f6ddaee3ddc801fcc64b8c978eef04dd
                                          • Instruction Fuzzy Hash: 591190B2A00128BBCB00CFE5D880ECFBB7CDF99654B00C269F90597641D6709A459BE0
                                          Function 6E0F5A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 6E0F5AB9
                                          • VariantCopy.OLEAUT32(?,6E169C90), ref: 6E0F5AC1
                                          • VariantClear.OLEAUT32(?), ref: 6E0F5AE2
                                          • __CxxThrowException@8.LIBCMT ref: 6E0F5AEF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Variant$ClearCopyException@8InitThrow
                                          • String ID:
                                          • API String ID: 3826472263-0
                                          • Opcode ID: c22db0e256226ef0abcc4de7e691a9d6897a7563a59c9c1d49175d0cb2d5f91c
                                          • Instruction ID: a4ba0120dc510a65bf1d7b3719d57bf1cc920c73b2159475cfc6b7d0b1f78202
                                          • Opcode Fuzzy Hash: c22db0e256226ef0abcc4de7e691a9d6897a7563a59c9c1d49175d0cb2d5f91c
                                          • Instruction Fuzzy Hash: 4011E972904568EFCB00CFD8C8C4ADFBBB8EB45654F11816AEC25A7300C7746D158BE1
                                          Function 6E108D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • _malloc.LIBCMT ref: 6E108D8A
                                            • Part of subcall function 6E139D66: __FF_MSGBANNER.LIBCMT ref: 6E139D7F
                                            • Part of subcall function 6E139D66: __NMSG_WRITE.LIBCMT ref: 6E139D86
                                            • Part of subcall function 6E139D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6E139BD4,6E0D1290,E0F806C9), ref: 6E139DAB
                                            • Part of subcall function 6E1391F6: std::_Lockit::_Lockit.LIBCPMT ref: 6E139202
                                          • _malloc.LIBCMT ref: 6E108DAF
                                          • std::exception::exception.LIBCMT ref: 6E108DD4
                                          • __CxxThrowException@8.LIBCMT ref: 6E108DEB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                          • String ID:
                                          • API String ID: 3043633502-0
                                          • Opcode ID: 88ab97558c50c71847dc8d09c5f8fab76d0bd3aaba61e8a08dca39b63186d8ea
                                          • Instruction ID: cc8fa64309df629ae4fea2b6b11b455f5f2056adf3550bb64c9ac7307130af5f
                                          • Opcode Fuzzy Hash: 88ab97558c50c71847dc8d09c5f8fab76d0bd3aaba61e8a08dca39b63186d8ea
                                          • Instruction Fuzzy Hash: EDF0F67240432657D201EBD59C61BDF37AC9FA1720F900D1CE955A1205EF21D199A2F3
                                          Function 6E140A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                          • String ID:
                                          • API String ID: 3016257755-0
                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                          • Instruction ID: f43b797ac42368ff889f107b4849453e2cf9babcc6c12f1f54bd4e3c390dc184
                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                          • Instruction Fuzzy Hash: 7B11303644014AFBCF129EC6DC118DE3F66BB29354B698915FA2855270E336C9B1BB82
                                          Function 6E138970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _memmove_memset
                                          • String ID: EncodingParameters
                                          • API String ID: 3555123492-55378216
                                          • Opcode ID: c07b612ee849432805705e4238595d75ac0af2d2581601e8966a973afb66eb44
                                          • Instruction ID: 4ffe9ee1b746fc8a8ddc7051e718b3d08a7b1ba37f62362ae6928d0f43e8bc83
                                          • Opcode Fuzzy Hash: c07b612ee849432805705e4238595d75ac0af2d2581601e8966a973afb66eb44
                                          • Instruction Fuzzy Hash: 4B61E0B42083419FD704CF69C880A2AFBE9BFC9754F148A1DF59987391DB70E945CBA2
                                          Function 6E0DF190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4760: __CxxThrowException@8.LIBCMT ref: 6E0D47F9
                                            • Part of subcall function 6E108D80: _malloc.LIBCMT ref: 6E108D8A
                                            • Part of subcall function 6E108D80: _malloc.LIBCMT ref: 6E108DAF
                                          • _memcpy_s.LIBCMT ref: 6E0DF282
                                          • _memset.LIBCMT ref: 6E0DF293
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                          • String ID: @
                                          • API String ID: 3081897325-2766056989
                                          • Opcode ID: 871c0aee71ede224e89a9aedc940d3996b1520cfc6b46e10888818167575ad5c
                                          • Instruction ID: 6e2b91d8db5144106ea688d8827a971fb4e982182d7d632e81be89e0845f1e36
                                          • Opcode Fuzzy Hash: 871c0aee71ede224e89a9aedc940d3996b1520cfc6b46e10888818167575ad5c
                                          • Instruction Fuzzy Hash: A6518BB0900349DFDB10CFA4C880BDEBBB8BB55304F108599D95967381DB716A89DF92
                                          Function 6E0D4100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4175
                                          • _memmove.LIBCMT ref: 6E0D41C6
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                          • String ID: string too long
                                          • API String ID: 2168136238-2556327735
                                          • Opcode ID: 7abe2969c41f004d9339eac67c6607e1f88bd9598eb4c85f4b192075f3294bb8
                                          • Instruction ID: 7155e2e973c79e353cd8ce5c72e50cb00ea5111873ef01bdb1aa5872fb97c8fb
                                          • Opcode Fuzzy Hash: 7abe2969c41f004d9339eac67c6607e1f88bd9598eb4c85f4b192075f3294bb8
                                          • Instruction Fuzzy Hash: AC31D7363107156BE7208FDCEC80B5AF7EDEBA5764B200A2FE591C7B40C7619C4A87A1
                                          Function 6E10C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E10C39B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throw
                                          • String ID: gfff$gfff
                                          • API String ID: 2005118841-3084402119
                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                          • Instruction ID: 03196120be19ddfba95d043efcb103c1140d9a77f3c4b8938ad221ad4cd50ea7
                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                          • Instruction Fuzzy Hash: FC31407191020DAFDB14CF98D980EFEB779FB84314F54851CE9159B284DB30BA49DBA1
                                          Function 6E0D18C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D194F
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • std::exception::exception.LIBCMT ref: 6E0D198E
                                            • Part of subcall function 6E1395C1: std::exception::operator=.LIBCMT ref: 6E1395DA
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E0D4010: _memmove.LIBCMT ref: 6E0D40C8
                                          Strings
                                          • Clone() is not implemented yet., xrefs: 6E0D18ED
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                          • String ID: Clone() is not implemented yet.
                                          • API String ID: 2192554526-226299721
                                          • Opcode ID: 8b8122d7f0d51c15610899df67200cc212164e1ebc23bb4f2ddda45b867ae7f0
                                          • Instruction ID: cc1e83d0c00b9232156a5474045945570b4e3205bb641c6c079ed1162b3aaa98
                                          • Opcode Fuzzy Hash: 8b8122d7f0d51c15610899df67200cc212164e1ebc23bb4f2ddda45b867ae7f0
                                          • Instruction Fuzzy Hash: BE314BB1804258BFDB14CFD8D840BEEFBB8FB09724F104A6EE821A7780DB7455499B90
                                          Function 6E105560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E105657
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          • StringStore: missing InputBuffer argument, xrefs: 6E1055E0
                                          • InputBuffer, xrefs: 6E1055BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                          • API String ID: 3718517217-2380213735
                                          • Opcode ID: 13944cfe86b1535efada1010b88f8362a78da652c3779c4866f8b39f872d3ced
                                          • Instruction ID: fef61fffad2505295f81144d6696b86195a52ca152de731ba19879be6aa63e54
                                          • Opcode Fuzzy Hash: 13944cfe86b1535efada1010b88f8362a78da652c3779c4866f8b39f872d3ced
                                          • Instruction Fuzzy Hash: 2F4157B15087809FC320CFA9C490A9BFBE4BB99714F508A2DF5E987380DB749948DB52
                                          Function 6E0D1EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E0D1F36
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • std::exception::exception.LIBCMT ref: 6E0D1F6E
                                            • Part of subcall function 6E1395C1: std::exception::operator=.LIBCMT ref: 6E1395DA
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D4067
                                            • Part of subcall function 6E0D4010: _memmove.LIBCMT ref: 6E0D40C8
                                          Strings
                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6E0D1ED4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                          • String ID: CryptoMaterial: this object does not support precomputation
                                          • API String ID: 2192554526-3625584042
                                          • Opcode ID: 276ab2c28b3077210bdb08e3603660324d5a2b3271fd1e6c91be36f10b6c701f
                                          • Instruction ID: 5365352bd25c0c9bbcb6f1f39c859f9b26c56db551ec4ac2994ed35a2ce351a5
                                          • Opcode Fuzzy Hash: 276ab2c28b3077210bdb08e3603660324d5a2b3271fd1e6c91be36f10b6c701f
                                          • Instruction Fuzzy Hash: 4C3172B1904248AFCB14CFD8D840BDEFBB8FB09714F104A6EE521A7780D7745549DB50
                                          Function 6E0E3317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E3327
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0E336B
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 1735018483-3788999226
                                          • Opcode ID: cbd5f255d7c2ab446e8b1097978e69855bb79b8fa5f51bed2b41ed7b9ca8bf9b
                                          • Instruction ID: 451927f9b596660b39b8e10923e074131c7a7c76bdfba07f6bf52423a6dd6a36
                                          • Opcode Fuzzy Hash: cbd5f255d7c2ab446e8b1097978e69855bb79b8fa5f51bed2b41ed7b9ca8bf9b
                                          • Instruction Fuzzy Hash: 6A31CF71A046159FCF24CFA8D8D0F9AB7A4EB48B14F104679E9269B790DB31B940CB91
                                          Function 6E0F5810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0F584D
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • VariantClear.OLEAUT32(00000000), ref: 6E0F5899
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 2677079660-3788999226
                                          • Opcode ID: a0f2c8538509bc8edc88bbb4782060717d98d3fe7ef9fc3a27bb77da966cf3db
                                          • Instruction ID: 6aa132acc5552c98e9f71be3dc04ad8f2ed890de57aa2b1ae4a177d9fee3de7d
                                          • Opcode Fuzzy Hash: a0f2c8538509bc8edc88bbb4782060717d98d3fe7ef9fc3a27bb77da966cf3db
                                          • Instruction Fuzzy Hash: 8F21B875A00605DFD710CFA8D880A5EB7F9FF44364F108A2DE855E7740D730AD518B90
                                          Function 6E0E5750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0E576B
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0E5782
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                          • String ID: string too long
                                          • API String ID: 963545896-2556327735
                                          • Opcode ID: 332119cf5fa1cc7aa2c0412e109045b429e0d427360aa9c6e060771e68bf7d40
                                          • Instruction ID: 58d2325df34b5684c814114a41b3605ea513dfd24874423b2b6742594a908cdf
                                          • Opcode Fuzzy Hash: 332119cf5fa1cc7aa2c0412e109045b429e0d427360aa9c6e060771e68bf7d40
                                          • Instruction Fuzzy Hash: 53118B373046109FE32199DCB890B6AF7EDBF95760F600A2FE592CBB50C761985483A1
                                          Function 6E0D46B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D46C4
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E0D470B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: string too long
                                          • API String ID: 1785806476-2556327735
                                          • Opcode ID: 267c5fbf1f7d47ebab66b9b96325f764987343de6625eac906d94f071abd39c5
                                          • Instruction ID: 06441d2f627032dd95602e01fa7a7d250750c82aef0398af78f6f99cd94671a3
                                          • Opcode Fuzzy Hash: 267c5fbf1f7d47ebab66b9b96325f764987343de6625eac906d94f071abd39c5
                                          • Instruction Fuzzy Hash: D711E9721147116FF720DFF8A8D0B6EB7A8AF55224F200E2EE497C7681D761A44D8751
