Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ekTL8jTI4D.msi

Overview

General Information

Sample name:ekTL8jTI4D.msi
renamed because original name is a hash value
Original sample name:c91fcfbab7add9c8010099a6b96f5d73ca986b9f37d6198a66eefd5f7d8260fd.msi
Analysis ID:1518400
MD5:14dbe24f579adf974ac108b286716b3e
SHA1:72b8b1ba4c8da290f33eaa714ba6de9594baf06f
SHA256:c91fcfbab7add9c8010099a6b96f5d73ca986b9f37d6198a66eefd5f7d8260fd
Tags:Fake-Chrome-CNmsiuser-JAMESWT_MHT
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Query firmware table information (likely to detect VMs)
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)

Classification

  • System is w10x64
  • msiexec.exe (PID: 7540 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ekTL8jTI4D.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7584 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7672 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 18758BA1CC51FA1017A8920DF8D0E5AE E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • update.exe (PID: 7764 cmdline: "C:\Program Files (x86)\Windows NT\Update.exe" inst MD5: 8155B4E05CF46D5CEA8A3E86D08051C2)
        • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.2% probability
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: update.exe, 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmp, vcruntime140_1.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: update.exe, 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmp, msvcp140.dll.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\Ring3TerminateDLL.pdb`@ source: part2.bin.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmp, msvcp140.dll.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\DllLoader.pdb source: update.exe, 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmp, update.exe, 00000004.00000000.1353948512.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmp, update.exe.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\Ring3TerminateDLL.pdb source: part2.bin.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: update.exe, 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmp, vcruntime140_1.dll.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0A360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,4_2_00007FFB0BE0A360
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF9A310 FindFirstFileA,FindClose,4_2_00007FFB0BF9A310
Source: crash_reporter.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: crash_reporter.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: crash_reporter.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: crash_reporter.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: crash_reporter.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: crash_reporter.exe.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: crash_reporter.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
Source: crash_reporter.exe.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: crash_reporter.exe.2.drString found in binary or memory: http://ocsp.digicert.com0H
Source: crash_reporter.exe.2.drString found in binary or memory: http://ocsp.digicert.com0I
Source: crash_reporter.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
Source: crash_reporter.exe.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: crash_reporter.exe.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF24600: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,4_2_00007FFB0BF24600
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF24D50 Sleep,system,ExitWindowsEx,4_2_00007FFB0BF24D50
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\452153.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{F156E436-875F-46CA-9835-F075C59F63EB}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI226C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\452155.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\452155.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\452155.msiJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE32C904_2_00007FFB0BE32C90
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE334604_2_00007FFB0BE33460
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE22BD04_2_00007FFB0BE22BD0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0D32C4_2_00007FFB0BE0D32C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE1F30C4_2_00007FFB0BE1F30C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE38AEC4_2_00007FFB0BE38AEC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE162A84_2_00007FFB0BE162A8
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE1A1BC4_2_00007FFB0BE1A1BC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0B9B84_2_00007FFB0BE0B9B8
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE189A04_2_00007FFB0BE189A0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0F1A04_2_00007FFB0BE0F1A0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE171844_2_00007FFB0BE17184
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE169344_2_00007FFB0BE16934
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE238804_2_00007FFB0BE23880
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE2A8404_2_00007FFB0BE2A840
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE207C84_2_00007FFB0BE207C8
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE24FA84_2_00007FFB0BE24FA8
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE247084_2_00007FFB0BE24708
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE39F084_2_00007FFB0BE39F08
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE346504_2_00007FFB0BE34650
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE37E184_2_00007FFB0BE37E18
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE3A5FC4_2_00007FFB0BE3A5FC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE165DC4_2_00007FFB0BE165DC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE315DC4_2_00007FFB0BE315DC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0BD444_2_00007FFB0BE0BD44
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE355004_2_00007FFB0BE35500
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE1ACDC4_2_00007FFB0BE1ACDC
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BFA49404_2_00007FFB0BFA4940
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF91A104_2_00007FFB0BF91A10
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF63ED04_2_00007FFB0BF63ED0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BFA440C4_2_00007FFB0BFA440C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BFA447C4_2_00007FFB0BFA447C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB1C3777744_2_00007FFB1C377774
Source: classification engineClassification label: mal48.evad.winMSI@7/32@0/0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0A7F0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,4_2_00007FFB0BE0A7F0
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF249F0 CreateToolhelp32Snapshot,Process32FirstW,wcstombs,?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ,Process32NextW,wcstombs,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z,?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z,?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ,CloseHandle,4_2_00007FFB0BF249F0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\part1.binJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF0CDD5798A0178116.TMPJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ekTL8jTI4D.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ekTL8jTI4D.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 18758BA1CC51FA1017A8920DF8D0E5AE E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Windows NT\update.exe "C:\Program Files (x86)\Windows NT\Update.exe" inst
Source: C:\Program Files (x86)\Windows NT\update.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 18758BA1CC51FA1017A8920DF8D0E5AE E Global\MSI0000Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Windows NT\update.exe "C:\Program Files (x86)\Windows NT\Update.exe" instJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: update.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeSection loaded: sspicli.dllJump to behavior
Source: ekTL8jTI4D.msiStatic file information: File size 1568768 > 1048576
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: update.exe, 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmp, vcruntime140_1.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: update.exe, 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmp, msvcp140.dll.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\Ring3TerminateDLL.pdb`@ source: part2.bin.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmp, msvcp140.dll.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\DllLoader.pdb source: update.exe, 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmp, update.exe, 00000004.00000000.1353948512.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmp, update.exe.2.dr
Source: Binary string: D:\APT\CleverSoar\x64\Release\Ring3TerminateDLL.pdb source: part2.bin.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: update.exe, 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: update.exe, 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmp, vcruntime140_1.dll.2.dr
Source: vcruntime140_1.dll.2.drStatic PE information: 0xD234ED7D [Fri Oct 3 02:27:09 2081 UTC]
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF911000 LoadLibraryA,GetProcAddress,4_2_00007FF7EF911000
Source: update.exe.2.drStatic PE information: section name: .00cfg
Source: update.exe.2.drStatic PE information: section name: .retplne
Source: vcruntime140.dll.2.drStatic PE information: section name: _RDATA
Source: Update.dll.2.drStatic PE information: section name: .00cfg
Source: Update.dll.2.drStatic PE information: section name: .voltbl
Source: crash_reporter.exe.2.drStatic PE information: section name: .sxdata
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\update.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\crash_reporter.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\Update.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\vcruntime140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Program Files (x86)\Windows NT\update.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Windows NT\crash_reporter.exeJump to dropped file
Source: C:\Program Files (x86)\Windows NT\update.exeAPI coverage: 1.9 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE0A360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,4_2_00007FFB0BE0A360
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BF9A310 FindFirstFileA,FindClose,4_2_00007FFB0BF9A310
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF91224C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7EF91224C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF911000 LoadLibraryA,GetProcAddress,4_2_00007FF7EF911000
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF91223C SetUnhandledExceptionFilter,4_2_00007FF7EF91223C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF91224C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7EF91224C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB0BE52130 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFB0BE52130
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB1C380468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFB1C380468
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FFB1D8945F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFB1D8945F8
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Windows NT\update.exe "C:\Program Files (x86)\Windows NT\Update.exe" instJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: GetLocaleInfoEx,FormatMessageA,4_2_00007FFB0BE11F6C
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,4_2_00007FFB0BE2D6A0
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Windows NT\update.exeCode function: 4_2_00007FF7EF9120B8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00007FF7EF9120B8
Source: update.exe, 00000004.00000002.1361172113.000002A7D975E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Windows Defender\MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Native API
1
DLL Side-Loading
11
Process Injection
11
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
LSASS Memory12
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp
NTDS2
Process Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA Secrets11
Peripheral Device Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion
Cached Domain Credentials2
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1518400 Sample: ekTL8jTI4D.msi Startdate: 25/09/2024 Architecture: WINDOWS Score: 48 28 AI detected suspicious sample 2->28 8 msiexec.exe 75 39 2->8         started        11 msiexec.exe 5 2->11         started        process3 file4 20 C:\Program Files (x86)\...\update.exe, PE32+ 8->20 dropped 22 C:\Program Files (x86)\...\vcruntime140_1.dll, PE32+ 8->22 dropped 24 C:\Program Files (x86)\...\vcruntime140.dll, PE32+ 8->24 dropped 26 4 other files (none is malicious) 8->26 dropped 13 msiexec.exe 1 3 8->13         started        process5 process6 15 update.exe 1 13->15         started        signatures7 30 Query firmware table information (likely to detect VMs) 15->30 18 conhost.exe 15->18         started        process8