                                          Function 6E104D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E104E00
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          • OutputBuffer, xrefs: 6E104D77
                                          • ArraySink: missing OutputBuffer argument, xrefs: 6E104D91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                          • API String ID: 3718517217-3781944848
                                          • Opcode ID: d5bd40d348ed2e6788b55d18595d0a07371223e293fef4698488925ad5e8734e
                                          • Instruction ID: 534c499dbc7a04d32095486d5b7e9bc96a077272cab2e44a6a91dd77664041f4
                                          • Opcode Fuzzy Hash: d5bd40d348ed2e6788b55d18595d0a07371223e293fef4698488925ad5e8734e
                                          • Instruction Fuzzy Hash: 473148B5508790AFC310CFA8C490A9BFBE4BB99710F508E1EF5A687350DB74D548CB92
                                          Function 6E0E0150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E0D4010: std::_Xinvalid_argument.LIBCPMT ref: 6E0D402A
                                          • __CxxThrowException@8.LIBCMT ref: 6E0E0201
                                            • Part of subcall function 6E13AC75: RaiseException.KERNEL32(?,?,6E139C34,E0F806C9,?,?,?,?,6E139C34,E0F806C9,6E169C90,6E17B974,E0F806C9), ref: 6E13ACB7
                                          Strings
                                          • StringSink: OutputStringPointer not specified, xrefs: 6E0E019B
                                          • OutputStringPointer, xrefs: 6E0E018C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                          • API String ID: 3718517217-1331214609
                                          • Opcode ID: 76ab49ad1fba8582ec9fedaaa3ff3434308c25b26dc010b4382e9d708c64ad10
                                          • Instruction ID: d01c4730dc9a3306aca40990b58e681cc2f25298fd254005c395074ec7f5f10c
                                          • Opcode Fuzzy Hash: 76ab49ad1fba8582ec9fedaaa3ff3434308c25b26dc010b4382e9d708c64ad10
                                          • Instruction Fuzzy Hash: 5C213DB1D04288AFCB04DFD8D890BDEFBB4EB09354F10865AE826AB381DB355558DB50
                                          Function 6E0D4620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0D4636
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E13913A
                                            • Part of subcall function 6E139125: __CxxThrowException@8.LIBCMT ref: 6E13914F
                                            • Part of subcall function 6E139125: std::exception::exception.LIBCMT ref: 6E139160
                                          • _memmove.LIBCMT ref: 6E0D466F
                                          Strings
                                          • invalid string position, xrefs: 6E0D4631
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: invalid string position
                                          • API String ID: 1785806476-1799206989
                                          • Opcode ID: 1a5c4b1c0cd03244442d9f42652c404b267442d347f347a5a0d95b46792da6b5
                                          • Instruction ID: 017d1aac583214ccd13f3bba5d1a2cbd7883acfbe462df2edac2570839343a18
                                          • Opcode Fuzzy Hash: 1a5c4b1c0cd03244442d9f42652c404b267442d347f347a5a0d95b46792da6b5
                                          • Instruction Fuzzy Hash: 09012B31304312ABD320CFDCDC90B5AB3FADBC5610B24492DD196CB705D6B0EC4683A2
                                          Function 6E10ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • type_info::operator!=.LIBCMT ref: 6E10ACF8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: type_info::operator!=
                                          • String ID: Modulus$PublicExponent
                                          • API String ID: 2241493438-3324115277
                                          • Opcode ID: c4cf44dba5e769b051a52c574a0be3cb70b7e1d9253145c07ccc1305a0d463c2
                                          • Instruction ID: f96b827fcab5dc138873cbb10e5795ba2ccff166e2d810e6a8ae265378303159
                                          • Opcode Fuzzy Hash: c4cf44dba5e769b051a52c574a0be3cb70b7e1d9253145c07ccc1305a0d463c2
                                          • Instruction Fuzzy Hash: 1811E370A043045FC200DFA9C95458BFBE8BFD9248F004A1EF491AB350DF3099C8DB92
                                          Function 6E12B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • type_info::operator!=.LIBCMT ref: 6E12B848
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: type_info::operator!=
                                          • String ID: Modulus$PublicExponent
                                          • API String ID: 2241493438-3324115277
                                          • Opcode ID: 691b78bea0473b159052f0b53441612dfa0234e6686de096787e1ffce75ec605
                                          • Instruction ID: 74999d23abed022113c4b4dbc02ae534957096c9270964903c2c9baa02ec2ccf
                                          • Opcode Fuzzy Hash: 691b78bea0473b159052f0b53441612dfa0234e6686de096787e1ffce75ec605
                                          • Instruction Fuzzy Hash: 2911E3705053445FC600DFADC85498BFBE4BFD5244F100A2EF8956B354DB3098C9EB96
                                          Function 6E10B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E10B605
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E10B634
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 1785806476-3788999226
                                          • Opcode ID: c6f3bcf212cece8fd8e99282aa570a49ee85fa6a677384b9e22ae1101bba1989
                                          • Instruction ID: 9799f4ee490c89afa7e695fc8520c98fd390f7a8971a9d53fff552e96cfd29c8
                                          • Opcode Fuzzy Hash: c6f3bcf212cece8fd8e99282aa570a49ee85fa6a677384b9e22ae1101bba1989
                                          • Instruction Fuzzy Hash: 0501B1B26006058FD324DEE8DC90CABB3ECEB543507244D2DE9AAC3254EA70F8408B60
                                          Function 6E134230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E134241
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E134277
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: vector<bool> too long
                                          • API String ID: 1785806476-842332957
                                          • Opcode ID: 72edaccca5418e929b50317967df4f9b84b3d6f1eee5e5c7a2c5578e0fdc7107
                                          • Instruction ID: 4fe9d8546460ff39022448616b5c8d90812161e15964e394d929a737aff001e8
                                          • Opcode Fuzzy Hash: 72edaccca5418e929b50317967df4f9b84b3d6f1eee5e5c7a2c5578e0fdc7107
                                          • Instruction Fuzzy Hash: 0F014772A001155FD714CFA9ECE08AEF3A9FB80354F71422AF52697744EB31A945CB90
                                          Function 6E133840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E133855
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E133880
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 1785806476-3788999226
                                          • Opcode ID: 276d0acc6d3c55fc751c670e4b4dccb858eda97140f0e2b04935959dafbc8777
                                          • Instruction ID: 67879611c07508730aec6b2de48218e6f78e1bf6d1e72f893636a7e097900fe4
                                          • Opcode Fuzzy Hash: 276d0acc6d3c55fc751c670e4b4dccb858eda97140f0e2b04935959dafbc8777
                                          • Instruction Fuzzy Hash: 4B0171B25006199FD324DEE9D898C9FB3EDAF543107204E3DE5AAD3654EA70F8819B60
                                          Function 6E0E5160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6E0E5173
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E1390ED
                                            • Part of subcall function 6E1390D8: __CxxThrowException@8.LIBCMT ref: 6E139102
                                            • Part of subcall function 6E1390D8: std::exception::exception.LIBCMT ref: 6E139113
                                          • _memmove.LIBCMT ref: 6E0E519E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                          • String ID: vector<T> too long
                                          • API String ID: 1785806476-3788999226
                                          • Opcode ID: 981a23bc72a9be16de6c1cfae89d295a4e5630e62cb6b1ac392a09eaf5129433
                                          • Instruction ID: 13088055aae75572eb305b7829036bc8703d8350f079b7efc5d50ea7395caf8c
                                          • Opcode Fuzzy Hash: 981a23bc72a9be16de6c1cfae89d295a4e5630e62cb6b1ac392a09eaf5129433
                                          • Instruction Fuzzy Hash: 7F017CB16002069FD728CEA8C8A196AB3E9EB543447244D2DE85AC3644EB31F8408B60
                                          Function 6E13BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E13ABC3: __getptd.LIBCMT ref: 6E13ABC9
                                            • Part of subcall function 6E13ABC3: __getptd.LIBCMT ref: 6E13ABD9
                                          • __getptd.LIBCMT ref: 6E13BFC3
                                            • Part of subcall function 6E13EAE6: __getptd_noexit.LIBCMT ref: 6E13EAE9
                                            • Part of subcall function 6E13EAE6: __amsg_exit.LIBCMT ref: 6E13EAF6
                                          • __getptd.LIBCMT ref: 6E13BFD1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                          • String ID: csm
                                          • API String ID: 803148776-1018135373
                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                          • Instruction ID: 8d1bf646bc0a8a63792bbe93b660ac6f02d56ae1ea77bbc8348e938de0d900c2
                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                          • Instruction Fuzzy Hash: 4A0169388003758FDF64CFE1D450AADB3BABF28315F70482ED0959A290DB308AC0EB61
                                          Function 6E143EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: NameName::
                                          • String ID: {flat}
                                          • API String ID: 1333004437-2606204563
                                          • Opcode ID: 46575f0bf4e723c771baeffd1cb81bcd9b917fcc2ea40c9fa43d9afabd31b136
                                          • Instruction ID: 6f5ecc8bd5acd17d3332f84056d71c3601a7b1d27aaf459a990f9013cb8b29be
                                          • Opcode Fuzzy Hash: 46575f0bf4e723c771baeffd1cb81bcd9b917fcc2ea40c9fa43d9afabd31b136
                                          • Instruction Fuzzy Hash: 01F0A071145244DFCB00CF98C0A8BA83BA59B96766F04C041F86C0F342C731D883E760
                                          Function 6E0E7680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,E0F806C9), ref: 6E0E76AD
                                          • LeaveCriticalSection.KERNEL32(?,?,?,E0F806C9), ref: 6E0E76FF
                                          • EnterCriticalSection.KERNEL32(E0F806C9,?,?,?,E0F806C9), ref: 6E0E770D
                                          • LeaveCriticalSection.KERNEL32(E0F806C9,?,00000000,?,?,?,?,E0F806C9), ref: 6E0E772A
                                            • Part of subcall function 6E139BB5: _malloc.LIBCMT ref: 6E139BCF
                                            • Part of subcall function 6E0E6D40: _rand.LIBCMT ref: 6E0E6DEA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                          • String ID:
                                          • API String ID: 119520971-0
                                          • Opcode ID: 8111d169313964a8e062e1caac99c551120683235d08861b7d78c151dcebb0bc
                                          • Instruction ID: 5a0a0e6373ba46a3fd5c5e3f3e72d5b1dcb110869418d26ff19b8230801bf4ca
                                          • Opcode Fuzzy Hash: 8111d169313964a8e062e1caac99c551120683235d08861b7d78c151dcebb0bc
                                          • Instruction Fuzzy Hash: EF2184B2500609AFCB10DFA4DC44FDFB7BCFF41254F108A2AE91697640EB70AA05CBA0
                                          Function 6E0E9580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6E0E95A9
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6E0E95CA
                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6E0E95DA
                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6E0E95FB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2052396896.000000006E0D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E0D0000, based on PE: true
                                          • Associated: 00000000.00000002.2052357912.000000006E0D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052831390.000000006E154000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052923979.000000006E16E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052961459.000000006E170000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2052995688.000000006E171000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053024083.000000006E173000.00000008.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053069322.000000006E17C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000000.00000002.2053138293.000000006E17E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e0d0000_t0R4HiIJp7.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: c81bba95d8fd13a6b7c93d41743538ee5239c421a4d59e52b0ec1b331edc809d
                                          • Instruction ID: 0262ce9250b5cdbcddffb93c1f5cec7b4f4370210795f11e242857370bce4741
                                          • Opcode Fuzzy Hash: c81bba95d8fd13a6b7c93d41743538ee5239c421a4d59e52b0ec1b331edc809d
                                          • Instruction Fuzzy Hash: 4A117F72905609EFCB40CFD9E880EDEF7B8FF51210B5085AAE51597A10D770EA55CBD0

                                          Execution Graph

                                          Execution Coverage:19.2%
                                          Dynamic/Decrypted Code Coverage:92.9%
                                          Signature Coverage:0%
                                          Total number of Nodes:42
                                          Total number of Limit Nodes:2
                                          execution_graph 23137 bbd01c 23138 bbd034 23137->23138 23139 bbd08e 23138->23139 23142 4f30588 23138->23142 23148 4f30578 23138->23148 23143 4f305b5 23142->23143 23144 4f305e7 23143->23144 23154 4f30710 23143->23154 23159 4f307dc 23143->23159 23165 4f30700 23143->23165 23144->23144 23149 4f30588 23148->23149 23150 4f305e7 23149->23150 23151 4f30710 2 API calls 23149->23151 23152 4f30700 2 API calls 23149->23152 23153 4f307dc 2 API calls 23149->23153 23150->23150 23151->23150 23152->23150 23153->23150 23156 4f30724 23154->23156 23155 4f307b0 23155->23144 23170 4f307ba 23156->23170 23174 4f307c8 23156->23174 23160 4f3079a 23159->23160 23161 4f307ea 23159->23161 23163 4f307ba 2 API calls 23160->23163 23164 4f307c8 2 API calls 23160->23164 23162 4f307b0 23162->23144 23163->23162 23164->23162 23166 4f30710 23165->23166 23168 4f307ba 2 API calls 23166->23168 23169 4f307c8 2 API calls 23166->23169 23167 4f307b0 23167->23144 23168->23167 23169->23167 23171 4f307c8 23170->23171 23172 4f307d9 23171->23172 23177 4f31c15 23171->23177 23172->23155 23175 4f307d9 23174->23175 23176 4f31c15 2 API calls 23174->23176 23175->23155 23176->23175 23181 4f31c30 23177->23181 23185 4f31c20 23177->23185 23178 4f31c1a 23178->23172 23182 4f31c72 23181->23182 23184 4f31c79 23181->23184 23183 4f31cca CallWindowProcW 23182->23183 23182->23184 23183->23184 23184->23178 23186 4f31c72 23185->23186 23188 4f31c79 23185->23188 23187 4f31cca CallWindowProcW 23186->23187 23186->23188 23187->23188 23188->23178

                                          Executed Functions

                                          Function 00E66438 Relevance: 7.3, Strings: 5, Instructions: 1008COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 e66438-e6645a 1 e66461-e6655d 0->1 2 e6645c 0->2 4 e66cd5-e66cfd 1->4 5 e66563-e666a2 1->5 2->1 8 e67407-e67410 4->8 49 e66c9e-e66cc8 5->49 50 e666a8-e66703 5->50 10 e67416-e6742e 8->10 11 e66d0b-e66d15 8->11 12 e66d17 11->12 13 e66d1c-e66dd7 11->13 12->13 28 e66dde-e66dfe 13->28 30 e66e04-e66e11 28->30 32 e66e13-e66e1f 30->32 33 e66e3b 30->33 35 e66e21-e66e27 32->35 36 e66e29-e66e2f 32->36 34 e66e41-e66e60 33->34 40 e66e62-e66ebb 34->40 41 e66ec0-e66f40 34->41 38 e66e39 35->38 36->38 38->34 55 e67404 40->55 61 e66f97-e66fdb 41->61 62 e66f42-e66f95 41->62 63 e66cd2-e66cd3 49->63 64 e66cca 49->64 56 e66705 50->56 57 e66708-e66713 50->57 55->8 56->57 60 e66bb2-e66bb8 57->60 65 e66bbe-e66c3b call e60188 60->65 66 e66718-e66736 60->66 87 e66fe6-e66fef 61->87 62->87 63->4 64->63 110 e66c88-e66c8e 65->110 67 e6678d-e667a2 66->67 68 e66738-e6673c 66->68 74 e667a4 67->74 75 e667a9-e667bf 67->75 68->67 72 e6673e-e66749 68->72 77 e6677f-e66785 72->77 74->75 80 e667c6-e667dd 75->80 81 e667c1 75->81 84 e66787-e66788 77->84 85 e6674b-e6674f 77->85 82 e667e4-e667fa 80->82 83 e667df 80->83 81->80 90 e66801-e66808 82->90 91 e667fc 82->91 83->82 92 e6680b-e668e3 84->92 88 e66755-e6676d 85->88 89 e66751 85->89 94 e6704f-e6705e 87->94 95 e66774-e6677c 88->95 96 e6676f 88->96 89->88 90->92 91->90 97 e668e5-e668e7 92->97 98 e6691b-e66956 92->98 101 e67060-e670e8 94->101 102 e66ff1-e67019 94->102 95->77 96->95 97->98 100 e668e9-e66915 97->100 107 e6696a-e66ab6 98->107 108 e66958-e66964 98->108 100->98 137 e67261-e6726d 101->137 103 e67020-e67049 102->103 104 e6701b 102->104 103->94 104->103 116 e66b1a-e66b2f 107->116 117 e66ab8-e66abc 107->117 108->107 111 e66c90-e66c96 110->111 112 e66c3d-e66c85 110->112 111->49 112->110 122 e66b36-e66b57 116->122 123 e66b31 116->123 117->116 120 e66abe-e66acd 117->120 124 e66b0c-e66b12 120->124 126 e66b5e-e66b7d 122->126 127 e66b59 122->127 123->122 131 e66b14-e66b15 124->131 132 e66acf-e66ad3 124->132 128 e66b84-e66ba4 126->128 129 e66b7f 126->129 127->126 135 e66ba6 128->135 136 e66bab 128->136 129->128 139 e66baf 131->139 133 e66ad5-e66ad9 132->133 134 e66add-e66afe 132->134 133->134 142 e66b05-e66b09 134->142 143 e66b00 134->143 135->136 136->139 140 e67273-e672d1 137->140 141 e670ed-e670f6 137->141 139->60 158 e672d3-e67306 140->158 159 e67308-e67332 140->159 144 e670ff-e67255 141->144 145 e670f8 141->145 142->124 143->142 160 e6725b 144->160 145->144 147 e671d4-e67214 145->147 148 e67105-e67145 145->148 149 e6718f-e671cf 145->149 150 e6714a-e6718a 145->150 147->160 148->160 149->160 150->160 167 e6733b-e673f5 158->167 159->167 160->137 167->55
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq$TJhq$Tecq$pgq$xbfq
                                          • API String ID: 0-2309367897
                                          • Opcode ID: 8505b6e0a0ccb74bc298cb5a0e5bcfb9b4d4e4b4ff6414b7572df04006e22a65
                                          • Instruction ID: c3560ea086094bd7a4efa5ff6fce401f4ce2e776bedd1a9aeca4c97cc58d3a18
                                          • Opcode Fuzzy Hash: 8505b6e0a0ccb74bc298cb5a0e5bcfb9b4d4e4b4ff6414b7572df04006e22a65
                                          • Instruction Fuzzy Hash: 9AB2B675A04228CFDB65CF69C984BD9BBB2FF89304F1581E9D509AB225DB319E81CF40
                                          Function 00E66170 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 345 e66170-e6617d 346 e6615e-e6615f 345->346 347 e6617f-e6619a 345->347 350 e66167-e6616b 346->350 348 e661a1-e66425 347->348 349 e6619c 347->349 349->348
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq$4'cq
                                          • API String ID: 0-60795322
                                          • Opcode ID: e798f479c4cc0a3454e56ecc336d0926f043ffe8eb93228c8e134b03793ad68c
                                          • Instruction ID: abd5a76dcedc5a61c8a63cbfa7472c1e971729d931d3e51b23938d47912d2c66
                                          • Opcode Fuzzy Hash: e798f479c4cc0a3454e56ecc336d0926f043ffe8eb93228c8e134b03793ad68c
                                          • Instruction Fuzzy Hash: 01713E70E04A099FD759EF6AEC8069ABBF2FFC8300F14C529E4049B269DF7459058B91
                                          Function 00E6FC58 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 412 e6fc58-e6fc61 413 e6fc63 412->413 414 e6fc8c-e6fcea 412->414 416 e6fc6d-e6fc8b 413->416 423 e6fd17-e6fd53 414->423 424 e6fcec-e6fcf9 call e6fd58 414->424 425 e6fcff-e6fd16 424->425
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (gq$(gq
                                          • API String ID: 0-3425431731
                                          • Opcode ID: f7bfb61d5481cde71ee528ba607fe04a840044bdf1afb7679fde0faca1979ffc
                                          • Instruction ID: fd1b9b1e0a90739ba2b6122ab548ffe52f68e96273fbb5e8a66d90908e364e9a
                                          • Opcode Fuzzy Hash: f7bfb61d5481cde71ee528ba607fe04a840044bdf1afb7679fde0faca1979ffc
                                          • Instruction Fuzzy Hash: 58210631A0825A4FCB129B78A81029F7FF2EFC7351B1546ABD115EB341DE34AE4687D1
                                          Function 00E6BC38 Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 466 e6bc38-e6bc9b 527 e6bca1 call e6f840 466->527 528 e6bca1 call e6f830 466->528 471 e6bca7-e6bdb9 539 e6bdbf call e6f840 471->539 540 e6bdbf call e6f830 471->540 478 e6bdc5-e6bdfd 480 e67c73-e67c79 478->480 481 e6be03-e6be0b 478->481 482 e67c82-e6e15b 480->482 483 e67c7b-e6c22f 480->483 481->480 535 e6e161 call e6f840 482->535 536 e6e161 call e6f830 482->536 537 e6c235 call e6f840 483->537 538 e6c235 call e6f830 483->538 494 e6e167-e6ec23 531 e6ec29 call e6f840 494->531 532 e6ec29 call e6f830 494->532 495 e6c23b-e6cccc 533 e6ccd2 call e6f840 495->533 534 e6ccd2 call e6f830 495->534 508 e6ec2f-e6ec50 508->480 509 e6ccd8-e6cd59 541 e6cd5f call e6f840 509->541 542 e6cd5f call e6f830 509->542 517 e6cd65-e6da15 529 e6da1b call e6f840 517->529 530 e6da1b call e6f830 517->530 524 e6da21-e6da59 524->480 526 e6da5f-e6da67 524->526 526->480 527->471 528->471 529->524 530->524 531->508 532->508 533->509 534->509 535->494 536->494 537->495 538->495 539->478 540->478 541->517 542->517
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !$*
                                          • API String ID: 0-3969768885
                                          • Opcode ID: fec35b37516d1eef303ce898e712c1c5e9914c1384aeaa1f76d99e6afa4e37d5
                                          • Instruction ID: 37794c45030857eeeac82bcec7e633a8b2200fe540ef10cd0026568d6a322402
                                          • Opcode Fuzzy Hash: fec35b37516d1eef303ce898e712c1c5e9914c1384aeaa1f76d99e6afa4e37d5
                                          • Instruction Fuzzy Hash: 5C3103B4E0422A8FCB65DF64C950BAABBF6FF49304F0040E9D619AB355DB746E818F41
                                          Function 00E68C60 Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 543 e68c60-e68cc3 607 e68cc9 call e6f840 543->607 608 e68cc9 call e6f830 543->608 548 e68ccf-e68d07 550 e67c73-e67c79 548->550 551 e68d0d-e68d15 548->551 552 e67c82-e6e15b 550->552 553 e67c7b-e6c22f 550->553 551->550 603 e6e161 call e6f840 552->603 604 e6e161 call e6f830 552->604 605 e6c235 call e6f840 553->605 606 e6c235 call e6f830 553->606 564 e6e167-e6ec23 599 e6ec29 call e6f840 564->599 600 e6ec29 call e6f830 564->600 565 e6c23b-e6cccc 601 e6ccd2 call e6f840 565->601 602 e6ccd2 call e6f830 565->602 578 e6ec2f-e6ec50 578->550 579 e6ccd8-e6cd59 609 e6cd5f call e6f840 579->609 610 e6cd5f call e6f830 579->610 587 e6cd65-e6da15 597 e6da1b call e6f840 587->597 598 e6da1b call e6f830 587->598 594 e6da21-e6da59 594->550 596 e6da5f-e6da67 594->596 596->550 597->594 598->594 599->578 600->578 601->579 602->579 603->564 604->564 605->565 606->565 607->548 608->548 609->587 610->587
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $!
                                          • API String ID: 0-2056089098
                                          • Opcode ID: 12db75149c0716929567e4fffd28fd6227a29f07f805a76030d19243116826ff
                                          • Instruction ID: c29a55c2b995b40d042a5b07e7747153787c90e89ee7816b44b61b97bbf42fe6
                                          • Opcode Fuzzy Hash: 12db75149c0716929567e4fffd28fd6227a29f07f805a76030d19243116826ff
                                          • Instruction Fuzzy Hash: 751103B4A046288FDB64DF24D854BAABBF2FB99305F0041E9D409A7394DB7A5E94CF40
                                          Function 00E6F888 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 693 e6f888-e6f8bc 695 e6f8c3-e6f964 693->695 696 e6f8be 693->696 699 e6f942-e6f953 695->699 700 e6f93f-e6f9b9 695->700 696->695 703 e6f976-e6f990 699->703 704 e6f936-e6f9a2 699->704 707 e6f9a4-e6f9ad 700->707 708 e6f996-e6f99c 703->708 709 e6f8f2-e6f8f8 703->709 704->707 708->709 711 e6f901-e6f902 709->711 712 e6f8fa 709->712 713 e6f904-e6f9bc 711->713 712->711 712->713 714 e6f9be-e6fa42 712->714 713->707 724 e6fa44 714->724 725 e6fa49-e6fa5d 714->725 724->725 727 e6fa64-e6fa8a 725->727 728 e6fa5f 725->728 754 e6f9e8 call e6fc58 727->754 755 e6f9e8 call e6fc49 727->755 728->727 732 e6f9ee-e6f9f1 756 e6f9f4 call e6fcc0 732->756 757 e6f9f4 call e6fc58 732->757 758 e6f9f4 call e6fc49 732->758 733 e6f9fa-e6fae1 call e60188 call e6023c call e6024c 746 e6fae7-e6fb0d 733->746 749 e6fb1f 746->749 750 e6fb0f-e6fb1e 746->750 750->749 754->732 755->732 756->733 757->733 758->733
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tecq
                                          • API String ID: 0-1122318316
                                          • Opcode ID: 432591df460f0cbd614b8082c9af22e1d8fff4bbbf505f38859d8fcf37fead9f
                                          • Instruction ID: 527c8fa6f2bde119eb3c10557d422f6a0a61c55ce3ec87bf022ce517fdf4f9fe
                                          • Opcode Fuzzy Hash: 432591df460f0cbd614b8082c9af22e1d8fff4bbbf505f38859d8fcf37fead9f
                                          • Instruction Fuzzy Hash: C081B274E49208DFCB14DFA9E594AEDBBB6BF89340F20A069E409B7265DB309945DF00
                                          Function 00E6A1EB Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: '
                                          • API String ID: 0-1997036262
                                          • Opcode ID: 54106ef2152b0173c0b8a7e6b4bd86e5feda98eb77d0ef6c5c5eee271be074ba
                                          • Instruction ID: 99577c60bc646a6107c17f6ca890b1f02bad8e5ac53d53ee7cadc01202fb3cac
                                          • Opcode Fuzzy Hash: 54106ef2152b0173c0b8a7e6b4bd86e5feda98eb77d0ef6c5c5eee271be074ba
                                          • Instruction Fuzzy Hash: 7A3105B4A042288FDB64DF24D890BAABBF2FB49304F5044E9D609A7395DB345EC5CF85
                                          Function 00E6A15C Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2567322570
                                          • Opcode ID: 48c0dce5e307d1f4cdc8e3fef4da4bae995ead3ad107d7c7cbbdd6312d1325a8
                                          • Instruction ID: 0c2187aed5f44faaec54b07ecdde5f24ea8c767c23b01e981840afef6dccc84d
                                          • Opcode Fuzzy Hash: 48c0dce5e307d1f4cdc8e3fef4da4bae995ead3ad107d7c7cbbdd6312d1325a8
                                          • Instruction Fuzzy Hash: 7531A474E086188FCBA5DF24D85079ABBF2FB9A300F5044E9D04DA7394DB386E848F41
                                          Function 00E69499 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &
                                          • API String ID: 0-1010288