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
ekTL8jTI4D.msi5%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files (x86)\Windows NT\Update.dll0%ReversingLabs
C:\Program Files (x86)\Windows NT\crash_reporter.exe0%ReversingLabs
C:\Program Files (x86)\Windows NT\msvcp140.dll0%ReversingLabs
C:\Program Files (x86)\Windows NT\part1.bin6%ReversingLabs
C:\Program Files (x86)\Windows NT\update.exe0%ReversingLabs
C:\Program Files (x86)\Windows NT\vcruntime140.dll0%ReversingLabs
C:\Program Files (x86)\Windows NT\vcruntime140_1.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1518400
Start date and time:2024-09-25 16:58:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 19s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:ekTL8jTI4D.msi
renamed because original name is a hash value
Original Sample Name:c91fcfbab7add9c8010099a6b96f5d73ca986b9f37d6198a66eefd5f7d8260fd.msi
Detection:MAL
Classification:mal48.evad.winMSI@7/32@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: ekTL8jTI4D.msi
TimeTypeDescription
10:59:13API Interceptor1x Sleep call for process: msiexec.exe modified
No context
No context
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Program Files (x86)\Windows NT\msvcp140.dllSecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
    SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
      SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
        SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
          SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
            SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
              SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
                SecuriteInfo.com.Win32.Malware-gen.6717.12233.exeGet hashmaliciousRedLine, SectopRATBrowse
                  LicenseManagerWamp.exeGet hashmaliciousUnknownBrowse
                    Bootstraper.exeGet hashmaliciousLummaCBrowse
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:modified
                      Size (bytes):8011
                      Entropy (8bit):5.570559388263424
                      Encrypted:false
                      SSDEEP:192:6q3lEzjzernEoZZI2oEoZZi23ttDa3BpZ:6g+CvYvPt+N
                      MD5:09E158A81E401FA3BE47AB5187FA7345
                      SHA1:70DCE851465A794DAAC972830A10248F84474BC3
                      SHA-256:A6F88287C2ADA5BE94AF603FA8B1F5BFFD58A9598C614AC4EFFD437D04D4A61F
                      SHA-512:C4C47FA6D5E4C1A5B12DBE7D2C706D9CDAEE52D465FB93FB05C600227A650A3BC6B6CF9DDD2F6344F3FABB988D5BED8D1F3FB40D2601656DDE66617A8A6B38C0
                      Malicious:false
                      Reputation:low
                      Preview:...@IXOS.@.....@gW9Y.@.....@.....@.....@.....@.....@......&.{F156E436-875F-46CA-9835-F075C59F63EB}..Setup..ekTL8jTI4D.msi.@.....@..^..@.....@........&.{1C20914D-A513-4679-9999-88E4DA77A9DD}.....@.....@.....@.....@.......@.....@.....@.......@......Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{11F60BBA-D12D-4921-82DD-4AB58EC734F4}&.{F156E436-875F-46CA-9835-F075C59F63EB}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..".C:\Program Files (x86)\Windows NT\....+.C:\Program Files (x86)\Windows NT\part1.bin....+.C:\Program Files (x86)\Windows NT\part2.bin....,.C:\Program Files (x86)\Windows NT\Update.dll......C:\Program Files (x86)\Windows NT\msvcp140.dll....4.C:\Program Files (x86)\Windows NT\crash_reporter.exe....,.C:\Program Files (x86)\Windows NT\locale.dat....-.C:\Program Files (x86)\Windows NT\locale2.dat....-.C:\Program Files (x86)\Windows NT\lo
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):674304
                      Entropy (8bit):6.776666983114478
                      Encrypted:false
                      SSDEEP:12288:4IxX1AQlUREepNslj7UCi76Su0DIT7mXPD/DbMkAuPoNN:4IJ1AQlURI46JkUbN
                      MD5:07432545A7CD0D6FB217DB940E9DF738
                      SHA1:94BBED5614D54F1BE36EB334D0FC5F99A31F2574
                      SHA-256:65314EDBE97C827B9A31D61FD55BF4B245F9359FE05AA651BEB89F472BF65209
                      SHA-512:C85EF8C2CE935F6FCDD46B1C35019F03ACBE8AE3D985051C49A5C57679412806DD535F6F3A092546360702422328EBCD51071B768170C9682FEF1D5012F810B9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....`.f.........." .........^......,.....................................................`..........................................'.....p.......................................................................`!..@...............p............................text............................... ..`.rdata...:.......<..................@..@.data....\...@.......&..............@....pdata...............,..............@..@.00cfg..8............B..............@..@.voltbl.]............D...................rsrc................F..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):831200
                      Entropy (8bit):6.671005303304742
                      Encrypted:false
                      SSDEEP:24576:A48I9t/zu2QSM0TMzOCkY+we/86W5gXKxZ5:Ae71MzuiehWIKxZ
                      MD5:84DC4B92D860E8AEA55D12B1E87EA108
                      SHA1:56074A031A81A2394770D4DA98AC01D99EC77AAD
                      SHA-256:BA1EC2C30212F535231EBEB2D122BDA5DD0529D80769495CCFD74361803E3880
                      SHA-512:CF3552AD1F794582F406FB5A396477A2AA10FCF0210B2F06C3FC4E751DB02193FB9AA792CD994FA398462737E9F9FFA4F19F095A82FC48F860945E98F1B776B7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9A..} ..} ..} ...<... ...?..~ ...<..t ...?..v ...?... ...(.| ..} ... ...(.t ..K.... ..k_..~ ..K...~ ..f."._ ...R..x ...&..| ..Rich} ..........PE..L....\.d.....................N......:.............@..........................@............@.....................................x........................&.......d......................................................H............................text.............................. ..`.rdata..RZ.......\..................@..@.data...ds... ......................@....sxdata.............................@....rsrc...............................@..@.reloc..2r.......t..................@..B................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:7-zip archive data, version 0.4
                      Category:dropped
                      Size (bytes):56530
                      Entropy (8bit):7.996795931529904
                      Encrypted:true
                      SSDEEP:1536:+3PUsc4Uq1mkhkFqD3TYxR+BfarqvT7C+xT:MPUsrx0khk8L0ofar+TNT
                      MD5:BF936630A0E2D7998722F01B322EC5F5
                      SHA1:FAADFFD85A9E33B02A9FDD0170A4B20AB4530F0C
                      SHA-256:1994B566436C459B1327244421F86F81D237CC5BCAF40BC2A61C7AC8BE8F22C9
                      SHA-512:9A159EC3B7C8EA66DCFCC11833B362A096985D4818B5AE974F0D7B8FD0FB700A6671A82C4CA785964E27FC8CE4ECE870A40321ABBB0114D41020D9DBA77608D0
                      Malicious:false
                      Reputation:low
                      Preview:7z..'.....[........2.......y.u..0..j....)4...@;..e..QT..y{..N.$3...#......n<V).cB...Y.?m_m.....8....V...k...m..r..TYM....-.<....S.).*{$..].v...e..xh...SX..1w......BJ....[.....(.....".."...."..%......:+........&.?.C!...-...r3...|z....._.....4...|a3Kd....v.....o.R......z./.F..r?...?.qT)..+q..'PO.!.........N.cU......d.M.....;..T.O..A.Hq...@.+.^Wd.i....K.....[?.....7..`...6....=G..#X...9.0.G.D.W.....9N....R.2....W..}.f...........;..cl..?v_.!..%;/%*...;<,.4.{...>N.X^.......X*\4........;..IG..mv.Y.k.)..C....I...S.....ot.I..$..Q".?.V.$.....t)C.{[>..._.<..B4.]...*..........%...V...Z.W..........k.@.1G.%.T......x.*p.......v.5.C.TD).s.[.R..^o6..<;Wr...i.#N&.CD.....%.O......F...&"J..a)Y)#.7.*q.......JW..9\y.=*7H..e`d...AX..}-....xSw....*....w..zVj..g.d.m.Y....../@.....[Yn.gp\......:.^...zN`.a.-.-!.....q...D....+...8..^..x.v...wy..Cv..t|7..P....eQE...7..uC.10........G.J.a.......z.....Y!.I..f.!Rd...2Y....R...5...<...^5 ... ..|.B.&.....k.!...Z.3...|I`.#`x.
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:7-zip archive data, version 0.3
                      Category:dropped
                      Size (bytes):58925
                      Entropy (8bit):7.9971213850510905
                      Encrypted:true
                      SSDEEP:1536:h8iCJxthAk6TyHFWuZR+mrwuiKK6nERuQt:MftiTylWuZE6iKK6niN
                      MD5:981A39278F48BC01AFDDE1D4FC134DAE
                      SHA1:4E7BFF027385AC3140FCDABBE970E8592A5F66A7
                      SHA-256:DE89D31701A5BCA3D7CDC9FAB8534A7047725BB03E381A5268EAE61AD2A06EDF
                      SHA-512:62B8906E36AA582806612B3BB127ECC5E6721052D327EA77376DEE24561DCA01817FCD0DC1C90141D8BBE0E7AC6EEBDAC019EB6CBD458685ACF31F706CD677D3
                      Malicious:false
                      Reputation:low
                      Preview:7z..'.....U.........=..........~.)..l5..>.t,.....x7[.}.9p4.aDP...8.zw....x.f..9..SS..Ka.H..~),.......]|.a..F<.........v....8.S.....u.<uS..A:@..x.W......5.....,..&]..%O....X....[.......5....o2>Gr......! .aH.P..H..N.Qk..f9........j....U.f..W...P.,nn3N.!.O.f..@.ky...n.5......B...+j.Av...q.y......p.HVJ.......}~.I...1...).....v..pw..R>.[uUv..^...b.....#..6~.D0.wBx.L.E.A....'....g..i...f...^Q.p....O..l..Hp.(a..*g...w.cY.P.2.w...k. . p...0.<(..o.!m.p^.....$..L..FLf.8.....<)...........kt.d.L.F.+...p.;...=/f...j...Y#....h..R=....KqO`f.*....{.....A. O.dY.....i>.D...<su....]Af~6nxG\.E...V.i.`.si..=.T..w.i`....C...&Ds.x.t.$..vE.............)...59...A.." fBo.}[..3.Y/l..O...i..b........V...m......~(......2..oP...*)FoN..z..<./.)....&V.Y.:..,f..,..^s.u......9.\.9+'.A..*#......+(B....J.F.+...>g.0..I.M..L?...W9..v.89[i.B'V...Bx..fs..%.??3.$......p....G~qF......pnb...t.@i.....i...u!.=%[.".GV..B4.6.].U.....i'v%C@..z.P.1..g../.D.....ok. .L..N.`Td.......
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:7-zip archive data, version 0.3
                      Category:dropped
                      Size (bytes):30206
                      Entropy (8bit):7.994466863741564
                      Encrypted:true
                      SSDEEP:768:kI8jBt3yWUQpe3QASdXZ3Q644fvkv499/Xqh/lDZD:Sjf3HL+kQ6FMv6/6JlDx
                      MD5:9BBDA0C660D01F462F9056FDED907D56
                      SHA1:0B8A913BD4A18C0616B2276952CFA6A4DBBE63E6
                      SHA-256:7BFBD73462C4F32F30791F808670249015B9D5E44A6B344B8569C463DE8E42B4
                      SHA-512:EF248002784C20E6AFCEAF46B5ED867890BA14ED0AD9B66EC4D18840B2B85039F396CFA0B67DFD1856F55294BC45E2687D4658E1DB15E511DA548086706BBB04
                      Malicious:false
                      Reputation:low
                      Preview:7z..'...+...u......>.......'.k.....3.O9....... 3.Gy.dK...D...i.y5...>.......8..kY.y.-...?......J......;.F.c.L..)DcVa...].xJA.....mI.....{.%.&.`c<.e.XJ...n.p.W..T:..f.sn.B.(+.*...[.F...^...n.'%..8V...$D..e.$....5..:......./.A;......TxF.W...3EV._.>......g.:..B5.".idh.r.?D...8F...e4vL?'....u..1....m.b.........?4...n...`.....l..kV..`.#.1.^.+.(..46;.......pf..m...b...9[:..-..._....J=...B,$9..._kfS ?].!._.....y8.nCL.}y.&..sY.{=._r..K..I. ...d...`[........q".m..z...z..!d.5.m.p.{Ti.}J...+O..V$7..h....g#...,......q^..`.I.Sr..G...d../b.......Pd..o..........Iek.h.P.!T...`O.}P.'i.v....7...Z..\.L5...4..&.Qv..j.d...g..[l.:..IO~#F..e...,..4...q.S*./VB......=Io.U[..u.o.l2B&B....9l.Bt.@.... ...({.B&.F8...2<Q.z...B.q....&z.R#.0...~.]".qP.;]N.....Hul.G~#Z..".,...|.,..{.9.. %A.a.U.).jE..io6...b.?L.5|z#>.i..S.4.^:.~W.f.y.v.y.W#*,TS]wZ..M..H.:......atK/u..[V.VE..O.*.#w.U......O7......j..........t.Y.u.{x+..QW&`E-...;.[.}Q.xF._q4.$..~<....S......q.>+<NX%......u..1.
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:7-zip archive data, version 0.3
                      Category:dropped
                      Size (bytes):78160
                      Entropy (8bit):7.997433399981005
                      Encrypted:true
                      SSDEEP:1536:MAj6FQgDM/1gT3jCuPfxKy3DE07tW3VH29XPgDR+ca7xdBttop4u2:p6Fvw9g7FFY07+Y9fgc7xd9op4u2
                      MD5:A1D4588C1AE33AF2CA21B2851AF7335E
                      SHA1:598D9C932015AE4B57D5510B4CA1A8B4858445FD
                      SHA-256:87A792C38C69E25E10C3A3CD3B38D1C77DFDC3E206D6917E2F095B61017712A6
                      SHA-512:FE7ACB4EC2DAB4000B7561C275D28643C734F778C81DF671EF1B9F2E249449E5A263A64CE243F34318EDF1BE97C09582822B2AA98067059A2E3FEDDA88AAD3A3
                      Malicious:false
                      Preview:7z..'...g{v4.0......@.......*.....g........Qm..Y3a^...y.Lpd^.-\.3..I'3dqK...h.....3#.J&..... RQ~......lTZ.8xt..1...k=.F......N.........-l....\ .B.c$..m.,...Q.:.N...(.#..........`.?.....l.V..]|i...r..#m....C.mNhl.3O[..P...Iz?Rv...}....J..o.. ...j#..X.5..*).,:.%...<i,...tw....h.%..."J.~.)...k1=...5.o......p..}..9A:....R..{..r...C.b.A.-t.%.....e.....T--...k.?5....(....$........Q.].7.;!k....Hx..i...y`zA{....^..>.c.&..Z........}&.!>....".e....R...@...SV..5.i8..]S.x.{..&.....q\C9.{.......6N$.....F....r.V....b'v..}'.i~~J.;....!..L.d.|&o...xW.T.9.M.e.y.f...o..#.1(.>D.t..u..[n=E7.2...s%.A.k..N,....?p;'......s.>F.y......_^.[....>.8,..&.2a...U.Z,..V..h.K....L..\..?0-]..J.O./.%.....C.GJ....K.h=...)v>...)Y.}X.s..P........P.O.e.........W..4.x...a....%.L...4.R{`x.A.7.X:.}vk~5..Y.hLYB.......j..-..J...k...QyR......."z|p&}..)P..Q..{...xo/..]U`;br.T5.(].0..y.r.m...........L+.U.F..j.y.4+....X......1/.....T...,.=..8D.N![O..g.a..q.....>.oy.AHe..Y.K.......?Tkg7..
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):573008
                      Entropy (8bit):6.5335737504680305
                      Encrypted:false
                      SSDEEP:12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9
                      MD5:C3D497B0AFEF4BD7E09C7559E1C75B05
                      SHA1:295998A6455CC230DA9517408F59569EA4ED7B02
                      SHA-256:1E57A6DF9E3742E31A1C6D9BFF81EBEEAE8A7DE3B45A26E5079D5E1CCE54CD98
                      SHA-512:D5C62FDAC7C5EE6B2F84B9BC446D5B10AD1A019E29C653CFDEA4D13D01072FDF8DA6005AD4817044A86BC664D1644B98A86F31C151A3418BE53EB47C1CFAE386
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Joe Sandbox View:
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                      • Filename: SecuriteInfo.com.Win32.Malware-gen.6717.12233.exe, Detection: malicious, Browse
                      • Filename: LicenseManagerWamp.exe, Detection: malicious, Browse
                      • Filename: Bootstraper.exe, Detection: malicious, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.(..bF..bF..bF...G..bF.....bF..bG..bF...G..bF...B..bF...E..bF...C..bF...F..bF....bF...D..bF.Rich.bF.........PE..d...M.10.........." ...&.2...T.......................................................b....`A........................................`1..h.......,............p...9...n..PP..............p...........................P...@............P...............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data....7...0......................@....pdata...9...p...:...&..............@..@.rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:DOS executable (COM)
                      Category:dropped
                      Size (bytes):375898
                      Entropy (8bit):5.984158329076092
                      Encrypted:false
                      SSDEEP:6144:QSUaW6wLlh8bWG6+xGZgEja1dtSyX3Ruz50+eKLUIDqSNHcbJAEMXldl7AM:qayaoZuXRuz50+HUI2SNHAJAEMXldl7T
                      MD5:A68944E61FFF9F7045B9E5BD1EE71B92
                      SHA1:4A36B663121A5299940369AE610998521CB4C9F8
                      SHA-256:87445A2EC1114792C6030644157564DD4D01A3D34902EBBC53EFA7FAF6B8F530
                      SHA-512:815BE855828191A475D6672F2ED110C1786F72CEDC6DF1C10F27364C3C46E18B4C5B38058294576E26B9F36CD4CDFA34DF0DDC1B0CFC4F8CD978F4196124AD1B
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 6%
                      Preview:./......H..H.X.H.h.H.p.H.x AVH.. HcA<L..I..........tmB........tbI...D.X.E..tU.H E3..x.I..p$I..I..E..t;D..M..M..3.A....i.1^.......I..A....u.....;.t)A..H...E;.r.3.H.\$0H.l$8H.t$@H.|$HH.. A^.H..u.B...F...I....I..I........H.\$.L.L$ H.L$.UVWATAUAVAWH.. E3.M..M..H..L..H.........MZ..f9.......Hcz<H...?PE.........d...f9G............f9G........WPE.N@3.A.....A.T$.H..H........D.GTH..H..A.T$0Hc{<A..H..fD;w.sJL......3.A9F.t*A.N.H..A9.t.A.V.E..H..A.T$0..9G8v..W8A.T$(..G...I..(;.|.E3...............D9...........H.....D.J.A.............A.....A..M..H...H..Lc..~aF..LB...0..A...fA#.f;.u...L#.J...H...+G0..F..LB......A...fA#.f;.u...L#.J...H..H..H+G0H..I..M;.|..B.H...D.J.A....v.................D9...........H.4.D9v.tx.N.H..A.T$.H..H............u..N.D.~.D..L..L..I..H..t1H..H..y......H.S.H..H..A..$I...I..I...I..H..H..u.H...E3.D9v.u.L.|$x........t.H.t..H..t.E3.H..A.P...H...u.G(H..t.M......H....M........H..$....H..............L.6........D9.....t.H.<.D9w.tuD.o 3.D.w.L..D..$L..L..9o.vYA.L..H.D$`H..H.T$x.P
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):375899
                      Entropy (8bit):6.000567995496325
                      Encrypted:false
                      SSDEEP:6144:OENIsKdH83JEkn2Jl9dfh3/IL3QRf5P2bkAOofjUIXpTsY4c:OENIsKdH83JEkn2J5Z3/ILAR4A7c3
                      MD5:D3B1FB39ABC54382F560D6C130C50450
                      SHA1:DA437704D298097568658FE3D5C26732F36540EB
                      SHA-256:BB8C51A10B402BD59E9FE56E92EB085E48D95FBE11C687C615EAE3704843644D
                      SHA-512:AB1065C75F0F26636BF898FB2A369AA776A92EE9FE1C108CD81F231D27A4D323A0420C814E7E8BC73502192F56CB7097B55790F4E8CEEA7A64B86FC07D0FC89A
                      Malicious:false
                      Preview:\H.D$`H.....H......H..$P...H.....H..$H...H..$8........!HcL$|H..$....H......D$,-...!........$....H..$....Hc.$....H......D$,-..\{........$....H..$....Hc.$....H.....HcL$<H.D$@H......D$,-z...........$....H..$....Hc.$....H......D$,-..F.........$....H..$....Hc.$....H.....H..$`...H.H.L..$X...H..$H........H..$`...H.H.H.. H.H.H..$8.....z...HcL$LH.D$PH......D$,-.,.T........$....H..$....Hc.$....H......D$,-...!........$....H..$ ...Hc.$....H...........D..........D..!.E..A...D!.....D!.D.........5G#3T!...a....]^-W......F..z....B.H..$8.....HcL$lH.D$pH......D$,-..F.........$....H..$....Hc.$....H............H..X...H..H...$..H.L$.H..$P....$L.......H..$@...H..$@...H..$8...H..$8...H...H..$0....$....H..,H..$....H..$....Hc.$L...H..$P...H...H..$.....$........H......H..$....H......H..$....H......H..$....H......H..$....H......H..$....H......H..$....H......H..$....H......H..$....H......H.T$xH.L$h.D$d....H.L$X.D$T....H.L$H.D$D....H.L$8.D$4....H.L$(.D$$....H.L$..D$........D$.-H..,........$....H..$....Hc.$
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):14336
                      Entropy (8bit):5.116845489184565
                      Encrypted:false
                      SSDEEP:384:QhEuuiCSLAvRGZcax8m9evlZy/yFAgo7kJqO1jKSo0:QhEunCSLAvRGZcax8m9evlZyKFAN7ks9
                      MD5:8155B4E05CF46D5CEA8A3E86D08051C2
                      SHA1:1BE691099A1F8E9A90187CAA90BFB5A675CD2D89
                      SHA-256:EA1D2E30889662136698ECADE3C05DA936834FB51429810F8DEE838151BDCE7F
                      SHA-512:359336521F696D2B6E7B8B2509AF8AAAE8BCC9B8102F0700201F2F41126BE123D62A7AC367F2A554727F92B473E3B3479492FA33114C56FBFEC56B0FECBF665C
                      Malicious:true
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f..........".................d..........@..........................................`..................................................2...............P..8...............4...`1...............................0..@...........H4...............................text...v........................... ..`.rdata.......0......................@..@.data...X....@.......*..............@....pdata..8....P.......,..............@..@.00cfg..8....`......................@..@.retplne.....p.......0...................rsrc................2..............@..@.reloc..4............6..............@..B........................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):109440
                      Entropy (8bit):6.642252418996898
                      Encrypted:false
                      SSDEEP:1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
                      MD5:49C96CECDA5C6C660A107D378FDFC3D4
                      SHA1:00149B7A66723E3F0310F139489FE172F818CA8E
                      SHA-256:69320F278D90EFAAEB67E2A1B55E5B0543883125834C812C8D9C39676E0494FC
                      SHA-512:E09E072F3095379B0C921D41D6E64F4F1CD78400594A2317CFB5E5DCA03DEDB5A8239ED89905C9E967D1ACB376B0585A35ADDF6648422C7DDB472CE38B1BA60D
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{n...=...=...=l..<...=...=...=...=...=...<...=...<...=...<...=...<...=...=...=...<...=Rich...=........PE..d.....K..........." ...$.....`............................................................`A........................................`C..4....K...............p..|....\...O...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata..|....p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):49560
                      Entropy (8bit):6.6649899041961875
                      Encrypted:false
                      SSDEEP:768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
                      MD5:CF0A1C4776FFE23ADA5E570FC36E39FE
                      SHA1:2050FADECC11550AD9BDE0B542BCF87E19D37F1A
                      SHA-256:6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47
                      SHA-512:D95CD98D22CA048D0FC5BCA551C9DB13D6FA705F6AF120BBBB621CF2B30284BFDC7320D0A819BB26DAB1E0A46253CC311A370BED4EF72ECB60C69791ED720168
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...V...V......T.......T..._.D.]...V...e.......S.......Q.......M.......W.....(.W.......W...RichV...........PE..d...}.4..........." ...$.<...8.......A..............................................e4....`A........................................0m.......m..x....................r...O......D....c..p...........................pb..@............P..h............................text...@:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Setup., Template: Intel;1033, Revision Number: {1C20914D-A513-4679-9999-88E4DA77A9DD}, Create Time/Date: Sun Sep 22 04:32:30 2024, Last Saved Time/Date: Sun Sep 22 04:32:30 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                      Category:dropped
                      Size (bytes):1568768
                      Entropy (8bit):7.983658727168102
                      Encrypted:false
                      SSDEEP:24576:EeChrFLK2CAysNG5mVfLg6c8V+QK8+pQJFjgmmrf3hCOswhGu7FaPDGF1u:5OFLKgY5Egu+2iVrfR1swhGK
                      MD5:14DBE24F579ADF974AC108B286716B3E
                      SHA1:72B8B1BA4C8DA290F33EAA714BA6DE9594BAF06F