                                          • Opcode ID: a3efaefcdec8621640b8c2b54f31c9a0d2383831124d506eb25a60b36ba5e24f
                                          • Instruction ID: f07be97fa71490f89f1f7adba997827193608cbec6432d89544368a2280aedff
                                          • Opcode Fuzzy Hash: a3efaefcdec8621640b8c2b54f31c9a0d2383831124d506eb25a60b36ba5e24f
                                          • Instruction Fuzzy Hash: 5531E674A452188FCB64EF64D8987EABBF2FB59300F1045E9D419AB395DB349E808F81
                                          Function 00E6C3A5 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: )
                                          • API String ID: 0-2427484129
                                          • Opcode ID: da7adb75f30163af46a4316b3ba6875fd4957560871514e0993141a2400908ee
                                          • Instruction ID: 85bbe01eaa51348dc99a7e6514a431ee69e945103c3faec83cd769268505b54d
                                          • Opcode Fuzzy Hash: da7adb75f30163af46a4316b3ba6875fd4957560871514e0993141a2400908ee
                                          • Instruction Fuzzy Hash: 34211774A052188FDB64DF24C950B9ABBB7FB99300F1185E9E009A7794DF365E918F40
                                          Function 00E6AB45 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: +
                                          • API String ID: 0-2126386893
                                          • Opcode ID: d8851c66d87928e28c09d210659a5d72168d9802fea176399ea07cdf69e66fc7
                                          • Instruction ID: 45a2b8b113c730ac31d6c7f4c9c16062caca147786692373c6bb242019ec051f
                                          • Opcode Fuzzy Hash: d8851c66d87928e28c09d210659a5d72168d9802fea176399ea07cdf69e66fc7
                                          • Instruction Fuzzy Hash: BE21F774D04219CFCBA5DF24D9507AAB7B2FB99300F1045E9D509A7354DB396E808F41
                                          Function 00E690A2 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: c5d40cf3292c84156c264fdf0089246b2e862f9e6e227cffa4321c04cc975eba
                                          • Instruction ID: f57db83a55bb6ca87cab80e570b839c75b5fd3da9931d319a50c198aba210dde
                                          • Opcode Fuzzy Hash: c5d40cf3292c84156c264fdf0089246b2e862f9e6e227cffa4321c04cc975eba
                                          • Instruction Fuzzy Hash: 5B21D0B4A056288FDB64EF24C850B9ABBF3BF99300F1041E9D409A7394DB365E91CF80
                                          Function 00E6B483 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: aa7398271bea6a4d9f3e0bb6f7fd9103c9facc8968c76b1e0c4851563304dd52
                                          • Instruction ID: be661d7c71225fd1f9856a9b40c7bc3893607da465bcb0c2ff777a079086a57c
                                          • Opcode Fuzzy Hash: aa7398271bea6a4d9f3e0bb6f7fd9103c9facc8968c76b1e0c4851563304dd52
                                          • Instruction Fuzzy Hash: 3411F574A042288FCB65DF24D8507AABBF6FF4A304F5045E9E489AB350DB755E80CF81
                                          Function 00E6A453 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "
                                          • API String ID: 0-123907689
                                          • Opcode ID: 0ceb0da6c6cf5d3e07f4ce334ba790d479481e5744ad214480c060db9399de2d
                                          • Instruction ID: 9476aa473009f4d33c3d5b98d48e43d1007e033b8c8086f1f544721354a58159
                                          • Opcode Fuzzy Hash: 0ceb0da6c6cf5d3e07f4ce334ba790d479481e5744ad214480c060db9399de2d
                                          • Instruction Fuzzy Hash: A301D274A052288BDB65EF24C890BEABBF2FB49300F1040E9D559A7354DB345E84CF81
                                          Function 00E6868E Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e72b7f53ff1e5d81b2bb3ad1ec424b15216063351f642cf44fcd9e722da416a
                                          • Instruction ID: 0fcfe43fcad713f09ea27ce5c164e1e96e16b3fa51da268d8d0faa99014a9e30
                                          • Opcode Fuzzy Hash: 3e72b7f53ff1e5d81b2bb3ad1ec424b15216063351f642cf44fcd9e722da416a
                                          • Instruction Fuzzy Hash: 9CA1E9B4A066188FEB65DF24C950BAABBF2FF89300F5044E9D409A7356DB349E81CF41
                                          Function 00E6C1CC Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59592bcce0cf5213f46d6ce06e83cd4abca11a0ec4bb44a2908b9ca082d8bc69
                                          • Instruction ID: 1265b6d904adf4f4e6311032474922742215588fa8f25fd8fa5c2b6b20984946
                                          • Opcode Fuzzy Hash: 59592bcce0cf5213f46d6ce06e83cd4abca11a0ec4bb44a2908b9ca082d8bc69
                                          • Instruction Fuzzy Hash: 3651D274A052288BCB64EF24C99079ABBF2FF89700F1085E9D589A7394DF755E81CF81
                                          Function 00E6856F Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aaa7bf15d8b015c9e5f063c8cd92b5a211fc8f993fa2b9c170e51fbc5a8c13c7
                                          • Instruction ID: 62ed23eb8fc171d5f78c013ab32b371919a2c801b63114f605983fed3f776879
                                          • Opcode Fuzzy Hash: aaa7bf15d8b015c9e5f063c8cd92b5a211fc8f993fa2b9c170e51fbc5a8c13c7
                                          • Instruction Fuzzy Hash: 3451C674A052188FEB65EF24C950BAAB7F2FF4A700F1084E9D489A7394DF345E818F91
                                          Function 00E6B689 Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 982fdfa1af6a4a4d579eca4f6ecae464a7d7f97bc990b9918b6b4864829dbb71
                                          • Instruction ID: 4b0942b3f1b0d6648225c6f803b54cb9b332d3cef47b11bc7abeae0f5a674d73
                                          • Opcode Fuzzy Hash: 982fdfa1af6a4a4d579eca4f6ecae464a7d7f97bc990b9918b6b4864829dbb71
                                          • Instruction Fuzzy Hash: 625108B4A046198FCB75EF24C950BAEBBB2FF89301F1044EAD509A7394DB346E819F41
                                          Function 00E6974A Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 875acbaebe6e7e599779dc89356f4a90ae721de7cea6296663edece2db863602
                                          • Instruction ID: ac2d01f413d3ab4994500e0cd783f5b3b16d13736837ffe509dd95eabd82ee57
                                          • Opcode Fuzzy Hash: 875acbaebe6e7e599779dc89356f4a90ae721de7cea6296663edece2db863602
                                          • Instruction Fuzzy Hash: AF5105B4A052288FCB64EF24C8507AABBB2FF89300F5044E9D60DA7795DF345E859F81
                                          Function 00E697F7 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8973f0fb1715a5442c07d97a1600ff6441f7727ac3eed5c320da3f4cd9dd2dba
                                          • Instruction ID: dfe7859b92f448ec01d1f5e0628363d9963d923998a86d5785b59026dbaa56e3
                                          • Opcode Fuzzy Hash: 8973f0fb1715a5442c07d97a1600ff6441f7727ac3eed5c320da3f4cd9dd2dba
                                          • Instruction Fuzzy Hash: 3C5127B4A092288FCB64DF24C850BAABBB2FF89300F1044E9D50DA7795DF345E859F91
                                          Function 00E6FD58 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed4f76d8e07c8d060eafac3ff07cf759d96581cf781bed6a9f9055b442740361
                                          • Instruction ID: a3b553f70b08f116d99ee6ca8e77125cd25be85ccf58a5ac3cc94c9bf99a1e5f
                                          • Opcode Fuzzy Hash: ed4f76d8e07c8d060eafac3ff07cf759d96581cf781bed6a9f9055b442740361
                                          • Instruction Fuzzy Hash: E3411A70E002099BDB14DBA9E854BEEBBF2BF88751F109065E415B73A5CB319C01CFA0
                                          Function 00E67DA8 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb45b37250bc866814d8ee0215dac5f1da3ee0c438afa2a89b2e43c96946e157
                                          • Instruction ID: 9e414f7719136f5d0c2ce36f3eb1903e010b7bcdee16c71cc8144f838a7024ad
                                          • Opcode Fuzzy Hash: bb45b37250bc866814d8ee0215dac5f1da3ee0c438afa2a89b2e43c96946e157
                                          • Instruction Fuzzy Hash: E641D674E066188FEB64DF25D950BAABBB2FF89300F1044E9D409A7396DB345E80CF81
                                          Function 00E68F58 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afd1f87041a50cceef9edd046b5137a1ee3a6ea122c34c0a2faf416c2453ea9f
                                          • Instruction ID: cd1937775438a7248d0dd305ce9aa5def38ce9b1d242dab3c6043184421b02b0
                                          • Opcode Fuzzy Hash: afd1f87041a50cceef9edd046b5137a1ee3a6ea122c34c0a2faf416c2453ea9f
                                          • Instruction Fuzzy Hash: 3D41F674A042698FDB65DF64D890BEEBBB2FB4A304F1044E9D419A7394DB359E84CF80
                                          Function 00E68E3A Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1c02c67236101b170b8594b14172ecf13ea865207318ef792d35564ca58bba8
                                          • Instruction ID: dff6882ce37474bc1efd636f1122bafec26e00634c4b5a765a3c50f88a3b9238
                                          • Opcode Fuzzy Hash: f1c02c67236101b170b8594b14172ecf13ea865207318ef792d35564ca58bba8
                                          • Instruction Fuzzy Hash: FB41D474A052688FDB64EF64C850BAABBB2FB49300F1085EAD50EA7394DB345E85DF50
                                          Function 00E6D1AF Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4116faed23e4961002fa5febd95772e597f0f39b404e8d66a9429dafc8016f58
                                          • Instruction ID: beac5e19ef9b0657d3d77889db70899dc348e82028454fd67f7e63e8123433e2
                                          • Opcode Fuzzy Hash: 4116faed23e4961002fa5febd95772e597f0f39b404e8d66a9429dafc8016f58
                                          • Instruction Fuzzy Hash: B1410DB4A052188FDB65EF24C950BAABBB3FF9A300F5044D9D049A7354DB365E90CF41
                                          Function 00E695B8 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8095d6c567b01e325b688a20fb40d75b6fb798735fb0cf914d6b38446dfc690
                                          • Instruction ID: 6b86749684ef463c78ea589cc0d6a95ddf0c6049f8bf0602dbe6fe86c557784d
                                          • Opcode Fuzzy Hash: e8095d6c567b01e325b688a20fb40d75b6fb798735fb0cf914d6b38446dfc690
                                          • Instruction Fuzzy Hash: 5441D274E052088FDB55EFA4D590ADEBBF2FF89300F104069E406AB3A4DB34AD828F51
                                          Function 00E66010 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39905b6b5c3d82e5135150b1ede34b0a3bd9fa4bdb8d1fdba5a44d6c44a20ed5
                                          • Instruction ID: 83f7b4524d66b1e0e921c449d72dae4e83ba5df72b9f28e4c4e35fd79c7476b6
                                          • Opcode Fuzzy Hash: 39905b6b5c3d82e5135150b1ede34b0a3bd9fa4bdb8d1fdba5a44d6c44a20ed5
                                          • Instruction Fuzzy Hash: C4218070A59104CBCB54DF69E8046F9B7F5EB8F341F10A434E00AB7251DF3498408B54
                                          Function 00E6FC49 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9cac51bf47746ed4aff5e2d560bcbe58058b14120c0e44fea65d3cc6becc885
                                          • Instruction ID: 814d0edaf48d13668aefe9ef993ceb0dfe443aec0574be97d710441e49ff344d
                                          • Opcode Fuzzy Hash: a9cac51bf47746ed4aff5e2d560bcbe58058b14120c0e44fea65d3cc6becc885
                                          • Instruction Fuzzy Hash: 6521F332A0435A4FCB129BA9EC102EFBFB5EF86320B15466BD515E7240EB30AA45C7D1
                                          Function 00E6C994 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3be7e929830b7383240d35d07248a9a20b770ec0aa5f016614d7e3b855588d2
                                          • Instruction ID: e9cbf14663c07e16f50546d6f73a113087fad4181de20347fcfae85556e2fb95
                                          • Opcode Fuzzy Hash: d3be7e929830b7383240d35d07248a9a20b770ec0aa5f016614d7e3b855588d2
                                          • Instruction Fuzzy Hash: EA3109B4A462598FEB64DF64C8507AEB7F2FB89300F1045EAD41AA7396DB345E80CF41
                                          Function 00E68D1B Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8c75b7914dc313f32c21ccb06ec02333d1307ea3bf9a32ea9a79e3a429d39e3
                                          • Instruction ID: 1d8ab5dea9171c4591e8b4196dad3c9f5961439fc2b00d75dcab70d6e06a84d7
                                          • Opcode Fuzzy Hash: e8c75b7914dc313f32c21ccb06ec02333d1307ea3bf9a32ea9a79e3a429d39e3
                                          • Instruction Fuzzy Hash: D23106B4A052188FCB64DF24C8907AABBF2FF49305F5040E9E609A7394DB346E84DF45
                                          Function 00E6940A Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cd6e26fa50bc4e33e4ebc7d79a0835dca8dffcadad57213bc20f093e881ea7b
                                          • Instruction ID: 50be886d4dd76bfeba245b0b0a7c143b418d154116b2f174df370348538e8dbf
                                          • Opcode Fuzzy Hash: 5cd6e26fa50bc4e33e4ebc7d79a0835dca8dffcadad57213bc20f093e881ea7b
                                          • Instruction Fuzzy Hash: 5531D274A052288FDB64DF24C890BAABBB2FF8A300F5040E9D54DAB395DB345E85CF41
                                          Function 00E69528 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 554a8b9e48fb646916c6104606eaa90ce3706ecb285edb7ffa32eaaece298008
                                          • Instruction ID: e3fd78c33d5fbc78dd8e4041a28dbabff0f986fcaa229be2353addd8e9902bd6
                                          • Opcode Fuzzy Hash: 554a8b9e48fb646916c6104606eaa90ce3706ecb285edb7ffa32eaaece298008
                                          • Instruction Fuzzy Hash: B331E174A08228CFDB65DF24C854BAABBF6FB49304F1054E9E509A7398DB745E809F41