                      SHA-256:C91FCFBAB7ADD9C8010099A6B96F5D73CA986B9F37D6198A66EEFD5F7D8260FD
                      SHA-512:A54583DC59EEE4E4180559235AE5730BFB75EAEF7D4A68606D84B14986FD8F30C124DC57E8044C4C8A1805E1D6F17396AB442192D74F91521296D352FEB1BE6E
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Setup., Template: Intel;1033, Revision Number: {1C20914D-A513-4679-9999-88E4DA77A9DD}, Create Time/Date: Sun Sep 22 04:32:30 2024, Last Saved Time/Date: Sun Sep 22 04:32:30 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                      Category:dropped
                      Size (bytes):1568768
                      Entropy (8bit):7.983658727168102
                      Encrypted:false
                      SSDEEP:24576:EeChrFLK2CAysNG5mVfLg6c8V+QK8+pQJFjgmmrf3hCOswhGu7FaPDGF1u:5OFLKgY5Egu+2iVrfR1swhGK
                      MD5:14DBE24F579ADF974AC108B286716B3E
                      SHA1:72B8B1BA4C8DA290F33EAA714BA6DE9594BAF06F
                      SHA-256:C91FCFBAB7ADD9C8010099A6B96F5D73CA986B9F37D6198A66EEFD5F7D8260FD
                      SHA-512:A54583DC59EEE4E4180559235AE5730BFB75EAEF7D4A68606D84B14986FD8F30C124DC57E8044C4C8A1805E1D6F17396AB442192D74F91521296D352FEB1BE6E
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):3152
                      Entropy (8bit):5.524235117246984
                      Encrypted:false
                      SSDEEP:96:/qNXtlevC/HBL69s3yGMWpe6Q+NsvrDI/GEPP0vINp:/q3lqin3yGMue63OrWEIT
                      MD5:3A9DD16D0A21DF01D9895AE820CCA682
                      SHA1:26735A5C2AABB0D51F881ADB36F59242A5430811
                      SHA-256:F173FB549B0FC402999249AA00EEB3F0634C10FC9535A2327F1774A2B7C1F370
                      SHA-512:E3DD564D2E9985C45989487F1B228F0EB303B260986166D283D365752A5CBEB4718C248E1A4CD9A7EF43D9C835E92F9547F76631A265A5247FE2F1DD2283F699
                      Malicious:false
                      Preview:...@IXOS.@.....@gW9Y.@.....@.....@.....@.....@.....@......&.{F156E436-875F-46CA-9835-F075C59F63EB}..Setup..ekTL8jTI4D.msi.@.....@..^..@.....@........&.{1C20914D-A513-4679-9999-88E4DA77A9DD}.....@.....@.....@.....@.......@.....@.....@.......@......Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{11F60BBA-D12D-4921-82DD-4AB58EC734F4}..C:\Program Files (x86)\Windows NT\msvcp140.dll.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@J?1..@.....@......".C:\Program Files (x86)\Windows NT\....1\gujfn150\|Windows NT\......Please insert the disk: ..cab1.cab.@.....@......C:\Windows\Installer\452153.msi.........@........part1.bin..bin1..part1.bin.@.....@Z....@.......@.............@.........@.....@.....@..D..@...p.@E...@........part2.bin..bin2..part2.bin.@.....@[....@.......@.............@.........@...
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.164873906344091
                      Encrypted:false
                      SSDEEP:12:JSbX72FjHAGiLIlHVRpZh/7777777777777777777777777vDHFGSZbit/l0i8Q:J1QI5tASZiiF
                      MD5:499B8DA933BBC50B483868B91B8B0714
                      SHA1:2AE7D7651F16E786EAFFF3C372921F6C8B6C10BC
                      SHA-256:E2F76D8A7D17FF0589BEAC1673B36F2DCC95662D6214C438D74003DFC4090A45
                      SHA-512:B743A151240E37C602EE5730FAC09ED77AFB64E4B01B039A31A36A6F0C6F6450CC27462E5B9DC061216EEF6B79630450233F401C00B5825B60241A7C5A6C59B8
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.4726154196161207
                      Encrypted:false
                      SSDEEP:48:L8PheuRc06WXJMFT5UFodeS5MirydeSIr8CvY:yhe1vFT2FtTe8CvY
                      MD5:496762F0B60A56972AD6A5C627CB2329
                      SHA1:0BDC671E60619C8A085EA8C5D4D6DF349CADCE1F
                      SHA-256:3FE5D8731947272D6CF4A9E1A4D000F467F28F26D9F385D6D4ACCF7F90250018
                      SHA-512:587177A1DF3FCB041F8CAA28E1B6DF24C3CE6DC85BCB4730153DB7B2935FF8ACDE485A717E8DC46122C767A842D114A6EA7EC0A6E95869DE4C9BDC5019B47976
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):360001
                      Entropy (8bit):5.362972304535993
                      Encrypted:false
                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauK:zTtbmkExhMJCIpEz
                      MD5:503F7B1736054817A8D692A8437BC5B7
                      SHA1:F9359CA917C78346DED5B87CEA1B39D3D1447095
                      SHA-256:228DA604CB3794EDFB0E79006D49AA2371AE462B483674ADCD9B5A6F97C64438
                      SHA-512:C1984226AC974101C5484258DE549A35A9DEFC3FB23B206E7D01D8F91B7D17B2F9A02284B45D074010CADC7640437DE4342B701928E398FAD1F3D23D6BF45089
                      Malicious:false
                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):69632
                      Entropy (8bit):0.10659585303673413
                      Encrypted:false
                      SSDEEP:24:6YbL1EJfAebxdB5GipVGdB5GipV7VqewGhlrkg3s+gmP:6Yv1ErxdeScdeS5MircF
                      MD5:3DAB0A5C18EE647EB5B64E46D9AC1F34
                      SHA1:954F852940EE6BFABF60D6EFACC670E6219E3476
                      SHA-256:8FB08458EF9E0EDC3CB72690FDFD8DE9A25AC87459628ADF86A959F1A39B265B
                      SHA-512:C71B7140D7CAA0C5A5A609FDCBB3EA97DC5C41D2163002494754E089DB5ADB7BD233414AF08F4962434EC3793D7F66BCDA2EA18F02CBCCBAA0C1A1B6DA0D63B5
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.4726154196161207
                      Encrypted:false
                      SSDEEP:48:L8PheuRc06WXJMFT5UFodeS5MirydeSIr8CvY:yhe1vFT2FtTe8CvY
                      MD5:496762F0B60A56972AD6A5C627CB2329
                      SHA1:0BDC671E60619C8A085EA8C5D4D6DF349CADCE1F
                      SHA-256:3FE5D8731947272D6CF4A9E1A4D000F467F28F26D9F385D6D4ACCF7F90250018
                      SHA-512:587177A1DF3FCB041F8CAA28E1B6DF24C3CE6DC85BCB4730153DB7B2935FF8ACDE485A717E8DC46122C767A842D114A6EA7EC0A6E95869DE4C9BDC5019B47976
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):1.185999833768821
                      Encrypted:false
                      SSDEEP:48:Wn2u/PveFXJBT5SFodeS5MirydeSIr8CvY:Y2VZTwFtTe8CvY
                      MD5:8F5C1A6FC031B055DA3BEE5CA1DFA6EC
                      SHA1:F20364E56AC1E13545D46532E8207BAD59F0EF57
                      SHA-256:75C61DFD7CAF2947651C5C9CC9C1BA739049419A54EDE38FFD5692E910A50197
                      SHA-512:093A39CE9D9F9D64C0BA68C95BCDDFAFB9BDDED5ABFB3549B834D05376F87B2259FA6FF54CBBA68AD0118FE2CA529858E873BF18B601FEB5AFA2F2B5CA8ED025
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):1.185999833768821
                      Encrypted:false
                      SSDEEP:48:Wn2u/PveFXJBT5SFodeS5MirydeSIr8CvY:Y2VZTwFtTe8CvY
                      MD5:8F5C1A6FC031B055DA3BEE5CA1DFA6EC
                      SHA1:F20364E56AC1E13545D46532E8207BAD59F0EF57
                      SHA-256:75C61DFD7CAF2947651C5C9CC9C1BA739049419A54EDE38FFD5692E910A50197
                      SHA-512:093A39CE9D9F9D64C0BA68C95BCDDFAFB9BDDED5ABFB3549B834D05376F87B2259FA6FF54CBBA68AD0118FE2CA529858E873BF18B601FEB5AFA2F2B5CA8ED025
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.07185417435888751
                      Encrypted:false
                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOG/RsMYYtgVky6lit/:2F0i8n0itFzDHFGSIZit/
                      MD5:D75D77B6BC5D8C5CC7D3700BF3E6547E
                      SHA1:E55332460019C3D4B6B0A8D03EEB26C80F4B1AAD
                      SHA-256:E798FA3892FFDBE7427AC95F9DF4AD0BD58C83D28AF3DB9A77EF7E2F1366D0B9
                      SHA-512:E875A6FE9FBF85497FFABE97661EAE7A8C3D57980981C6C78A2C285E6C275A9D3F70AA628B61FE72749A5880C34143D895DC9873971150E35182C0B74C839214
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):1.185999833768821
                      Encrypted:false
                      SSDEEP:48:Wn2u/PveFXJBT5SFodeS5MirydeSIr8CvY:Y2VZTwFtTe8CvY
                      MD5:8F5C1A6FC031B055DA3BEE5CA1DFA6EC
                      SHA1:F20364E56AC1E13545D46532E8207BAD59F0EF57
                      SHA-256:75C61DFD7CAF2947651C5C9CC9C1BA739049419A54EDE38FFD5692E910A50197
                      SHA-512:093A39CE9D9F9D64C0BA68C95BCDDFAFB9BDDED5ABFB3549B834D05376F87B2259FA6FF54CBBA68AD0118FE2CA529858E873BF18B601FEB5AFA2F2B5CA8ED025
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.4726154196161207
                      Encrypted:false
                      SSDEEP:48:L8PheuRc06WXJMFT5UFodeS5MirydeSIr8CvY:yhe1vFT2FtTe8CvY
                      MD5:496762F0B60A56972AD6A5C627CB2329
                      SHA1:0BDC671E60619C8A085EA8C5D4D6DF349CADCE1F
                      SHA-256:3FE5D8731947272D6CF4A9E1A4D000F467F28F26D9F385D6D4ACCF7F90250018
                      SHA-512:587177A1DF3FCB041F8CAA28E1B6DF24C3CE6DC85BCB4730153DB7B2935FF8ACDE485A717E8DC46122C767A842D114A6EA7EC0A6E95869DE4C9BDC5019B47976
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      Process:C:\Program Files (x86)\Windows NT\update.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):161
                      Entropy (8bit):4.784459098558671
                      Encrypted:false
                      SSDEEP:3:xIvL3OXzW9dSj2dVGh6ezW9dSj3HI8kezW9dSj07j64R4bXOCev:PXz4dSj2dVU4dSjY1ez4dSj07ufw
                      MD5:A2E96DE4987CEFB4C3CA1E9421DD0B00
                      SHA1:156106A6B1839022D18E252C94C0496D634B6747
                      SHA-256:29F8832D42F9380F70F4F6D7CAB1AD09BBF8AD7D80756BE8A3BB959095445300
                      SHA-512:07163CE89C9A93D12DC8118D5B16E8E78A8CCC668E51A774B704CBA75FC96D8EE4A54404DE005F53FE0FE871F50C846ADD95FC39BEB86CBA4AEEA8D5077C99F5
                      Malicious:false
                      Preview:[+] Kernel32 Address:00007FFB2B300000..[+] GetProcAddress Address:00007FFB2B31AEC0..[+] LoadLibraryA Address:00007FFB2B3204F0..somerandomtext..[+] IAT Finished..
                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Setup., Template: Intel;1033, Revision Number: {1C20914D-A513-4679-9999-88E4DA77A9DD}, Create Time/Date: Sun Sep 22 04:32:30 2024, Last Saved Time/Date: Sun Sep 22 04:32:30 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                      Entropy (8bit):7.983658727168102
                      TrID:
                      • Microsoft Windows Installer (60509/1) 88.31%
                      • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                      File name:ekTL8jTI4D.msi
                      File size:1'568'768 bytes
                      MD5:14dbe24f579adf974ac108b286716b3e
                      SHA1:72b8b1ba4c8da290f33eaa714ba6de9594baf06f
                      SHA256:c91fcfbab7add9c8010099a6b96f5d73ca986b9f37d6198a66eefd5f7d8260fd
                      SHA512:a54583dc59eee4e4180559235ae5730bfb75eaef7d4a68606d84b14986fd8f30c124dc57e8044c4c8a1805e1d6f17396ab442192d74f91521296d352feb1be6e
                      SSDEEP:24576:EeChrFLK2CAysNG5mVfLg6c8V+QK8+pQJFjgmmrf3hCOswhGu7FaPDGF1u:5OFLKgY5Egu+2iVrfR1swhGK
                      TLSH:3675331D9D8CB101C285AF3B0097B9329940FC197523BC592AE2B6FA0D777C196BE1F9
                      File Content Preview:........................>......................................................................................................................................................................................................................................
                      Icon Hash:2d2e3797b32b2b99
                      No network behavior found

                      Click to jump to process

                      Click to jump to process

                      Click to jump to process

                      Target ID:0
                      Start time:10:59:12
                      Start date:25/09/2024
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ekTL8jTI4D.msi"
                      Imagebase:0x7ff67e900000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Target ID:2
                      Start time:10:59:12
                      Start date:25/09/2024
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\msiexec.exe /V
                      Imagebase:0x7ff67e900000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      Target ID:3
                      Start time:10:59:13
                      Start date:25/09/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 18758BA1CC51FA1017A8920DF8D0E5AE E Global\MSI0000
                      Imagebase:0xec0000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Target ID:4
                      Start time:10:59:14
                      Start date:25/09/2024
                      Path:C:\Program Files (x86)\Windows NT\update.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Windows NT\Update.exe" inst
                      Imagebase:0x7ff7ef910000
                      File size:14'336 bytes
                      MD5 hash:8155B4E05CF46D5CEA8A3E86D08051C2
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Antivirus matches:
                      • Detection: 0%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      Target ID:5
                      Start time:10:59:14
                      Start date:25/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff75da10000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Reset < >

                        Execution Graph

                        Execution Coverage:0.9%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:23.6%
                        Total number of Nodes:242
                        Total number of Limit Nodes:7
                        execution_graph 36443 7ff7ef911ce8 36444 7ff7ef911d01 36443->36444 36445 7ff7ef911d09 __scrt_acquire_startup_lock 36444->36445 36446 7ff7ef911e3f 36444->36446 36448 7ff7ef911e49 36445->36448 36453 7ff7ef911d27 __scrt_release_startup_lock 36445->36453 36468 7ff7ef91224c 9 API calls 36446->36468 36469 7ff7ef91224c 9 API calls 36448->36469 36450 7ff7ef911e54 36452 7ff7ef911e5c _exit 36450->36452 36451 7ff7ef911d4c 36453->36451 36454 7ff7ef911dd2 _get_initial_narrow_environment __p___argv __p___argc 36453->36454 36457 7ff7ef911dca _register_thread_local_exe_atexit_callback 36453->36457 36463 7ff7ef911000 36454->36463 36457->36454 36459 7ff7ef911dfb 36459->36450 36460 7ff7ef911dff 36459->36460 36461 7ff7ef911e09 36460->36461 36462 7ff7ef911e04 _cexit 36460->36462 36461->36451 36462->36461 36466 7ff7ef911054 36463->36466 36464 7ff7ef911b95 LoadLibraryA GetProcAddress 36465 7ff7ef911bac 36464->36465 36467 7ff7ef9121e0 GetModuleHandleW 36465->36467 36466->36464 36466->36465 36467->36459 36468->36448 36469->36450 36470 7ffb0be09750 36471 7ffb0be09778 36470->36471 36474 7ffb0be0977f 36470->36474 36478 7ffb0be09810 memmove 36471->36478 36473 7ffb0be0977d 36474->36473 36475 7ffb0be097d1 36474->36475 36476 7ffb0be097a4 memmove 36474->36476 36475->36473 36477 7ffb0be097dd fwrite 36475->36477 36476->36473 36476->36475 36477->36473 36478->36473 36479 7ffb0be087c0 36480 7ffb0be087f4 36479->36480 36482 7ffb0be087fb 36479->36482 36488 7ffb0be518e0 36480->36488 36482->36480 36485 7ffb0be088e6 36482->36485 36486 7ffb0be08879 36482->36486 36484 7ffb0be0887d fputc 36484->36480 36485->36480 36487 7ffb0be088f3 fwrite 36485->36487 36486->36480 36486->36484 36487->36480 36489 7ffb0be518e9 36488->36489 36490 7ffb0be0892e 36489->36490 36491 7ffb0be52170 IsProcessorFeaturePresent 36489->36491 36492 7ffb0be52188 36491->36492 36497 7ffb0be52244 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 36492->36497 36494 7ffb0be5219b 36498 7ffb0be52130 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36494->36498 36497->36494 36499 7ffb0be2d4f0 36500 7ffb0be2d502 36499->36500 36501 7ffb0be2d50b 36500->36501 36503 7ffb0be138c0 36500->36503 36522 7ffb0be06770 36503->36522 36508 7ffb0be1390c 36510 7ffb0be13919 36508->36510 36536 7ffb0be0af50 _lock_locales _unlock_locales tidy_global 36508->36536 36509 7ffb0be13929 std::ios_base::Init::_Init_dtor 36533 7ffb0be0487c 36509->36533 36510->36501 36514 7ffb0be139bb 36515 7ffb0be518e0 codecvt 8 API calls 36514->36515 36516 7ffb0be13aff 36515->36516 36516->36501 36517 7ffb0be13a4a fputwc 36517->36514 36518 7ffb0be13ab5 36518->36514 36520 7ffb0be13ac2 fwrite 36518->36520 36519 7ffb0be139c4 36519->36514 36519->36518 36521 7ffb0be13a47 36519->36521 36520->36514 36521->36514 36521->36517 36537 7ffb0be06cd0 36522->36537 36524 7ffb0be067b0 36548 7ffb0be519fc 36524->36548 36527 7ffb0be067c9 36529 7ffb0be142b0 36527->36529 36530 7ffb0be142d9 36529->36530 36560 7ffb0be130b0 36530->36560 36586 7ffb0be04974 36533->36586 36536->36510 36538 7ffb0be06ce1 36537->36538 36539 7ffb0be06ce7 std::ios_base::Init::_Init_dtor 36537->36539 36538->36524 36540 7ffb0be0487c std::ios_base::failure::failure 19 API calls 36539->36540 36541 7ffb0be06d29 _CxxThrowException 36540->36541 36542 7ffb0be06d40 36541->36542 36543 7ffb0be06d58 36542->36543 36544 7ffb0be06d5e _CxxThrowException 36542->36544 36545 7ffb0be06d68 std::ios_base::Init::_Init_dtor 36542->36545 36543->36524 36544->36545 36546 7ffb0be0487c std::ios_base::failure::failure 19 API calls 36545->36546 36547 7ffb0be06daa _CxxThrowException 36546->36547 36549 7ffb0be51a16 malloc 36548->36549 36550 7ffb0be067ba 36549->36550 36551 7ffb0be51a07 36549->36551 36550->36527 36557 7ffb0be11690 10 API calls 3 library calls 36550->36557 36551->36549 36552 7ffb0be51a26 36551->36552 36555 7ffb0be51a31 36552->36555 36558 7ffb0be39480 _CxxThrowException Concurrency::cancel_current_task 36552->36558 36559 7ffb0be069d8 _CxxThrowException std::bad_alloc::bad_alloc 36555->36559 36557->36527 36577 7ffb0be35e20 36560->36577 36562 7ffb0be130ca 36563 7ffb0be35e20 tidy_global _lock_locales 36562->36563 36568 7ffb0be13119 36562->36568 36565 7ffb0be130ef 36563->36565 36564 7ffb0be13166 36580 7ffb0be35ec0 36564->36580 36569 7ffb0be35ec0 tidy_global _unlock_locales 36565->36569 36567 7ffb0be131b1 36567->36508 36567->36509 36568->36564 36583 7ffb0be060f0 28 API calls 3 library calls 36568->36583 36569->36568 36571 7ffb0be13178 36572 7ffb0be1317e 36571->36572 36573 7ffb0be131bf 36571->36573 36584 7ffb0be11648 _CxxThrowException _CxxThrowException malloc std::locale::_Locimp::_New_Locimp 36572->36584 36585 7ffb0be069f8 _CxxThrowException free free std::bad_alloc::bad_alloc 36573->36585 36578 7ffb0be35e2f _lock_locales 36577->36578 36579 7ffb0be35e37 36577->36579 36578->36579 36579->36562 36581 7ffb0be35ecb _unlock_locales 36580->36581 36582 7ffb0be35ed6 36580->36582 36581->36582 36582->36567 36583->36571 36584->36564 36587 7ffb0be049b0 36586->36587 36587->36587 36596 7ffb0be034fc 36587->36596 36592 7ffb0be518e0 codecvt 8 API calls 36595 7ffb0be0489c _CxxThrowException 36592->36595 36593 7ffb0be04a18 _invalid_parameter_noinfo_noreturn 36594 7ffb0be04a1f 36593->36594 36594->36592 36595->36514 36595->36519 36597 7ffb0be035d4 std::ios_base::failure::failure 36596->36597 36598 7ffb0be03531 36596->36598 36599 7ffb0be0353f memmove 36598->36599 36600 7ffb0be0354e 36598->36600 36601 7ffb0be035b9 36599->36601 36602 7ffb0be0355a 36600->36602 36603 7ffb0be0358c 36600->36603 36608 7ffb0be04568 36601->36608 36618 7ffb0be03310 4 API calls 3 library calls 36602->36618 36605 7ffb0be519fc std::locale::_Locimp::_New_Locimp 3 API calls 36603->36605 36607 7ffb0be03587 memmove 36603->36607 36605->36607 36607->36601 36609 7ffb0be045ad std::ios_base::failure::failure 36608->36609 36619 7ffb0be0687c 36609->36619 36613 7ffb0be04618 36614 7ffb0be04647 36613->36614 36616 7ffb0be04640 _invalid_parameter_noinfo_noreturn 36613->36616 36615 7ffb0be518e0 codecvt 8 API calls 36614->36615 36617 7ffb0be0466d 36615->36617 36616->36614 36617->36593 36617->36594 36618->36607 36620 7ffb0be068b6 36619->36620 36621 7ffb0be068cb 36619->36621 36622 7ffb0be06c00 std::ios_base::failure::failure memmove 36620->36622 36629 7ffb0be06c00 36621->36629 36622->36621 36624 7ffb0be06907 36625 7ffb0be06942 36624->36625 36628 7ffb0be0693b _invalid_parameter_noinfo_noreturn 36624->36628 36626 7ffb0be518e0 codecvt 8 API calls 36625->36626 36627 7ffb0be045d5 __std_exception_copy 36626->36627 36627->36613 36627->36614 36628->36625 36630 7ffb0be06c25 memmove 36629->36630 36631 7ffb0be06c4f std::ios_base::failure::failure 36629->36631 36630->36631 36631->36624 36633 7ffb0be01a30 36636 7ffb0be35dd0 36633->36636 36635 7ffb0be01a40 shared_ptr 36637 7ffb0be35e05 36636->36637 36638 7ffb0be35de6 36636->36638 36637->36635 36638->36637 36640 7ffb0be36c90 InitializeCriticalSectionEx 36638->36640 36641 7ffb0bf9a310 36642 7ffb0bf9a31f 36641->36642 36643 7ffb0bf9a322 FindFirstFileA 36641->36643 36642->36643 36644 7ffb0bf9a33d 36643->36644 36645 7ffb0bf91a10 36704 7ffb0bfa3800 36645->36704 36647 7ffb0bf91a26 GetTickCount 36650 7ffb0bf91ae5 36647->36650 36649 7ffb0bf91e5c strlen 36653 7ffb0bf91f0e 36649->36653 36705 7ffb0bf91800 __stdio_common_vsprintf 36650->36705 36652 7ffb0bf921bc strlen 36656 7ffb0bf921d4 36652->36656 36661 7ffb0bf9258c 36652->36661 36706 7ffb0bf91800 __stdio_common_vsprintf 36653->36706 36707 7ffb0bf34020 strlen 36656->36707 36657 7ffb0bf92669 36659 7ffb0bf92bcf 36673 7ffb0bf92bde 36659->36673 36678 7ffb0bf93012 36659->36678 36660 7ffb0bf93631 memset 36723 7ffb0bf91860 6 API calls 36660->36723 36661->36657 36722 7ffb0bf91330 10 API calls 36661->36722 36663 7ffb0bf9593d CloseHandle 36693 7ffb0bf95950 36663->36693 36664 7ffb0bf93c91 memset 36665 7ffb0bf93d0e memcpy 36664->36665 36672 7ffb0bf93cfc 36664->36672 36665->36672 36675 7ffb0bf93e0e 36665->36675 36666 7ffb0bf34020 21 API calls 36669 7ffb0bf935c3 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36666->36669 36667 7ffb0bf34020 21 API calls 36670 7ffb0bf93608 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36667->36670 36669->36693 36670->36660 36671 7ffb0bf93ec3 36671->36663 36682 7ffb0bf93ee8 36671->36682 36703 7ffb0bf94245 36671->36703 36674 7ffb0bf93e1b memcpy 36672->36674 36672->36675 36673->36666 36673->36693 36674->36675 36725 7ffb0bf91860 6 API calls 36675->36725 36676 7ffb0bf34020 21 API calls 36677 7ffb0bf93c89 36676->36677 36724 7ffb0bf95d80 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36677->36724 36678->36660 36678->36667 36680 7ffb0bf9367d 36680->36663 36680->36664 36680->36676 36726 7ffb0bf547b0 __acrt_iob_func 36682->36726 36683 7ffb0bf94f36 36683->36663 36684 7ffb0bf547b0 2 API calls 36685 7ffb0bf94f4e memset 36684->36685 36729 7ffb0bf91860 6 API calls 36685->36729 36687 7ffb0bf9477d 36688 7ffb0bf955d3 memset 36731 7ffb0bf91860 6 API calls 36688->36731 36690 7ffb0bf95625 36690->36663 36691 7ffb0bf9563b 36690->36691 36692 7ffb0bf95973 CloseHandle 36691->36692 36702 7ffb0bf952b2 36691->36702 36692->36693 36692->36702 36694 7ffb0bf34020 21 API calls 36696 7ffb0bf955cb 36694->36696 36695 7ffb0bf94fac 36695->36663 36695->36688 36695->36694 36695->36702 36730 7ffb0bf95d80 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36696->36730 36698 7ffb0bf34020 21 API calls 36699 7ffb0bf95d65 36698->36699 36732 7ffb0bf95d80 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36699->36732 36701 7ffb0bf95a60 36702->36698 36702->36701 36703->36684 36703->36687 36704->36647 36705->36649 36706->36652 36733 7ffb0bf4ca50 36707->36733 36710 7ffb0bf3408b ?getloc@ios_base@std@@QEBA?AVlocale@2 36739 7ffb0bf4cbf0 ??0_Lockit@std@@QEAA@H 36710->36739 36713 7ffb0bf34232 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 36713->36661 36714 7ffb0bf34228 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 36714->36713 36715 7ffb0bf340aa 36718 7ffb0bf34100 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 36715->36718 36719 7ffb0bf3412b 36715->36719 36716 7ffb0bf34133 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 36716->36713 36716->36714 36717 7ffb0bf341a3 36717->36716 36720 7ffb0bf341b0 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 36717->36720 36718->36715 36718->36719 36719->36717 36721 7ffb0bf3417d ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 36719->36721 36720->36716 36720->36717 36721->36717 36721->36719 36722->36659 36723->36680 36724->36664 36725->36671 36753 7ffb0bf54c90 36726->36753 36728 7ffb0bf547e6 __stdio_common_vfprintf 36728->36683 36729->36695 36730->36688 36731->36690 36732->36693 36734 7ffb0bf4ca8e ?good@ios_base@std@ 36733->36734 36735 7ffb0bf4ca7e 36733->36735 36736 7ffb0bf4ca9b 36734->36736 36737 7ffb0bf3407d 36734->36737 36735->36734 36736->36737 36738 7ffb0bf4cab1 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 36736->36738 36737->36710 36737->36716 36738->36737 36740 7ffb0bf4cc30 ??0_Lockit@std@@QEAA@H 36739->36740 36741 7ffb0bf4cc61 36739->36741 36742 7ffb0bf4cc42 36740->36742 36743 7ffb0bf4cc54 ??1_Lockit@std@@QEAA 36740->36743 36744 7ffb0bf4ccd3 ??1_Lockit@std@@QEAA 36741->36744 36745 7ffb0bf4cc7e ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 36741->36745 36746 7ffb0bf4cc89 36741->36746 36742->36743 36743->36741 36744->36715 36745->36746 36746->36744 36747 7ffb0bf4cc9e ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 36746->36747 36748 7ffb0bf4ccb1 36747->36748 36751 7ffb0bf4cceb 36747->36751 36752 7ffb0bfa3bc0 malloc free _CxxThrowException _CxxThrowException std::_Facet_Register 36748->36752 36750 7ffb0bf4ccbe 36750->36744 36751->36715 36752->36750 36753->36728
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361248172.00007FF7EF911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EF910000, based on PE: true
                        • Associated: 00000004.00000002.1361229508.00007FF7EF910000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361295545.00007FF7EF915000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361312456.00007FF7EF918000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ff7ef910000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06328e91ab06433276b6fac1bded3466b1f717358be103491905d6f82335b2b2
                        • Instruction ID: 00ae291e1ed6ff1afe74f736ec8d2df8482da990967e33525332173aa885b916
                        • Opcode Fuzzy Hash: 06328e91ab06433276b6fac1bded3466b1f717358be103491905d6f82335b2b2
                        • Instruction Fuzzy Hash: 49528B62F688D6AAD724DF28D000BFCAB559751758BD64336C28A43F88CB3CED86D711