                                          Function 00E6B8AB Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfa5d0b0a556904e54e032beac12d2c5e18a4d69c45408a67c2bdc4ccec1218c
                                          • Instruction ID: e827d78d16d831643fd22b039e97efac6c7ea6b72d7679a0dd2dc60185198e86
                                          • Opcode Fuzzy Hash: dfa5d0b0a556904e54e032beac12d2c5e18a4d69c45408a67c2bdc4ccec1218c
                                          • Instruction Fuzzy Hash: 8431D474A043188FDB66DF64D8507AABBFAFB49700F5084E9E009A7394DB755F848F41
                                          Function 00E67AB1 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6e8ad4a9fda796766a62f86c9d22b6f04c945e23c4ce744ac347af6c55a9d61
                                          • Instruction ID: 5dc76501fad795f4b16a437e7025eae51fc001a26779743622a6a4a3c5c08578
                                          • Opcode Fuzzy Hash: a6e8ad4a9fda796766a62f86c9d22b6f04c945e23c4ce744ac347af6c55a9d61
                                          • Instruction Fuzzy Hash: 59215E74A08609CFDB14EFE8D451AEEBBF2EB8C304F108469E905A7345DB385E45DB62
                                          Function 00E6BCC7 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5656126cee4624cfba7afbe81e4852f4796e543b6dc321199cbe36553b281301
                                          • Instruction ID: ecb0373a3ebca9bcbc3f37a79f12ef1de66a4f181bfc4e1659094ef461ef31b8
                                          • Opcode Fuzzy Hash: 5656126cee4624cfba7afbe81e4852f4796e543b6dc321199cbe36553b281301
                                          • Instruction Fuzzy Hash: B031F8B4A042188FCB64DF24D960BAABBF2FF49304F5004E9D409A7395DB349E81DF81
                                          Function 00E67D18 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5b45b1d71d6d09758c78b602bcada700e26589efe3446e99aa43c61dbd2f8ff
                                          • Instruction ID: 4a8f97bc72021e755d6f21d793ad66149ba9cad39222f1a4e20451c53fb89c5c
                                          • Opcode Fuzzy Hash: d5b45b1d71d6d09758c78b602bcada700e26589efe3446e99aa43c61dbd2f8ff
                                          • Instruction Fuzzy Hash: EC310A74E046698FDB64EF24D850BAABBF2FB49309F1044EAD409A7394DB395E84DF40
                                          Function 00E67C6D Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10bf4902285be7f823662635b0ea62c4b71cbf6103437eda18b97c0e00ee7b94
                                          • Instruction ID: cf272f62f584503ddd8ce30142fd4c63e1965272cc335c1a4c889c2f1ecea8db
                                          • Opcode Fuzzy Hash: 10bf4902285be7f823662635b0ea62c4b71cbf6103437eda18b97c0e00ee7b94
                                          • Instruction Fuzzy Hash: B031C974A0426A8FCB64EF24C950BAEBBB2FF49305F1044E9D419B7394DB745E819F41
                                          Function 00E67AC0 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7666eb94ee863c07a2f790a911730acf4f951db794c8450fdb0b433ea220cd8b
                                          • Instruction ID: 89b0f9635791c4f35b111371fa655dd100da3b58670d46b907db3b094f661c5e
                                          • Opcode Fuzzy Hash: 7666eb94ee863c07a2f790a911730acf4f951db794c8450fdb0b433ea220cd8b
                                          • Instruction Fuzzy Hash: 1C213D74A08109CFDB54EFA8D451AEEBBF6EB8C304F108069E915A7344DB345E419F62
                                          Function 00E6C13D Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18fe09d92cd3ea2e7f116d2ae6daaa403cee0001e2284876449621c598712576
                                          • Instruction ID: b7fd0dc7521f4357b9c3c10cce68c9c6afeec82ee83beb832154b5f913d4163a
                                          • Opcode Fuzzy Hash: 18fe09d92cd3ea2e7f116d2ae6daaa403cee0001e2284876449621c598712576
                                          • Instruction Fuzzy Hash: FF21B474A053188BDB65EF24CD50B9ABBB2FB4A300F1084E9D40AA7B54DB345E85DF42
                                          Function 00E6844A Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76dfef06bbfdd58925489cc6b2505b96d814a733ac172beb19f70751019598b7
                                          • Instruction ID: 702a4f01155333f03d1106bb5707a4b1d37a8fc9e62e44d0cae15127e14b6c15
                                          • Opcode Fuzzy Hash: 76dfef06bbfdd58925489cc6b2505b96d814a733ac172beb19f70751019598b7
                                          • Instruction Fuzzy Hash: D721C674E096188BDBA5DF24C950B9ABBF2FB49700F1041E9D00EA7355DB396E85CF81
                                          Function 00E6A696 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddabbebac82a3cd62d9132ac4f38d9270dcfb24c60c074c075f1668702e12f41
                                          • Instruction ID: 3fa79f32a60353b2086d253ef2e5b14e9bf2df3410d6b6d544373807402c56f7
                                          • Opcode Fuzzy Hash: ddabbebac82a3cd62d9132ac4f38d9270dcfb24c60c074c075f1668702e12f41
                                          • Instruction Fuzzy Hash: 8221F674A052698FDBA4EF24C990BAABBB6FF49705F1044E9D009A7395DB345E80DF80
                                          Function 00E6AD83 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bbf8708201beeb1d89ed5abcb06ba44ba2a8ac45c0f2a24dc425efdb66db7c6
                                          • Instruction ID: bc26b7b5bf40019a8da0e9d71f4ef10c92987d539483877f8f2651efc69e8628
                                          • Opcode Fuzzy Hash: 3bbf8708201beeb1d89ed5abcb06ba44ba2a8ac45c0f2a24dc425efdb66db7c6
                                          • Instruction Fuzzy Hash: AE21E474A042289FDB65EF24D8507EABBB2FB4A300F5084E9D109A7354DF345E85DF91
                                          Function 00E6962C Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0e7bd1b74c2f638dd3fc81b9f96c0e56a9e8a24bfd723a9b4f7c30f2bd31015
                                          • Instruction ID: 43e04f413c2bef965512ea269548d997fd4b99c64c9d764f888cefc510b4a43f
                                          • Opcode Fuzzy Hash: e0e7bd1b74c2f638dd3fc81b9f96c0e56a9e8a24bfd723a9b4f7c30f2bd31015
                                          • Instruction Fuzzy Hash: 8121C374A0422C8FCB69EF24C851BEABBF2FB5A700F1045E9D149A7394DB745E818F81
                                          Function 00E68075 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00d0afa47f801f8ce363595767c530d84d8018ae5f088e57cb1a35cc6ee688fb
                                          • Instruction ID: c24529d9980d8c8e785e79e5ab9dfb9e9fbd57e64de21f59cfec9d36d2259225
                                          • Opcode Fuzzy Hash: 00d0afa47f801f8ce363595767c530d84d8018ae5f088e57cb1a35cc6ee688fb
                                          • Instruction Fuzzy Hash: 7E21F8B4B052598FCB65DF24C950BAAB7B2FB4A300F1040E9D10EA7B94DB345E81DF42
                                          Function 00E68193 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24111fa5b716b8ab63222f4913c75a80e4f7bde92bc40359114a0ff1c88248d2
                                          • Instruction ID: 1254100ed0191ee67b800afd9fa88d134b40c9bdc4745aeff202c3fdf124dbfd
                                          • Opcode Fuzzy Hash: 24111fa5b716b8ab63222f4913c75a80e4f7bde92bc40359114a0ff1c88248d2
                                          • Instruction Fuzzy Hash: B621E5B4A042698FCB65EF64C950BAABBF2FF49304F1044E9D10AAB795DB345E80DF41
                                          Function 00E68104 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52126453daa4ea2464a8cf23f52a6fdb2891601b3e3493e0f967cc735849e53b
                                          • Instruction ID: a8b58cce8dc6f296aa9d361f3eecc3d6b6821c1316ffc8519633ddb0fce803f9
                                          • Opcode Fuzzy Hash: 52126453daa4ea2464a8cf23f52a6fdb2891601b3e3493e0f967cc735849e53b
                                          • Instruction Fuzzy Hash: F221F6B4A062188FDB64EF24C960BAABBB2FF49304F1040E9D509A7794DB346E81DF41
                                          Function 00E6832C Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 196ba66f6ac4eef0da164cf222ab967be4197db75c619d09c77c42dfe64ab9a8
                                          • Instruction ID: e6ffd4174db99a191928c4156d29d8d33158017e0c956efa855e04cc392493ff
                                          • Opcode Fuzzy Hash: 196ba66f6ac4eef0da164cf222ab967be4197db75c619d09c77c42dfe64ab9a8
                                          • Instruction Fuzzy Hash: A021E474A057288FCB64EF24C950B9ABBB2FB8A301F1055E9D40AA7B54DB355E80CF42
                                          Function 00E6A309 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55747b1610ea2e380ce83f87f9eea8f62b8ebbc91581a3cbc09fec9fc1e0d4b4
                                          • Instruction ID: 16139f4a814036792bab37e503edaa1966de81a3d0dcb15bca86569bf9ce3189
                                          • Opcode Fuzzy Hash: 55747b1610ea2e380ce83f87f9eea8f62b8ebbc91581a3cbc09fec9fc1e0d4b4
                                          • Instruction Fuzzy Hash: 3A21E674A04A188FCB64DF28CC60BABBBB2BB49306F5000E9D009A7395DB345EC18F41
                                          Function 00E6C4C3 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61451cff534d7b67653dceaecde45babeeb2b98a5768515c4d7e3499bc6841fd
                                          • Instruction ID: 44ce035246ab882dba2fd1aaaafc92769136968b3dc748203a7602851fadcbd6
                                          • Opcode Fuzzy Hash: 61451cff534d7b67653dceaecde45babeeb2b98a5768515c4d7e3499bc6841fd
                                          • Instruction Fuzzy Hash: CB21BA74A062188FDB65DF64C8507DABBB2FF8A300F5044E9D549A7355DB345E81CF81
                                          Function 00E685FE Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 57d016fcb142a2360cf3e9c2bb87783a79ab6b259642c61ee23183eda22af9fd
                                          • Instruction ID: d906de2d9112d4d85b96174360a4fc2ca997b2d37411d6b15991dd660741c0f1
                                          • Opcode Fuzzy Hash: 57d016fcb142a2360cf3e9c2bb87783a79ab6b259642c61ee23183eda22af9fd
                                          • Instruction Fuzzy Hash: B021F574A056198FCB64EF24DC90BAABBB2FF49341F5040E9D509A7794DB346E81DF40
                                          Function 00E6A607 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f63bfe3184a8be320a899de9f34048629ca895a64c6656367ebf4dcdf041e7fe
                                          • Instruction ID: c0ded29a6270c160ffeeabe06400364e8c3d46d276ffc26166db6fba7c7a29b1
                                          • Opcode Fuzzy Hash: f63bfe3184a8be320a899de9f34048629ca895a64c6656367ebf4dcdf041e7fe
                                          • Instruction Fuzzy Hash: 9221F774A052188FCBA5EF24C95479ABBF2FB49300F5045E9D00EA7364DB346E818F51
                                          Function 00E6871D Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d3662103a3fdd6207c7cb65c4ca0d094f03f423b4a7f8a014b69b808f264ac8
                                          • Instruction ID: 885f7128f8bb0409c52165f6f25fc3a70317d8570939e1f104b2f91a3e6c6ebe
                                          • Opcode Fuzzy Hash: 4d3662103a3fdd6207c7cb65c4ca0d094f03f423b4a7f8a014b69b808f264ac8
                                          • Instruction Fuzzy Hash: 5721F7B4A046188FCB64DF24C8507AAB7B6FF8A301F1040E9D609A7355DF346E84DF41
                                          Function 00E688D2 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8891f736c0dee49b6e2d45b9e6a3ab6d9aded38e608a145985441dbbeeb8764
                                          • Instruction ID: e7db6fc3de48745128a60b8eaef79af094ac3e808725b224a77845fe31ee41e6
                                          • Opcode Fuzzy Hash: b8891f736c0dee49b6e2d45b9e6a3ab6d9aded38e608a145985441dbbeeb8764
                                          • Instruction Fuzzy Hash: 0721C574A056188BCB65DF25C8907DABBB2FF8A301F1044E9D50DAB364DB345E80CF81
                                          Function 00E689F0 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8493cb9fca74c889813f2b44f958548d5a3f0e2a2b64692524918539e323f2d
                                          • Instruction ID: d47b9f91303034d867ee5dde2ef4d5e3e102f3d86d5d37060732eefb45ef2db4
                                          • Opcode Fuzzy Hash: d8493cb9fca74c889813f2b44f958548d5a3f0e2a2b64692524918539e323f2d
                                          • Instruction Fuzzy Hash: 0421F578E052588FDB64DF24D95079AB7B3FB99300F1041EAD009A7354DB365E908F40
                                          Function 00E68961 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0453eaf8421b9d14ae7d9b2bfbaca38bc009c0e122f5c5d3058dbb61dff34ad
                                          • Instruction ID: 05725129c4db08f7b9f03f1afe9ffc44aba2277b699f6ef3dc0d61f8884ae02b
                                          • Opcode Fuzzy Hash: c0453eaf8421b9d14ae7d9b2bfbaca38bc009c0e122f5c5d3058dbb61dff34ad
                                          • Instruction Fuzzy Hash: C921AE74E096288BCBA5EF64C95079ABBF2FB49301F1040E9D50EA7394DB386E859F41
                                          Function 00E68B3A Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90239c69f1ecb59306ab991814d58e67a3b58eceec8682aa886af99c93fe3bfa
                                          • Instruction ID: d06f32d3eb51c156c84546c70703b58b28a2f68253cce197c69eb823ea352714
                                          • Opcode Fuzzy Hash: 90239c69f1ecb59306ab991814d58e67a3b58eceec8682aa886af99c93fe3bfa
                                          • Instruction Fuzzy Hash: C321D674A056588FCB6ADF24C9507AABBFAFF49701F1044E9D009AB3A4DA356F84CF41
                                          Function 00E6ACF3 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eda8729fada21c6b3b45a74faf4141e4715cbef8e4a05f6c5077aa82cacb5ac3
                                          • Instruction ID: 80a866d6a977fe45f7400993749927fb6abb6de0c0f5fd41a5c8a1375942c024