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 364 7ffb0bf9a310-7ffb0bf9a31d 365 7ffb0bf9a31f 364->365 366 7ffb0bf9a322-7ffb0bf9a33b FindFirstFileA 364->366 365->366 367 7ffb0bf9a33d-7ffb0bf9a340 366->367 368 7ffb0bf9a342 366->368 369 7ffb0bf9a349-7ffb0bf9a35a 367->369 368->369
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: FileFindFirst
                        • String ID:
                        • API String ID: 1974802433-0
                        • Opcode ID: 36321af0d3796ab110e161d9123b50b16bd39c26e1b993a1376d5652d041ab72
                        • Instruction ID: 4a09413adc14a3c392c2f8c69f132676d3480033c5385df81a1864f9f26b73f3
                        • Opcode Fuzzy Hash: 36321af0d3796ab110e161d9123b50b16bd39c26e1b993a1376d5652d041ab72
                        • Instruction Fuzzy Hash: 8AE09261A0581581EA61533AF814BA81310AB84BB0F248330C87FD33F4CE5D89D79200

                        Control-flow Graph

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowfputwcfwritestd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 1428583292-1866435925
                        • Opcode ID: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                        • Instruction ID: 2fac3d6db8db5cd1a5da2d8b0ce33d092f3d4b1b25509ffa7657ff20560508ea
                        • Opcode Fuzzy Hash: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                        • Instruction Fuzzy Hash: E96190B2619A8695EB10CF35D480AED33A0FB54B88F948832EA4E87779DF3CD595C340

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 41 7ffb0bf34020-7ffb0bf34085 strlen call 7ffb0bf4ca50 44 7ffb0bf3408b-7ffb0bf340b4 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ call 7ffb0bf4cbf0 41->44 45 7ffb0bf34133-7ffb0bf3413c 41->45 53 7ffb0bf340cf-7ffb0bf340e9 44->53 54 7ffb0bf340b6-7ffb0bf340bf 44->54 46 7ffb0bf341fe-7ffb0bf34226 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?uncaught_exception@std@@YA_NXZ 45->46 48 7ffb0bf34232-7ffb0bf34249 46->48 49 7ffb0bf34228-7ffb0bf3422c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 46->49 51 7ffb0bf3424b 48->51 52 7ffb0bf34251-7ffb0bf34262 48->52 49->48 51->52 55 7ffb0bf3414e-7ffb0bf34158 53->55 56 7ffb0bf340eb-7ffb0bf340ee 53->56 54->53 62 7ffb0bf340c1-7ffb0bf340c7 54->62 57 7ffb0bf341a3-7ffb0bf341a6 55->57 58 7ffb0bf3415a 55->58 56->55 60 7ffb0bf340f0-7ffb0bf340f7 56->60 63 7ffb0bf341ea-7ffb0bf341f5 57->63 64 7ffb0bf341a8-7ffb0bf341ab 57->64 61 7ffb0bf34160-7ffb0bf34163 58->61 65 7ffb0bf34100-7ffb0bf34118 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 60->65 61->57 66 7ffb0bf34165-7ffb0bf341a1 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 61->66 62->53 63->46 64->63 67 7ffb0bf341ad 64->67 68 7ffb0bf34141-7ffb0bf3414a 65->68 69 7ffb0bf3411a-7ffb0bf34129 65->69 66->57 66->61 70 7ffb0bf341b0-7ffb0bf341c8 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 67->70 68->55 69->65 71 7ffb0bf3412b-7ffb0bf34131 69->71 73 7ffb0bf341e0-7ffb0bf341e6 70->73 74 7ffb0bf341ca-7ffb0bf341d9 70->74 71->55 73->63 74->70 75 7ffb0bf341db-7ffb0bf341de 74->75 75->63
                        APIs
                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00007FFB0BF254B3), ref: 00007FFB0BF34044
                          • Part of subcall function 00007FFB0BF4CA50: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CA91
                          • Part of subcall function 00007FFB0BF4CA50: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CAB5
                          • Part of subcall function 00007FFB0BF4CA50: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CAC5
                        • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF3409C
                          • Part of subcall function 00007FFB0BF4CBF0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC10
                          • Part of subcall function 00007FFB0BF4CBF0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC36
                          • Part of subcall function 00007FFB0BF4CBF0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC58
                          • Part of subcall function 00007FFB0BF4CBF0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC7E
                          • Part of subcall function 00007FFB0BF4CBF0: ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CCA5
                          • Part of subcall function 00007FFB0BF4CBF0: std::_Facet_Register.LIBCPMT ref: 00007FFB0BF4CCB9
                          • Part of subcall function 00007FFB0BF4CBF0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CCD7
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF34111
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF34182
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF341C1
                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF34219
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF3421F
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,00007FFB0BF254B3), ref: 00007FFB0BF3422C
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Lockit@std@@$?sputc@?$basic_streambuf@_D@std@@@std@@U?$char_traits@U?$char_traits@_W@std@@@std@@$??0_??1_?good@ios_base@std@@$?clear@?$basic_ios@?flush@?$basic_ostream@?getloc@ios_base@std@@?uncaught_exception@std@@Facet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@W@std@@std::_strlen
                        • String ID:
                        • API String ID: 1593280897-0
                        • Opcode ID: 970a47cc6cf30074c0aae3035800f89dd9723689c5addee478c653b9d38af71f
                        • Instruction ID: 018f33db008d0af2b6c828bddff451f1742112f74fbf2a23eee478b1b8df729f
                        • Opcode Fuzzy Hash: 970a47cc6cf30074c0aae3035800f89dd9723689c5addee478c653b9d38af71f
                        • Instruction Fuzzy Hash: 22616CA7715E5585EB119F2AD891BBC2BA0FB48F84F44C532CE1E83BA4CE39C4818300

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361248172.00007FF7EF911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EF910000, based on PE: true
                        • Associated: 00000004.00000002.1361229508.00007FF7EF910000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361295545.00007FF7EF915000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361312456.00007FF7EF918000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ff7ef910000_update.jbxd
                        Similarity
                        • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                        • String ID:
                        • API String ID: 1133592946-0
                        • Opcode ID: cff09b3605161af5dd209cad230885eb80ab9a66cc5c23866d760b539f877b37
                        • Instruction ID: 9a598b92b9a6d6bd9b29d4167474c565cd5b9476869e6b6d7f83d0293d555fc9
                        • Opcode Fuzzy Hash: cff09b3605161af5dd209cad230885eb80ab9a66cc5c23866d760b539f877b37
                        • Instruction Fuzzy Hash: 88317E21A08D8759FA14BB2598113FA9295AF45384FC64037DACDC7ADFCE3CA8848273

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 291 7ffb0be087c0-7ffb0be087f2 292 7ffb0be087fb-7ffb0be08803 291->292 293 7ffb0be087f4-7ffb0be087f6 291->293 295 7ffb0be08835-7ffb0be0883d 292->295 296 7ffb0be08805-7ffb0be08815 292->296 294 7ffb0be08922-7ffb0be08945 call 7ffb0be518e0 293->294 299 7ffb0be08920 295->299 300 7ffb0be08843-7ffb0be0884e 295->300 296->295 298 7ffb0be08817-7ffb0be08830 296->298 298->294 299->294 301 7ffb0be08870-7ffb0be08877 300->301 302 7ffb0be08850-7ffb0be0886e 300->302 304 7ffb0be08891-7ffb0be088d4 301->304 305 7ffb0be08879 301->305 302->301 309 7ffb0be088e6-7ffb0be088f1 304->309 310 7ffb0be088d6-7ffb0be088d9 304->310 306 7ffb0be0887d-7ffb0be0888c fputc 305->306 307 7ffb0be0891d 306->307 307->299 312 7ffb0be08911-7ffb0be08919 309->312 313 7ffb0be088f3-7ffb0be0890f fwrite 309->313 310->309 311 7ffb0be088db-7ffb0be088de 310->311 311->299 314 7ffb0be088e0-7ffb0be088e4 311->314 312->307 313->299 313->312 314->306
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 84a77e993a5657917685ea6999c010b91537a9642c3b85d85823cc331b883bdf
                        • Instruction ID: 339cafc807ab67a0292a2f5484a76d03ecb048d0e0d5aa8adab012142416a77e
                        • Opcode Fuzzy Hash: 84a77e993a5657917685ea6999c010b91537a9642c3b85d85823cc331b883bdf
                        • Instruction Fuzzy Hash: 804159B3628A81C9DB108F39D4807AD37A4F758B88F848832EA4E87768DF38D595C350

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memmove$fwrite
                        • String ID:
                        • API String ID: 2981457622-0
                        • Opcode ID: 505e963ab8c178f1aa458319f4d54afc298f1d92708e35764910d43631222cb7
                        • Instruction ID: 78448bd0b21eed6e4ba42d7a662011a1da4457f1576d98dc899694ebf8ad36c9
                        • Opcode Fuzzy Hash: 505e963ab8c178f1aa458319f4d54afc298f1d92708e35764910d43631222cb7
                        • Instruction Fuzzy Hash: 0311B466B18A8185EE148E7ED450AB86360FB44FC4FAC8535EE4E97767DE3CE4928300