                                          • Opcode Fuzzy Hash: eda8729fada21c6b3b45a74faf4141e4715cbef8e4a05f6c5077aa82cacb5ac3
                                          • Instruction Fuzzy Hash: AD212874A452598FCB64EF24C9547AAB7F2FB49300F1045F9D41AA73A4DB346E81CF41
                                          Function 00E6B0E7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0e1b65aab3ce5924e34b787265c0d1bca293f8ef7a5b68ccd0d433dcefaf679
                                          • Instruction ID: 60c4ee592ac1859302e842244c8e8bfdf15270e16793bddd9a1a1a3bc2cd9e2d
                                          • Opcode Fuzzy Hash: d0e1b65aab3ce5924e34b787265c0d1bca293f8ef7a5b68ccd0d433dcefaf679
                                          • Instruction Fuzzy Hash: CB21FB74E492198BCBA5EF24C9507AABBF2FB49300F1040E9D45EA7355DB386E85CF81
                                          Function 00E691C0 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5779b364d824641311aad74b137d2a733c0885cf14e40277c33b7c1f2ef46ad
                                          • Instruction ID: 9e723a34d8011837e561a12b7ec027312391bb0e145d1b8920793561f3e99cd3
                                          • Opcode Fuzzy Hash: e5779b364d824641311aad74b137d2a733c0885cf14e40277c33b7c1f2ef46ad
                                          • Instruction Fuzzy Hash: 5C21E774A052288FDB65EF64C9947AABBF2FF49300F1040E9D509A7395DB386E81DF41
                                          Function 00E69131 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d41f627f2dee2994394ba1d384210f4c97c3839ee55da5d0b3866af4b2b707c6
                                          • Instruction ID: 78fe1094e27724b12d743ef861b15ff1fcdeae6cb55f7e25cdc707828450f746
                                          • Opcode Fuzzy Hash: d41f627f2dee2994394ba1d384210f4c97c3839ee55da5d0b3866af4b2b707c6
                                          • Instruction Fuzzy Hash: 5721E8B4A046588FCBA4DF24C8907AAB7B6FF49301F1040E9D20EA7395DB349E819F41
                                          Function 00E6B205 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2ce5353d5809560efd6507440d6bae7a43e030fe4898c93d852d25d529cf146
                                          • Instruction ID: b19be1462776ff83a28455cdf7dfdd9e577a19856a0075a336d6dfb5dd5f001d
                                          • Opcode Fuzzy Hash: b2ce5353d5809560efd6507440d6bae7a43e030fe4898c93d852d25d529cf146
                                          • Instruction Fuzzy Hash: E9211D74A042588FCB75EF64C950BAABBB2FF4A304F1040E9D44A677A4DB346E81DF41
                                          Function 00E6B30C Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a548c50877798287d7984d806e1228bdecc6ab65742b0059e72f3395e914c9de
                                          • Instruction ID: 513a15860cffee6d696c9090f02fabdbe546c3eea61b3f3c4228b752a558128f
                                          • Opcode Fuzzy Hash: a548c50877798287d7984d806e1228bdecc6ab65742b0059e72f3395e914c9de
                                          • Instruction Fuzzy Hash: A221F5B4A056688FDB64DF24C8507AABBB3FF89301F1044E9D50DA7354DB369E908F81
                                          Function 00E6B78D Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a730624ac3eb4ec46038ef4c0191fb586efa2de2f6df1c87b287bdfa9916d185
                                          • Instruction ID: 2b8c31953f6413d02d44441bba2fa0fc33021614a16c8f9e24d722a5cf6a08c0
                                          • Opcode Fuzzy Hash: a730624ac3eb4ec46038ef4c0191fb586efa2de2f6df1c87b287bdfa9916d185
                                          • Instruction Fuzzy Hash: 2621C374A046288FCB65EF24CD507EABBB2FB8A301F5045E9D419AB354DB356E81CF80
                                          Function 00E698B7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4194e27e87cfd4897e21916109a9b9dde3904ebc401d838e10e2930802e0903
                                          • Instruction ID: 7567c63eece7e6955f092efd279343b93b31a2ea75f3a8b041b27fa8d53cfc96
                                          • Opcode Fuzzy Hash: d4194e27e87cfd4897e21916109a9b9dde3904ebc401d838e10e2930802e0903
                                          • Instruction Fuzzy Hash: 3E21C574A092288FDBA5EF24C9987AAB7B2FB49300F1041E9D04DA7364DB355E85CF41
                                          Function 00E69946 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d288826d779345da20634b990c37dbcf38a4dedc0fc8a55f8c557257b0187c6
                                          • Instruction ID: a8f4b14b4baad3246c8fc4b9020723ea53d2406baf8b34c7e2f55b6b9183e395
                                          • Opcode Fuzzy Hash: 7d288826d779345da20634b990c37dbcf38a4dedc0fc8a55f8c557257b0187c6
                                          • Instruction Fuzzy Hash: 4821C574A042A88FCB64EF24C95079AB7F6FF49300F1085EAD489A7394DF345E819F81
                                          Function 00E69ADE Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: acfe782473bc0b116217cde3a8d7123791961ad80e3629a5912f0df6e7a56c61
                                          • Instruction ID: a306bfaf3948443e29aec8013eb8b734aafe509b535a362b62d05a8b6d736674
                                          • Opcode Fuzzy Hash: acfe782473bc0b116217cde3a8d7123791961ad80e3629a5912f0df6e7a56c61
                                          • Instruction Fuzzy Hash: 90211974A082188FDBA5EF24C8507AABBB6FF89705F1044EAD40DA7394DB345E85DF40
                                          Function 00E69BFC Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24eb74c518a9b9fe57d12c7a3381964bf054f8f96222dfe42db87a79930a5f44
                                          • Instruction ID: 91520d70ad4e09bdeee6a090aae126fb546a0dad8c26f22970a076126e84086a
                                          • Opcode Fuzzy Hash: 24eb74c518a9b9fe57d12c7a3381964bf054f8f96222dfe42db87a79930a5f44
                                          • Instruction Fuzzy Hash: A721B874A052598FDB65EF24C954B9EB7B2FF89300F2045E9D409A73A4DB345E818F41
                                          Function 00E69B6D Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f8bdec6e81b02022779cfb5dd8f912d979379bd6b731b97610473c20af67d41
                                          • Instruction ID: c8f2c404d792866646abda48c6be71396d2f85d6ec9af1b5ef75b3951bfc3ae7
                                          • Opcode Fuzzy Hash: 2f8bdec6e81b02022779cfb5dd8f912d979379bd6b731b97610473c20af67d41
                                          • Instruction Fuzzy Hash: 9A21C974A053198FDB65DF24C950BAAB7B2FF8A300F5045E9D40AABB54DB345E80DF42
                                          Function 00E67C89 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3102b733f566903fdbe3aa60b478b6f1a34a721d3b3fe9d48e646b08bfaa3089
                                          • Instruction ID: cccac2de82c45f593eed047a363f9a36bce56912729fdbd536cd09555a3cf86e
                                          • Opcode Fuzzy Hash: 3102b733f566903fdbe3aa60b478b6f1a34a721d3b3fe9d48e646b08bfaa3089
                                          • Instruction Fuzzy Hash: 1D21E674B042188FDB64DF25C950BAAB7B2BF4A300F5040E9910EA7B94DB345E81DF42
                                          Function 00E69DA9 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67aa450edcf34e4121c1dcad88006092ead3efbd08ab3a053f8a63ec011d5fd4
                                          • Instruction ID: 95f7b426747c9452f15a8ca508904d3b08b3c5a48b506dbfd739149eab1cf325
                                          • Opcode Fuzzy Hash: 67aa450edcf34e4121c1dcad88006092ead3efbd08ab3a053f8a63ec011d5fd4
                                          • Instruction Fuzzy Hash: CF21C474A042598FDB65EF64C850BAABBB6BB89304F5080E9D10DAB7A4DF345E81DF40
                                          Function 00E67EC7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b22b6d356c8a662d9cb5ec6979a3dba99dd3f150b986d11687b5c56daf4be29
                                          • Instruction ID: f9a019843a3cafe0bc9241688b2035e75132e568f42a113b211c0e28de00bc96
                                          • Opcode Fuzzy Hash: 6b22b6d356c8a662d9cb5ec6979a3dba99dd3f150b986d11687b5c56daf4be29
                                          • Instruction Fuzzy Hash: F721A774A053188FDB65EF24C990B9AB7B2FF8A700F5040E9E50AA7B54DB345E80DF42
                                          Function 00E6B2A9 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80ad9908618d1770bfcfe6b92e9ded7432ea431e2d860024d08384e3a3b426d5
                                          • Instruction ID: b6e833c24185b6bef2043227b263ddb8810a865798c350930a3dcbe12300ad6f
                                          • Opcode Fuzzy Hash: 80ad9908618d1770bfcfe6b92e9ded7432ea431e2d860024d08384e3a3b426d5
                                          • Instruction Fuzzy Hash: 09219274A042588FCB60DF24C8907AEB7B1FF4A314F1001EAD459AB3A5CB346E81CF41
                                          Function 00E660DB Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 502726eb0863382a28ddbfe3bcdc137503641ac8f55cfcb7aa00568e6d6f1a81
                                          • Instruction ID: 7b45480b267f8653bb3e318249e4d0035dbe9fa26278c12f4d53a20e8a7b5a00
                                          • Opcode Fuzzy Hash: 502726eb0863382a28ddbfe3bcdc137503641ac8f55cfcb7aa00568e6d6f1a81
                                          • Instruction Fuzzy Hash: B0013970A99108DBCB64DF69E8546FCB7B5EB8F351F24A434D00AB7251DB3098448B10
                                          Function 00E6A82C Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d2421ff126cfb7b7dc87a5097e176f210443222012c841c8388e6553a714d56
                                          • Instruction ID: 6a34d3e8976f5c1765be297835ff4433b1239b971447172fff5f73c9e3ae65c2
                                          • Opcode Fuzzy Hash: 1d2421ff126cfb7b7dc87a5097e176f210443222012c841c8388e6553a714d56
                                          • Instruction Fuzzy Hash: 5911F5B4A05A188FDB64DF14DC50BAABBF2FB49302F1044EAD109A7394DB345E808F51
                                          Function 00E6E381 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baaf8c9980db8acafcfffe411d880452fdbaa3180ae1a63648ed1f4b7b21d8b0
                                          • Instruction ID: 38aea78c6075167d5c060aabd4dc0a4148d3222906f5667e474cac3c71001de8
                                          • Opcode Fuzzy Hash: baaf8c9980db8acafcfffe411d880452fdbaa3180ae1a63648ed1f4b7b21d8b0
                                          • Instruction Fuzzy Hash: 6011E3B4A142188FCB60DF24D8907AEBBB2FB49314F5004E9E509A7394DB749E84CF45
                                          Function 00E68A7F Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78fac873bc8e08d10adc8f0bf97c9f7b543b670dd5d530347ecf67a5cf7f6177
                                          • Instruction ID: 919f1ec6c81b115b36d08ec7ea69a8fd9385bfcb2f548f2ad25b27ba2dc1e7ed
                                          • Opcode Fuzzy Hash: 78fac873bc8e08d10adc8f0bf97c9f7b543b670dd5d530347ecf67a5cf7f6177
                                          • Instruction Fuzzy Hash: 0011B374A08B188FDBA4DF18DC50BAABBB2FB59306F1014E9D009A7395DB746E848F41
                                          Function 00E68FE7 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61b4ba75cd6c1b634f0736665c111443478e37a509a66ba13807147bcccce965
                                          • Instruction ID: b7ad81ef3559c954582c57cd7bc64946cd5a382205ea7afecee0789902d53a62
                                          • Opcode Fuzzy Hash: 61b4ba75cd6c1b634f0736665c111443478e37a509a66ba13807147bcccce965
                                          • Instruction Fuzzy Hash: 2E11D274D482198FDB60DF14D894BAABBF2FB59304F4040E9D40DA7350DB796E858F41
                                          Function 00E6CFAD Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07ec7748d60125cd2855aa6a8c7d8103d2f7c1ed658218814994aff7c82dfc52
                                          • Instruction ID: fb9898f62a250eeac3b7aac0425033c282a702c81965c5c36b3066be5c2c46ec
                                          • Opcode Fuzzy Hash: 07ec7748d60125cd2855aa6a8c7d8103d2f7c1ed658218814994aff7c82dfc52
                                          • Instruction Fuzzy Hash: 4911F2B4A052698FDB60DF28D990BAABBF2FB4A304F1045E8D119A7791DB345E80CF41
                                          Function 00E6D0F4 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66dae4f62fd60833797cf573865cf2204192e01959221548b840d74257c054d2
                                          • Instruction ID: 3c83e0343562f678e6daff1cd6ce43e586f77629814880183c045a4bfb115837
                                          • Opcode Fuzzy Hash: 66dae4f62fd60833797cf573865cf2204192e01959221548b840d74257c054d2
                                          • Instruction Fuzzy Hash: 8F1115B4A052288FCB66DF24D86079EBBFAFB49304F1044E9D419A7391DB745F848F81
                                          Function 00E6FCC0 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4fd2a3cfd4bfb55ffcc1025a5b177df66feafa830a97540fede6d22cad7bcc7
                                          • Instruction ID: df70899b1c5db303002fb185b546d55d41e22efab9b10d49872c6d89f31b1699
                                          • Opcode Fuzzy Hash: d4fd2a3cfd4bfb55ffcc1025a5b177df66feafa830a97540fede6d22cad7bcc7
                                          • Instruction Fuzzy Hash: 26F01D72D0021B9BCB00DFA9E8153EFBBB5EF85315F118566E515F7200E7746A868BD0
                                          Function 00E67C5A Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88422190673fb141f0c363b7f3959874c4304c64f870255d36e78c6a4776a18e
                                          • Instruction ID: fe39a3fab48dba16cc30d23161f5e0898d34ce7d9e6e13165fb228aa8f4f554d
                                          • Opcode Fuzzy Hash: 88422190673fb141f0c363b7f3959874c4304c64f870255d36e78c6a4776a18e
                                          • Instruction Fuzzy Hash: E5F06D749482089FCB04DFA8E4446ADBBF5FB49304F2085B9D819A7391DB749E81DB81
                                          Function 00E6C033 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: faabe1f834baea6e4cd0d85e5f8563e85be3bea59e52fae0a9509d366a446d3a
                                          • Instruction ID: 8bfa29f6762ce01760a946e00833c9e968ea81f9f22dada4e14f07e3bc51b402
                                          • Opcode Fuzzy Hash: faabe1f834baea6e4cd0d85e5f8563e85be3bea59e52fae0a9509d366a446d3a
                                          • Instruction Fuzzy Hash: C801F274E08208CFDB64EFA4C49069EBBF2FF89300F20056AD016A7395DB346981DF40
                                          Function 00E682B1 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8d8aa642e0d0aef13bfc88ea81c9d21c7068e94e1c004712da08f0f9498f566
                                          • Instruction ID: 2f998ebd80b827087c3631620af087f83855fd2c04848e66efcc468f4d36c13e
                                          • Opcode Fuzzy Hash: b8d8aa642e0d0aef13bfc88ea81c9d21c7068e94e1c004712da08f0f9498f566
                                          • Instruction Fuzzy Hash: 2701EFB4A042488FDB14EFA4C550A9EBBB2FF49300F204569D016AB398DB385D858F80
                                          Function 00E684D9 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ed6ac32173adfa78025966415a38ded8367dcd7566ea5267386c791c2726275
                                          • Instruction ID: adcfeffb632d8a8f510b9c982f24540a7d923038809b0319dd4ad93dbf3ddd40
                                          • Opcode Fuzzy Hash: 2ed6ac32173adfa78025966415a38ded8367dcd7566ea5267386c791c2726275
                                          • Instruction Fuzzy Hash: F401F6B4A456288FDB64DF24C950BABBBF2FF89300F1045E9D109A7354DB355E908F40
                                          Function 00E6E6A8 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c21636d7a0766496d156cce3b770a49b79aba33da9ae0fe24271f55e81bcad6
                                          • Instruction ID: f6e497afb8f057b818f945d07777ca485b770ef0da08320b7cf3e7efe63bd7d6
                                          • Opcode Fuzzy Hash: 5c21636d7a0766496d156cce3b770a49b79aba33da9ae0fe24271f55e81bcad6
                                          • Instruction Fuzzy Hash: C601D2B4A0862C8FCB64DF25C8507EABBB2AB49301F6044E9D119A7394DB345F819F91
                                          Function 00E687AC Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1e4fc7bc8f6572858a0dd342177f300c07a795c0309830a87853f345f5de4fe
                                          • Instruction ID: c9cf0e3f98f4624fe3c4042cfb681be388fd484e0f0b66808ac653ae6eaac977
                                          • Opcode Fuzzy Hash: a1e4fc7bc8f6572858a0dd342177f300c07a795c0309830a87853f345f5de4fe
                                          • Instruction Fuzzy Hash: 8E01C474D092188BDB65DF24C950B9ABBB2FF49700F5050DAD00D67754DB386E808F81
                                          Function 00E68BC9 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de0695a0a1462f48f60870f94acab31c8b36d5077dd1cd8f387049fd949c3fdb
                                          • Instruction ID: ec3c4e84aa1455bd01e511055c25e2127d978b824c74fc3a303fa667ce708839
                                          • Opcode Fuzzy Hash: de0695a0a1462f48f60870f94acab31c8b36d5077dd1cd8f387049fd949c3fdb
                                          • Instruction Fuzzy Hash: 5D0116B4A046188BDB66DF20C8507AABBF6FB49700F1081E9D019A7354DB356F80CF41
                                          Function 00E6924F Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6087f8fff8081d5b5d4f96f8ee9acdd139d7bcc468788d58eec8d44652e5a70
                                          • Instruction ID: 22cb811c8168fff6a409c627b5036562d7e7e975702ef78eabfd629e5be3ae2e
                                          • Opcode Fuzzy Hash: c6087f8fff8081d5b5d4f96f8ee9acdd139d7bcc468788d58eec8d44652e5a70
                                          • Instruction Fuzzy Hash: 9901E874A053288BDBA5EF24C898B9ABBB2FB49300F1041E9D00967354DB345E81CF41
                                          Function 00E6BA84 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30944e8407643d197517daabbd63593a348219102054718b6c62e4be47160ac7
                                          • Instruction ID: d9523de2a9de148c7fc4ac9ecacaaff088eaa6b0fa66f3ee91900898057134e4
                                          • Opcode Fuzzy Hash: 30944e8407643d197517daabbd63593a348219102054718b6c62e4be47160ac7
                                          • Instruction Fuzzy Hash: 8C01D6749052198FDBA5DF64D850BAABBB6BB49700F1014E9D009A7394DB345F819F81
                                          Function 00E6C0AE Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b46cd06f2d16ba155431bd7bf2926fdf513cea88fc58f98acb08c091c7a12fe3
                                          • Instruction ID: d8c152792a66ec5f3f48e40b49076bc20cdec1c4141058bf955e255b7d37d17f
                                          • Opcode Fuzzy Hash: b46cd06f2d16ba155431bd7bf2926fdf513cea88fc58f98acb08c091c7a12fe3
                                          • Instruction Fuzzy Hash: BA01E474A056288FCB64DF64C8507EAB7F2BF4A301F5040E9D009A7794DB346E849F40
                                          Function 00E6E2F2 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e82abad26ff3eafec6ee910145584fd35cb444301c4944718dc69f8a24fd2aa2
                                          • Instruction ID: 946076c1e92da12d2f7902d5b37edd95c5b3b5c33bf556b3283b72389a175ea5
                                          • Opcode Fuzzy Hash: e82abad26ff3eafec6ee910145584fd35cb444301c4944718dc69f8a24fd2aa2
                                          • Instruction Fuzzy Hash: 5F019674A4431A8FCB65EB24C950BAAB7F2FF59300F1084E9949967355DE345E808F81
                                          Function 00E6A27A Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 660a7c28f521015a389bc58ceefe569bb17c9c3f62c61469a06ea64171f9fefe
                                          • Instruction ID: 9508523656e72e4f3f11d6d6e486ad57c13b83643fb7eecf74d7ad6e78fac64d
                                          • Opcode Fuzzy Hash: 660a7c28f521015a389bc58ceefe569bb17c9c3f62c61469a06ea64171f9fefe
                                          • Instruction Fuzzy Hash: 6101F674A046588FDB64EF24CC9879ABBB6FB89301F1041E9D009A7364DB345E858F40
                                          Function 00E68222 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9210745718906610470e0913ee1e74d088907d3063703ac0302e7ca09c554a60
                                          • Instruction ID: 6139d17074385b46d12bf62c7ce787a79a6d2e761ee3e6184a1b0fde6ff53da8
                                          • Opcode Fuzzy Hash: 9210745718906610470e0913ee1e74d088907d3063703ac0302e7ca09c554a60
                                          • Instruction Fuzzy Hash: EF01A474A04A588FDB65EF24CD50B9ABBF2FB49306F5081E9D449A7354DE385E848F80
                                          Function 00E683BB Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78ca1862e058b02b861c0d61d7c629ee426e74567b5f4d64c9d73ee6fd37c7ff
                                          • Instruction ID: 6bdfdf8284809fc58e9475e783f55d051be3fec04978a34d0dce2045a3877ff1
                                          • Opcode Fuzzy Hash: 78ca1862e058b02b861c0d61d7c629ee426e74567b5f4d64c9d73ee6fd37c7ff
                                          • Instruction Fuzzy Hash: 4B01E474A052188BDBB4DF24C950BAABBB2AB49704F1000E8D40DA7396DB345EC18F80
                                          Function 00E6A4E9 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fc8ec14075e0588aac56a6b861695bc35f431fb648de6794eaf9e796e7fb582
                                          • Instruction ID: 11ac5d51f44e7d0ba48739b5fb36b02828b33da3905a724718633fbe510af9ca
                                          • Opcode Fuzzy Hash: 9fc8ec14075e0588aac56a6b861695bc35f431fb648de6794eaf9e796e7fb582
                                          • Instruction Fuzzy Hash: 6601FB74A44A1A8FCB64DF14CD50BBBBBB2FB49302F1040F9D419A7395DA385E818F41
                                          Function 00E6E43C Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3858881184a57e58e6d36adf167cfe040b6816f9b6b70b963e2d0b39e8f1b25
                                          • Instruction ID: bd00fd09b2b108cdec21878b83f854e00469600003a6875db9f1afc0a48774b5
                                          • Opcode Fuzzy Hash: f3858881184a57e58e6d36adf167cfe040b6816f9b6b70b963e2d0b39e8f1b25
                                          • Instruction Fuzzy Hash: F701F674A05228CFEB64EF24C850B9ABBB2FF49300F1041E9D109A7394DB345E80CF52
                                          Function 00E6A578 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f77d8beeaa3e38b3a41acae6238696fefdee612f768be6111a88156293af748
                                          • Instruction ID: dc28c0a50f0daf6cbc2402ca54960b73b8e123d66e05c2ac3f12ed1206fd3df0
                                          • Opcode Fuzzy Hash: 2f77d8beeaa3e38b3a41acae6238696fefdee612f768be6111a88156293af748
                                          • Instruction Fuzzy Hash: 4B01B674A056288BCBA5EF64CC5879ABBB2FB89301F5041E9D00DA7364DB345E818F41
                                          Function 00E6C60D Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb39993d9c92a8b7382d5a4327a7c34cb989035e651563831b31ed5a8d880416
                                          • Instruction ID: 02f9049840892a78e2f3a59ce914ba07952364cf9df2e374d05aca8581d84d81
                                          • Opcode Fuzzy Hash: bb39993d9c92a8b7382d5a4327a7c34cb989035e651563831b31ed5a8d880416
                                          • Instruction Fuzzy Hash: 0C01A874D092188FDB65EF64C960B99BBB1FB49700F1040E9D40DA7394DB386E80CF91
                                          Function 00E6C876 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc8fbeb325525b97b0a2ef3b8a48f930d7c8bed30bac3c1513aac29eff941ce7
                                          • Instruction ID: 778285971941a229a696645e521aa3845e41eba44c1666ada2052566b437ad77
                                          • Opcode Fuzzy Hash: cc8fbeb325525b97b0a2ef3b8a48f930d7c8bed30bac3c1513aac29eff941ce7
                                          • Instruction Fuzzy Hash: 1001FBB49062198FDBA4DF14C950BAABBB6FF89300F1000E9D10E67395DB359E808F50
                                          Function 00E6AAB5 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50b835ff7dc8d4d294301e0160bda47278e719de69b82657f9f6a229aeb0e579
                                          • Instruction ID: 6f98337aecf50019c85e8d7db4a9cf7f9c49f0eae15d5792ee0320cc0037bfe6
                                          • Opcode Fuzzy Hash: 50b835ff7dc8d4d294301e0160bda47278e719de69b82657f9f6a229aeb0e579
                                          • Instruction Fuzzy Hash: 3B018474D092188BDBA5AB64C990799B7F1EB59300F1040E9E50DA7354DB386E81DF41
                                          Function 00E6CB42 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 327efeac9569f2a00c9a817d7c864c07e5f352520de84f0531fd24f4f56f5648
                                          • Instruction ID: afeb6e9e40f6f9cee582af4210cfea631d8ea4a93159bfd550fb84530348cf10
                                          • Opcode Fuzzy Hash: 327efeac9569f2a00c9a817d7c864c07e5f352520de84f0531fd24f4f56f5648
                                          • Instruction Fuzzy Hash: 5001B6B4A043198FDB65EF24CA9879AB7B2FB49300F1084E9D51AA7395DB345E80DF81
                                          Function 00E6EB31 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72b8a69bde23ea8e700f5c8a81292c9a69ef8128e35dda0578de15b77519a89d
                                          • Instruction ID: fc26f8a127236bbacc3bc9ba38d8e7419870d78d23014e1826713e070dd3d7a2
                                          • Opcode Fuzzy Hash: 72b8a69bde23ea8e700f5c8a81292c9a69ef8128e35dda0578de15b77519a89d
                                          • Instruction Fuzzy Hash: 6A01A874A0435C8FCB65DF14C9507D9B7B2FB4A300F1045D9D41AB7B94DA745E808F82
                                          Function 00E6AC64 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6ec79da257afd31c95177178afca81f85e0faa54921a4c65c831d2103b29a82
                                          • Instruction ID: 88db1caf6f7f1ceeb2a4ce6501b5a7d23a498925d4438de2480dbdfc0ed3be02
                                          • Opcode Fuzzy Hash: a6ec79da257afd31c95177178afca81f85e0faa54921a4c65c831d2103b29a82
                                          • Instruction Fuzzy Hash: BC012474E08A188FDBA4DF24DC507AABBB2BB49302F1040E9D40DA7394DB345E80AF41
                                          Function 00E6CDF9 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a45e00b5b51f58f5442c034213e6ebea38d35dbf6555161f2ea15f8f19af4c9b
                                          • Instruction ID: a934a74c83675f0dfa7845efa98f3051161465acd47b97e47bf267c190ed5c17
                                          • Opcode Fuzzy Hash: a45e00b5b51f58f5442c034213e6ebea38d35dbf6555161f2ea15f8f19af4c9b
                                          • Instruction Fuzzy Hash: C301B674A052188FDBA5DF24C950BDAB7B6FF59700F1044E9D009A7394DB359E80CF81
                                          Function 00E6CD85 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbc9308c615ce48775232d4888783ae98cb5c92f6a16fdfad72810c2a60f8b54
                                          • Instruction ID: a8b2003ae6e5eec56f899c11ea8ef477db2aba6f467e367a08c60c207294eec2
                                          • Opcode Fuzzy Hash: dbc9308c615ce48775232d4888783ae98cb5c92f6a16fdfad72810c2a60f8b54
                                          • Instruction Fuzzy Hash: 84F0B2B4E043088BDB55EFA4C5506AEBBF6FB49300F204469D00AAB395DB345D41CF91
                                          Function 00E6ED74 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d98e9adaf9a2c68fe4fa47247029bde07a4e01f722637ebb5f4e1adf69e420c4
                                          • Instruction ID: e56b6c32d943769549208732ca51dcb82cb58a7427d43e15ff055f6c2b8069e4
                                          • Opcode Fuzzy Hash: d98e9adaf9a2c68fe4fa47247029bde07a4e01f722637ebb5f4e1adf69e420c4