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func__stdio_common_vfprintf
                        • String ID:
                        • API String ID: 2168557111-0
                        • Opcode ID: 091a9b5e58f04969739753c4443ed85341b3fbe3cfafe26bfeb8f11ab7dfb16a
                        • Instruction ID: 607065afe00719871da21984200798df9d7a0c54b0a2dccecb2b19cc5f700797
                        • Opcode Fuzzy Hash: 091a9b5e58f04969739753c4443ed85341b3fbe3cfafe26bfeb8f11ab7dfb16a
                        • Instruction Fuzzy Hash: EAE03776908B4581E7105B51F94495ABB64F7D9BE1F588534EE8D43B74CE3CD095C700

                        Control-flow Graph

                        APIs
                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE0135B
                          • Part of subcall function 00007FFB0BE06548: _get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE065D1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func_get_stream_buffer_pointers
                        • String ID:
                        • API String ID: 340351158-0
                        • Opcode ID: b67d559abb37c3c7e470d540e259df01338b8e945da5bbef43d7d8be2f56f74e
                        • Instruction ID: 0004d595d1aa33a55b98862f7e78e7612eb2cc51168efdd6303400aa56098d8e
                        • Opcode Fuzzy Hash: b67d559abb37c3c7e470d540e259df01338b8e945da5bbef43d7d8be2f56f74e
                        • Instruction Fuzzy Hash: E3F030D0E2984B84FA10A775E855DB812A4EF59340FC09D35C50FC63B9EE1CE19A8700

                        Control-flow Graph

                        APIs
                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE0129B
                          • Part of subcall function 00007FFB0BE06548: _get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE065D1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func_get_stream_buffer_pointers
                        • String ID:
                        • API String ID: 340351158-0
                        • Opcode ID: 112ce818b9da844fca5c764590304fd77010994ea22f374ee48f19ec947583d3
                        • Instruction ID: 00140a9c38104035bd41dee60c681edb4e5e645de163d4a243187d1ee292d1bd
                        • Opcode Fuzzy Hash: 112ce818b9da844fca5c764590304fd77010994ea22f374ee48f19ec947583d3
                        • Instruction Fuzzy Hash: 56F01CD1E2981B84EA10A775E859DB41365EF59340F808D35D60FC63F5EE1CE2968704

                        Control-flow Graph

                        APIs
                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE011C8
                          • Part of subcall function 00007FFB0BE06548: _get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE065D1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func_get_stream_buffer_pointers
                        • String ID:
                        • API String ID: 340351158-0
                        • Opcode ID: c25826869efca06d790c1f0727f6dc24e87bbc47d023c2ad45adc874f462cbb1
                        • Instruction ID: a03a3f59e2ab996a7d0d8faaf215bb1686ecf6d0d4fd185617c4b73a2f6b65ef
                        • Opcode Fuzzy Hash: c25826869efca06d790c1f0727f6dc24e87bbc47d023c2ad45adc874f462cbb1
                        • Instruction Fuzzy Hash: 20F030D1E2990B80FA14A736E856DB41264EF59740F808D36C90FC13B9EE1CE19A8700

                        Control-flow Graph

                        APIs
                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE010DB
                          • Part of subcall function 00007FFB0BE06548: _get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB0BE065D1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func_get_stream_buffer_pointers
                        • String ID:
                        • API String ID: 340351158-0
                        • Opcode ID: 2e8e5081821b79435dd1658b56d32fbcebc965ae86a0f0e81a5eb99c63ac237f
                        • Instruction ID: 91db197ad6632aac9639204a716cba3f7479a8f752a6169f31dfc6d43891ed11
                        • Opcode Fuzzy Hash: 2e8e5081821b79435dd1658b56d32fbcebc965ae86a0f0e81a5eb99c63ac237f
                        • Instruction Fuzzy Hash: B1F030D1E2981B84FA10A776E859DB41268EF9D340F808D36C60FC63B5EE1CE1968704
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: 1d35b00c35a98ab058fed4f4bef5ab2fb8f0d4a4b468944a7633621926f127b7
                        • Instruction ID: f8c46f8fd2103ccddabdd46d8fc1f2b8d9237b068040d61d354f9d570f2305c8
                        • Opcode Fuzzy Hash: 1d35b00c35a98ab058fed4f4bef5ab2fb8f0d4a4b468944a7633621926f127b7
                        • Instruction Fuzzy Hash: 51D012A0E1940785E6047776DC46DB41261AF65300FD08E35D10FC13F9DD4CA1D64701
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: cfc353210d7d02bd6bced9108a1ba40b2e81a5bc21d5b59e2606496b4d45bc43
                        • Instruction ID: 49d21dbd95e05986f5baef17bf72c7bf54bdd50aacf7377383502bc77df2a89d
                        • Opcode Fuzzy Hash: cfc353210d7d02bd6bced9108a1ba40b2e81a5bc21d5b59e2606496b4d45bc43
                        • Instruction Fuzzy Hash: EED01790E2A50B81E6047736EC8AEB812A1AF65300FD08E36D50FC23FADD0CA1A64701
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: 9da9fc355a5f3b6beda7f392358c9a2955183952d8c293f7d35df9f87cabd433
                        • Instruction ID: 001eab700c795f67b6dae9a88d6267471d78b6985a6c9f67766ca24363d27664
                        • Opcode Fuzzy Hash: 9da9fc355a5f3b6beda7f392358c9a2955183952d8c293f7d35df9f87cabd433
                        • Instruction Fuzzy Hash: 6DD01294E1954B80E5147736DC56D7511A05F65300FE08E36D50FC13B5DD1CA1964701

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: 21b639434ade395d6604d4f4c620a8294269d5eb4c4a21e62d0485121e6edc99
                        • Instruction ID: b7b20dc5fc0f5553d8597ff93a74a4fe3ec92c6536b5b2345886ad8b72316ee6
                        • Opcode Fuzzy Hash: 21b639434ade395d6604d4f4c620a8294269d5eb4c4a21e62d0485121e6edc99
                        • Instruction Fuzzy Hash: CDD01290E5A40B81E5047736DC86E741160AF65300FD08E36D10FD13F5DD0C61964701

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: 391d95f110f9f445011d686482a259d513192f95c99723f7f1cc52ced84f9a72
                        • Instruction ID: 4b4175002a727d39bba35d2eae585eaf21f867fa4fc22c908baca74a54b6f6ce
                        • Opcode Fuzzy Hash: 391d95f110f9f445011d686482a259d513192f95c99723f7f1cc52ced84f9a72
                        • Instruction Fuzzy Hash: A7D05E90F1941BD1E6147736EC8AEB812A0AF65740FD08E36C50FC63BADD0CA1964701

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: ec5394e8f20e6d9ecce04b1cf86505ec519dd190b6ee23e96581f9535b9e524e
                        • Instruction ID: cd659e66b5a03a04dad5138de10484b6f468dd84c6de665f4980a65effb0290c
                        • Opcode Fuzzy Hash: ec5394e8f20e6d9ecce04b1cf86505ec519dd190b6ee23e96581f9535b9e524e
                        • Instruction Fuzzy Hash: 8BD05EA0F6A51B90EA187736DC86CB812906F65350FE08E36C60FC12B5DD1CE2D68701