                                          • Instruction Fuzzy Hash: AC01EFB4A0426C8FDB64EF24C8507DABBB6FB89300F1445E9D409AB394DA765E918F81
                                          Function 00E6AFC9 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 261a114696cdbcaa35c0764c1e7f3795ae21587bc48aa681bcef0dd095a1439e
                                          • Instruction ID: 03b8ec353f633b4c78f11185e8a0e7ed02456bdcd506d0c31e395467bb7cd942
                                          • Opcode Fuzzy Hash: 261a114696cdbcaa35c0764c1e7f3795ae21587bc48aa681bcef0dd095a1439e
                                          • Instruction Fuzzy Hash: EC01A874904A188FCB65DF64CC507AABBF2FF49302F5045E9D009A7394DA355E82DF41
                                          Function 00E6B176 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4871e08f7430e0b42897b0e46baf6df3020d73c272ac14102bc1fded405091a6
                                          • Instruction ID: 4948d159ad294e2c9b5e62d3cfef64e0b05176918ec59b5656ea553a48e1dc0b
                                          • Opcode Fuzzy Hash: 4871e08f7430e0b42897b0e46baf6df3020d73c272ac14102bc1fded405091a6
                                          • Instruction Fuzzy Hash: 2F011D74A057188FDB25DF14C950BA9B7F2FF4A300F1140E9D40AA7B55DB346E849F42
                                          Function 00E6D2CD Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4accf5ec15068d6f9234f2b976faba95746c40eab294ebcfd99e3b9dcd2a88c
                                          • Instruction ID: 3f0d1b4d14da5e410e5c0e2b4acb093c2858dc1a42d979c4db054124180b8016
                                          • Opcode Fuzzy Hash: f4accf5ec15068d6f9234f2b976faba95746c40eab294ebcfd99e3b9dcd2a88c
                                          • Instruction Fuzzy Hash: DF0146B4A012198FCB60DF24C9907AABBB2FF8A314F1000E9D20DAB355DB346E84CF41
                                          Function 00E6D23E Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e183ad1da47e66a5ed18abc697c98af6578afb911e406bdd7fd71930bf7ccea4
                                          • Instruction ID: fb5993bb97d01b90ad9ec28d498557307fa573e5913a307df584d1b91d8f10b0
                                          • Opcode Fuzzy Hash: e183ad1da47e66a5ed18abc697c98af6578afb911e406bdd7fd71930bf7ccea4
                                          • Instruction Fuzzy Hash: BD019674D0A2988FCB65DB14C95079ABBF2FB49300F5045E9950DA7358DA786E81CF81
                                          Function 00E6B39B Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b467da6d6956d81415c3445b21d3839e7ffd362fbed36dd3f3b6dee363d28eca
                                          • Instruction ID: 822d22371a8987199e7b97b1bee8470f8260bae1200976e072423ff1c487dff5
                                          • Opcode Fuzzy Hash: b467da6d6956d81415c3445b21d3839e7ffd362fbed36dd3f3b6dee363d28eca
                                          • Instruction Fuzzy Hash: 7C01F675B157188BCB64DF28C950B9AB7F2FB4E300F1000E9D00AA7B65DA346E81CF82
                                          Function 00E6D893 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 342345e8f90ae171ab1009092ed11c71dda7981e8c9a22a98f7c06da16696c57
                                          • Instruction ID: 21970e4dd93787fede1650e96bb8228eda161ecc00cbc9e7c71c1f2251130e27
                                          • Opcode Fuzzy Hash: 342345e8f90ae171ab1009092ed11c71dda7981e8c9a22a98f7c06da16696c57
                                          • Instruction Fuzzy Hash: F401F674A082288FDB65DF24C85479ABBB3FF99304F1045E9D00DA7354DB365E918F40
                                          Function 00E69828 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c96f267c4098609fec7f63dcf9792d94078c99e07af5243f0990f5a8ee65722
                                          • Instruction ID: e12dbe7ea5399bda6b6403beb163da0b2e1c5b92a6f8cb3ccb5c52dbb13419f5
                                          • Opcode Fuzzy Hash: 1c96f267c4098609fec7f63dcf9792d94078c99e07af5243f0990f5a8ee65722
                                          • Instruction Fuzzy Hash: 9801BB74B042198FDB65DF24C950BAAB7F2FF8A300F1080E9D40967B54DB345E819F52
                                          Function 00E6B81C Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62764de14b69b320643c3a34d3660244cb9af0c118589a136be1196375ec64a7
                                          • Instruction ID: 63e11c1e16c1f8c6d2b96dfceea982cf1da8d26fbdb129b0786bdb4bf2313d89
                                          • Opcode Fuzzy Hash: 62764de14b69b320643c3a34d3660244cb9af0c118589a136be1196375ec64a7
                                          • Instruction Fuzzy Hash: F901FB74A04A188FCB64DF54CC507ABBBB2FF4A302F1041E9D049A7394DB346E818F41
                                          Function 00E699D5 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e26cf39c084ce3cd0a35319d39336dbc4d735916edccbb92bf2333b469ebdedb
                                          • Instruction ID: a9678af54cc2d2a6556ac40240c78b1fd5ec348f028eae7e0f26bb0df097ed1e
                                          • Opcode Fuzzy Hash: e26cf39c084ce3cd0a35319d39336dbc4d735916edccbb92bf2333b469ebdedb
                                          • Instruction Fuzzy Hash: D2F0B2B4A042098FDB55EFA4C451AAEBBB2FB59300F204569D106AB394DB385A418B91
                                          Function 00E6D922 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: efdf167467f2492cd232190fcb008bb270196025760431e76484fb00092a9303
                                          • Instruction ID: 2570e14d0529e8bf145bf1ae609e9a78e189f4ad8a6ee8f80b2680a32e92fff9
                                          • Opcode Fuzzy Hash: efdf167467f2492cd232190fcb008bb270196025760431e76484fb00092a9303
                                          • Instruction Fuzzy Hash: 7D0192B4E0921C8BCB65DB68C9907EAB7B6EB59301F1044E9D00DA73D5DA386E818F91
                                          Function 00E6DBB8 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0d4c86575e706893f671a9297a1002bae8ed276ec5462ce81a5a9e30f65fb84
                                          • Instruction ID: 1ed733a5d084db35da38de1b45016274195c914cca9ecbc0b3c0b91b3871cd4d
                                          • Opcode Fuzzy Hash: f0d4c86575e706893f671a9297a1002bae8ed276ec5462ce81a5a9e30f65fb84
                                          • Instruction Fuzzy Hash: 8001FBB49062188FEB65DF28C9517AAB7B2FF89700F1014ECD00D67396DB345E818F40
                                          Function 00E69C8B Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93039712323ecd378707be00f14417904fd07637cea370f7dab1a6783d67dfa2
                                          • Instruction ID: 69dc839f70f92857a7208d2682bbfbe652712d59b3c52a9890e545731ef8637a
                                          • Opcode Fuzzy Hash: 93039712323ecd378707be00f14417904fd07637cea370f7dab1a6783d67dfa2
                                          • Instruction Fuzzy Hash: A7011D74A052189FDB65EF24C954B9AB7F6FF8A300F1045E8D0496B3A4DF345E818F41
                                          Function 00E6DC47 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4691f4c1b67a9f37da6f7d13cc0bc5a8db4c315980f3b6480e36489ab85bd55a
                                          • Instruction ID: 070a73ce125774d8b6a5ab33d9ab95cfca58f4055cfc524dea5af6d9af67b887
                                          • Opcode Fuzzy Hash: 4691f4c1b67a9f37da6f7d13cc0bc5a8db4c315980f3b6480e36489ab85bd55a
                                          • Instruction Fuzzy Hash: B001F274A042288FDBA4EF24C990B9ABBB2FF49300F5084E9D14EA7395DF345E859F50
                                          Function 00E69D1A Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a75510ae4b72f436b64f9939ce5fda5128357590550422bd34582e888e1ab95c
                                          • Instruction ID: edb3970cc18ecb82af7d235921601c8d6b09b9b4358fa5ba5d1345ee78829fca
                                          • Opcode Fuzzy Hash: a75510ae4b72f436b64f9939ce5fda5128357590550422bd34582e888e1ab95c
                                          • Instruction Fuzzy Hash: C001B674A052188FDBA9EF24C950B9ABBF2FF49300F90C1E9D049A7354DE345E849F80
                                          Function 00E67BE8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e09c6f72bfb45990070fa7aacee4f33ac95374b623264fd6397e14699770f9bc
                                          • Instruction ID: d66483f37bf28c104dff7453f1538228ae79f120f3de39fbf5c590c307f9d2e4
                                          • Opcode Fuzzy Hash: e09c6f72bfb45990070fa7aacee4f33ac95374b623264fd6397e14699770f9bc
                                          • Instruction Fuzzy Hash: E0F03470D05208EFC750DFA8D441A9CBBB0AF48318F1081EA9888A3252DA345A01DB81
                                          Function 00E66128 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 428d24be794b7d90681352e39ca90865a81a7d796c7b62b825ad35bb6f86e51e
                                          • Instruction ID: 3c5da375b44fa6e58b640ddb48886517bb6cae3c149ee0f2d9c036f0b9e335dd
                                          • Opcode Fuzzy Hash: 428d24be794b7d90681352e39ca90865a81a7d796c7b62b825ad35bb6f86e51e
                                          • Instruction Fuzzy Hash: 2CE0DF7280A244EFCB02DFB49814AAA7BB1EF4A305B1141FAD804EB122EF300D00EB41
                                          Function 00E67671 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bfab98cb4ed661c4d3fe9fab1755cf6f6541d7f30cb39cb532581cfa93d004f5
                                          • Instruction ID: 9e0004b1abf5fb190b886139e147452d8865709856408836c48fff0bcaca49e0
                                          • Opcode Fuzzy Hash: bfab98cb4ed661c4d3fe9fab1755cf6f6541d7f30cb39cb532581cfa93d004f5
                                          • Instruction Fuzzy Hash: 74E01AB590A104DFE745DFA8E4856DCBBB1EB45318F2481DAD80497352DB325E06CB51
                                          Function 00E6F830 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fd4e444105e4852153388cb4687a587b680b807f51209230300d2d38b10ea6b
                                          • Instruction ID: 33a7768aa46d99e2e490a9c1db6c6aeab197cc2371d38b634d44206befb83536
                                          • Opcode Fuzzy Hash: 8fd4e444105e4852153388cb4687a587b680b807f51209230300d2d38b10ea6b
                                          • Instruction Fuzzy Hash: 49F0A030A082889FC745CF68D84099DBFB0EB46314B1482EAC8649B2A3C7355A02EF40
                                          Function 00E6F840 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d14e0829987a8368c8859f3e4be591faa3ccff221857e37fc44a7b0bb16ca0a
                                          • Instruction ID: c9a6fd5afe38da9f24a922cc03ccb414982ad5106d321acecc2401868a0fe735
                                          • Opcode Fuzzy Hash: 6d14e0829987a8368c8859f3e4be591faa3ccff221857e37fc44a7b0bb16ca0a
                                          • Instruction Fuzzy Hash: 1DE07574E00208AFCB84DFA8E545A9DBBF4EB48315F10C1A99818A3351D7759A41DF81
                                          Function 00E67BF8 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d14e0829987a8368c8859f3e4be591faa3ccff221857e37fc44a7b0bb16ca0a
                                          • Instruction ID: e2c84a8907894948a07ce87da9bd0901032b4614cb144d931f2df17946e59429
                                          • Opcode Fuzzy Hash: 6d14e0829987a8368c8859f3e4be591faa3ccff221857e37fc44a7b0bb16ca0a
                                          • Instruction Fuzzy Hash: 6CE07574E04208AFCB44DFA8D545A9DFBF4EB48314F10C1A99818A3351D7759E41DF81
                                          Function 00E66138 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d13172d49fc2d88ab69f8de7f9790f2ab954d741580df029481be2632d0e18a
                                          • Instruction ID: 422797697ad9c8521a2aa1abdba21ad87a8bef0cbb4e3df24815bfce882e47e7
                                          • Opcode Fuzzy Hash: 8d13172d49fc2d88ab69f8de7f9790f2ab954d741580df029481be2632d0e18a
                                          • Instruction Fuzzy Hash: D6D01272801108EFCB01DFE4D80599A7BF8EB46311F1045A5A505D7221EB754E10DB91
                                          Function 00E61070 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a6eda0fcc50ceaf9f53cf389fbcecf6b9e77e9d7da5a4976a19eeed2aac4b15
                                          • Instruction ID: bc19f30bb43635db6747420ae00b2ef262442eef4448ac4098b479d2188018e9
                                          • Opcode Fuzzy Hash: 8a6eda0fcc50ceaf9f53cf389fbcecf6b9e77e9d7da5a4976a19eeed2aac4b15
                                          • Instruction Fuzzy Hash: 9ED05B70D095049FD725EF54D44079E7BF2DF86700F00D958A41177355CE745949CF51
                                          Function 00E608D0 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0408bbecc3c5daf4e85ac988603290d2f9d1e441a937a676010ef6bf831e4f60
                                          • Instruction ID: 1c954aca0db1a19711c8407f6bf3481e98f41a3a2c822dfb3834821bf45cbf25
                                          • Opcode Fuzzy Hash: 0408bbecc3c5daf4e85ac988603290d2f9d1e441a937a676010ef6bf831e4f60
                                          • Instruction Fuzzy Hash: 43B09B7004560447C51897957C0876576987B05316F401210B55C124724BE45454D5E5
                                          Function 00E608D5 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2048363583.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e60000_MSBuild.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3046b7725b412812c694fa33ba5adb5a8c07a6e612a84c3aced7858d17082eb
                                          • Instruction ID: ca8751c45160533e457715d9d0346b9e4e743bd4c3e16159fdf16ef7eadd6479
                                          • Opcode Fuzzy Hash: f3046b7725b412812c694fa33ba5adb5a8c07a6e612a84c3aced7858d17082eb
                                          • Instruction Fuzzy Hash: 9AA0247014410047C040D3D53C4C1347570DF4F137F004110F7CC51031570004001D31