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func
                        • String ID:
                        • API String ID: 711238415-0
                        • Opcode ID: 8ec03317db5d5c5e21083d7866dcd2d9e5ab0af6f2dd229ad4d2c1749d634ae6
                        • Instruction ID: 1bc8be55c4ed81a7175141abd00692d5674fa597581919968b6af71008eb8e67
                        • Opcode Fuzzy Hash: 8ec03317db5d5c5e21083d7866dcd2d9e5ab0af6f2dd229ad4d2c1749d634ae6
                        • Instruction Fuzzy Hash: B1D05E90F1981B91E6047736DC8AEB81291AF69740FE08E36C50FC13B6ED0CA1D64701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                        • API String ID: 2943138195-2884338863
                        • Opcode ID: f64a4e97f5348a15e7711178224ef2a62b14d0ac2241852784bafd071708001d
                        • Instruction ID: 74792cbc016287fda072b81b26a68b93798fe36e591980e6be29e6814d3bc1ab
                        • Opcode Fuzzy Hash: f64a4e97f5348a15e7711178224ef2a62b14d0ac2241852784bafd071708001d
                        • Instruction Fuzzy Hash: C79280F2918B8286E741CB24F488AEEB7B1FB85364F701135EA8D46A99DF7CD544CB40
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: CountTickstrlen
                        • String ID: $&$?$B$JK$V$^Yei$n
                        • API String ID: 3660211912-1551508650
                        • Opcode ID: 3be0aad8f727dad7ddcb6cdf6dac2c2b52efe2d7fceb4fb590b0d41d8696dc9d
                        • Instruction ID: f34f2b9c0d513aef3ab780ea30b3b3cd879ea2857f5717444e25644207a4f83a
                        • Opcode Fuzzy Hash: 3be0aad8f727dad7ddcb6cdf6dac2c2b52efe2d7fceb4fb590b0d41d8696dc9d
                        • Instruction Fuzzy Hash: 3773F6A6F6959696EB348B38D014FE87B50EB50718F958331C60B53EA0DF3DA646DB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturnmemmove$swprintf_s$malloc
                        • String ID: %$%.0Lf$+$0123456789-$0123456789-
                        • API String ID: 489585565-1072446943
                        • Opcode ID: 829b6131614930f5bf9e5c61d6deec7365db8931e930fef3804823b15190c27a
                        • Instruction ID: dce9f0edb15adb3008f910000a19a99a8975cda1f9e1c664133b88b660fc0538
                        • Opcode Fuzzy Hash: 829b6131614930f5bf9e5c61d6deec7365db8931e930fef3804823b15190c27a
                        • Instruction Fuzzy Hash: C392A3A2B08B8585EB10CBB5D4406BD73B1EB58B98F548A32DE5E57BA9DF3CD445C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memchr
                        • String ID: $0123456789-
                        • API String ID: 2740501399-700845222
                        • Opcode ID: 58e8ef30ca5ed9c663d8f8829c6919739000f24e1e0b325affba7be5e7a1c58c
                        • Instruction ID: c8f84c33263f1bcc63114d59a7c6d069c4346d37ca17478397b2a3135646243b
                        • Opcode Fuzzy Hash: 58e8ef30ca5ed9c663d8f8829c6919739000f24e1e0b325affba7be5e7a1c58c
                        • Instruction Fuzzy Hash: 3BE27BA3A08A8589EB108B29D458B7C27A1FB45F94F548935DB9F977B5CF3DE881C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$Strftime_errnomallocmemchrmemsetswprintf_s
                        • String ID: !%x$%.0Lf$0123456789-
                        • API String ID: 2857444262-778084515
                        • Opcode ID: 13262b3e072581eabae989270b766c915248f7a1e3e79eb9a11be9f5614460a3
                        • Instruction ID: 4aa543385f268dff22c4de589b579fc8beb02bfd537ea7fbc2b6844a7a9e1524
                        • Opcode Fuzzy Hash: 13262b3e072581eabae989270b766c915248f7a1e3e79eb9a11be9f5614460a3
                        • Instruction Fuzzy Hash: 4242CF63B08B8589EB00CB75D4446AC67B1FB58B98F548A32DE5E57BA9DF3CE485C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                        • String ID: 5x@GF8bD$H$R
                        • API String ID: 2665656946-1806121975
                        • Opcode ID: c2fb1fa210c928a332ef6c02584512a71534712d655c3b6c1d79d94b52c81d62
                        • Instruction ID: 694f5d88df3a3ddba5ce728ee0fa65659ce917c5e3b2b55e6fdc6d2989eb911c
                        • Opcode Fuzzy Hash: c2fb1fa210c928a332ef6c02584512a71534712d655c3b6c1d79d94b52c81d62
                        • Instruction Fuzzy Hash: 8BE239B2F6966A9ADB24CB38D400FBC6B51E750754F858339CA1B53FE0DB2DA506DB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memchr$_invalid_parameter_noinfo_noreturn$localeconv
                        • String ID: 0123456789ABCDEFabcdef-+XxPp$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday$gfffffff
                        • API String ID: 2141594249-2199853097
                        • Opcode ID: dc1c371d87d7c624ca9ffafd9ea0e3f8be63dd18cc70b55141d3a73f0ddd9329
                        • Instruction ID: 10eb0782369ddb06491d51eb612b32332ed678a0dc0c6d8e7047f10ed6ad93d8
                        • Opcode Fuzzy Hash: dc1c371d87d7c624ca9ffafd9ea0e3f8be63dd18cc70b55141d3a73f0ddd9329
                        • Instruction Fuzzy Hash: B1F2C3A2A2968589EF108F39C45077C37A1EB51B84F64CA31DA5F877B1CF2DE4A6D300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memchr$isdigit$localeconv
                        • String ID: 0$0123456789abcdefABCDEF
                        • API String ID: 1981154758-1185640306
                        • Opcode ID: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                        • Instruction ID: 7c81990841e2c6296e56cece2cd35ee6287e28b1f64b48c9b3638201e35be79a
                        • Opcode Fuzzy Hash: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                        • Instruction Fuzzy Hash: 8E9128A3A0819646EB258F34D814A7A7B91FB44F44F48D431EE8F877A5DA3CE806C741
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: isdigit$localeconv
                        • String ID: 0$0
                        • API String ID: 3674116420-203156872
                        • Opcode ID: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                        • Instruction ID: ca40b51f5897aa5c3f679a618f3b29b780f4db7f9ea483c0ca588c59c4bbe25e
                        • Opcode Fuzzy Hash: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                        • Instruction Fuzzy Hash: D58149B3A0868247E7114F35D814BBA7BE1BB90B88F44C434DE8B972A4DA3CE945DB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: iswdigit$btowclocaleconv
                        • String ID: 0
                        • API String ID: 240710166-4108050209
                        • Opcode ID: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                        • Instruction ID: edf1919470bd0e7cba4eab04aed653187c89387ca70d87f8fb7e4038a16864b2
                        • Opcode Fuzzy Hash: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                        • Instruction Fuzzy Hash: C58137B3A0854686E7218F35D854ABE73A1FF90F45F089535DACB862A5EF3CE885C700
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE21AC4
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE21ACB
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE21AD2
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE21AD9
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: $$+xv$0123456789-
                        • API String ID: 3668304517-2753741353
                        • Opcode ID: 43c951094311d39e1288189e6289ab4e9a56373377fe8fae1adf9ceeae353dbd
                        • Instruction ID: 3e19d15d639c639fe16ff09f5d2b9b2ea2c4fc2d5b047fb8e3310d8462b6cdaa
                        • Opcode Fuzzy Hash: 43c951094311d39e1288189e6289ab4e9a56373377fe8fae1adf9ceeae353dbd
                        • Instruction Fuzzy Hash: DBE29FA6A09A8689EB508F25D440A7D37A1FB48B84F54D832DE4F977B5CF3CE991C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361248172.00007FF7EF911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EF910000, based on PE: true
                        • Associated: 00000004.00000002.1361229508.00007FF7EF910000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361295545.00007FF7EF915000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361312456.00007FF7EF918000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ff7ef910000_update.jbxd
                        Similarity
                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                        • String ID:
                        • API String ID: 313767242-0
                        • Opcode ID: 2d9b79a834afad950490679e8bcf4318a3f3c3af12ec8e55edd14b747ab65e03
                        • Instruction ID: 453ee20fbcd01d448d6ebbc1d52af389d68345fc9d38892a679b860bbed909f7
                        • Opcode Fuzzy Hash: 2d9b79a834afad950490679e8bcf4318a3f3c3af12ec8e55edd14b747ab65e03
                        • Instruction Fuzzy Hash: 83311072608FC199EB60AF60E8407ED7364FB84744F85403ADA8E87B99DF38D558C721
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: iswdigit$localeconv
                        • String ID: 0$0$0$0123456789abcdefABCDEF
                        • API String ID: 2634821343-4215698122
                        • Opcode ID: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                        • Instruction ID: 9b0231bcf2ad620761a08ece25e139a5850d6fa940aa92fbce81c99d73255aa9
                        • Opcode Fuzzy Hash: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                        • Instruction Fuzzy Hash: 7081D4A3E1825686EB254B34D848A7E76A1FB54F44F04E531DECB876A5EA3CE8C1C740
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Process32U?$char_traits@_W@std@@@std@@$?flush@?$basic_ostream@?put@?$basic_ostream@_?widen@?$basic_ios@_CloseCreateD@std@@@std@@FirstHandleNextSnapshotToolhelp32U?$char_traits@V12@V12@__strdupfreestrstrtolowerwcstombs
                        • String ID:
                        • API String ID: 4166129133-0
                        • Opcode ID: 74feb66140d41a382903f7b6d7873dcae871415674107aa9450bdc45d6a03d04
                        • Instruction ID: 3bd91cb24c73959db3f4ee1e11409d16d80ff54b2a17a8e9e5aa4280971e567b
                        • Opcode Fuzzy Hash: 74feb66140d41a382903f7b6d7873dcae871415674107aa9450bdc45d6a03d04
                        • Instruction Fuzzy Hash: 93216BA5B0860281FA509B32F845ABAA354BF85BE4F44C631DE2F877B0DE7CD446CA04
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE20608
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE2060F
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE20616
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE2061D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: $0123456789-
                        • API String ID: 3668304517-700845222
                        • Opcode ID: 70a4c1ded7be6cdb4f46eb7c8aa2e4e7f16e3e13aef79ad0e3619d7603e651d1
                        • Instruction ID: 2f083671ee60d5b3af02b92e6835f0900c899e0794b64245bf5d3dc6bbfeeed6
                        • Opcode Fuzzy Hash: 70a4c1ded7be6cdb4f46eb7c8aa2e4e7f16e3e13aef79ad0e3619d7603e651d1
                        • Instruction Fuzzy Hash: F4E26AB2A19A8689EB508F25D450A7D37A1FB54B84F54D832DA4F877B5CF3CE891C380
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE336BF
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE33721
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE337A2
                          • Part of subcall function 00007FFB0BE11470: memmove.VCRUNTIME140(?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE114CB
                          • Part of subcall function 00007FFB0BE11470: memset.VCRUNTIME140(?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE114D8
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE33C71
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE33CB6
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE33CFB
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE33D7E
                          • Part of subcall function 00007FFB0BE38E40: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38E74
                          • Part of subcall function 00007FFB0BE38E40: ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38E7E
                          • Part of subcall function 00007FFB0BE38E40: memcmp.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38EA1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$___lc_collate_cp_func___lc_locale_name_funcmemcmpmemmovememset
                        • String ID:
                        • API String ID: 571273880-0
                        • Opcode ID: 9e3f3f4926985d9ca3ac704d6a63f2193c390538a08b54f68d0cfd8f5257f25b
                        • Instruction ID: 265aac36ea1f5240a75110d3bcdac0325e81c30a7e51464731de5398500c8b3e
                        • Opcode Fuzzy Hash: 9e3f3f4926985d9ca3ac704d6a63f2193c390538a08b54f68d0cfd8f5257f25b
                        • Instruction Fuzzy Hash: 4152C5A3F18B8586EB108B35D444ABD63A1FB54B98F448931DE8E57BA9DF3CE485C304
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Find$CloseFileFirst_invalid_parameter_noinfo_noreturnwcscpy_s
                        • String ID: .$.
                        • API String ID: 1484651601-3769392785
                        • Opcode ID: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                        • Instruction ID: f276c417e9b005337c60f423e447419056e250bd7113a5df3472504ded3718f7
                        • Opcode Fuzzy Hash: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                        • Instruction Fuzzy Hash: 9541F8A2A2874542EE209F75E444A7D63A0FB957A4F409731EAAE836E8DF7CD4C0C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$localeconv
                        • String ID: 0123456789ABCDEFabcdef-+XxPp$gfffffff
                        • API String ID: 1825414929-1108341528
                        • Opcode ID: e20a26eeea7fd70eeffa9f77b647b22febb444e4f3a1be1c3664ac66e35518f9
                        • Instruction ID: 0ac21ec179a58f2e7010d551ba827244f0318f485b5b7ccb2b226e6b92c6c023
                        • Opcode Fuzzy Hash: e20a26eeea7fd70eeffa9f77b647b22febb444e4f3a1be1c3664ac66e35518f9
                        • Instruction Fuzzy Hash: 54F2A0BAA0968685EB548F29D56097D37A0FB50B84BA4DC31DA5F877B1CF3DE852C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$localeconv
                        • String ID: 0123456789ABCDEFabcdef-+XxPp$gfffffff
                        • API String ID: 1825414929-1108341528
                        • Opcode ID: cfd63610dea766f3aae8cf7f635e2c662315f6103adfa22d4b10bc9b53735eb8
                        • Instruction ID: 62dba43f856a37c7e49f20868ea84206c23a08c6a155063da37e771aded83e5a
                        • Opcode Fuzzy Hash: cfd63610dea766f3aae8cf7f635e2c662315f6103adfa22d4b10bc9b53735eb8
                        • Instruction Fuzzy Hash: 84F27BB6A0968685EA548F29D15097D37A0FB55F84BA4DC31DA5F877B0CF3DE8A1C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memchr
                        • String ID: 0123456789ABCDEFabcdef-+Xx
                        • API String ID: 2740501399-2799312399
                        • Opcode ID: 7bbb1e5267778d512d392d86cc1910a7972d69f311492d6598cee773f81bbceb
                        • Instruction ID: 5d21e32046f6cde92d91d7ab9bc0f735bb8a33d54f53b7a51bd6423898a70227
                        • Opcode Fuzzy Hash: 7bbb1e5267778d512d392d86cc1910a7972d69f311492d6598cee773f81bbceb
                        • Instruction Fuzzy Hash: F98260A2A19A8588EF118FB9D85067C37A1EB51F98F54C931CE5F9B3B9CE2DD481C310
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE2522A
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE25290
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE25336
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE257F7
                          • Part of subcall function 00007FFB0BE2D264: memmove.VCRUNTIME140(?,?,?,?,?,00007FFB0BE156E6), ref: 00007FFB0BE2D2C8
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memmove
                        • String ID:
                        • API String ID: 15630516-0
                        • Opcode ID: 0722a07bd6bb0ee95c94887a1b8b54fe5a26a2a7308c2eb97daf19f60b59e903
                        • Instruction ID: e4b2f8e5a6f6f030cec22e8b19ba3b890b71b58b0815f4dcff56a34dbd4f3828
                        • Opcode Fuzzy Hash: 0722a07bd6bb0ee95c94887a1b8b54fe5a26a2a7308c2eb97daf19f60b59e903
                        • Instruction Fuzzy Hash: AE42B6A2A18B85C5EB10CF39D5409BD77A1FB68B94F509931EA8E437A9DF7CE580C340
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE2498A
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE249F0
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE24A96
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE24F57
                          • Part of subcall function 00007FFB0BE2D264: memmove.VCRUNTIME140(?,?,?,?,?,00007FFB0BE156E6), ref: 00007FFB0BE2D2C8
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memmove
                        • String ID:
                        • API String ID: 15630516-0
                        • Opcode ID: eef3bf30b5412cf2ab4ac8c92e631aff06f40f85fba392271fed9ebf399104a3
                        • Instruction ID: 5c44f67c9585d78994bf52091e509276251b6be8661c8bc63658e40d55ce22f9
                        • Opcode Fuzzy Hash: eef3bf30b5412cf2ab4ac8c92e631aff06f40f85fba392271fed9ebf399104a3
                        • Instruction Fuzzy Hash: F84283A2A18B8585EB108F39D440ABD7771FB58B98F509531EB8E43BA5DF3CE585C340
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE1AC67
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE1ACA5
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: 0123456789ABCDEFabcdef-+Xx
                        • API String ID: 3668304517-2799312399
                        • Opcode ID: 7012772ed967f4a0e0e43bbf0c4ca1fc133bf4597b73f2c5200ef25000851ffb
                        • Instruction ID: a9bae3d8ea7c3bc03e90d0fcf9b57f2a8ca3ffb7845d9d32e3ec99e9e0dc15f4
                        • Opcode Fuzzy Hash: 7012772ed967f4a0e0e43bbf0c4ca1fc133bf4597b73f2c5200ef25000851ffb
                        • Instruction Fuzzy Hash: 52827FB6A0A68589EB518F35D050A7C37A1EB40F88BA4E831DE5F977B5CE3DD842D310
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE1B787
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE1B7C5
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: 0123456789ABCDEFabcdef-+Xx
                        • API String ID: 3668304517-2799312399
                        • Opcode ID: 046958b3716cbb2e49a4ff9e5a99a20510d5dcd375a02a04a3b1523d8aba3246
                        • Instruction ID: bb32f77f8733b1ea208101c81c974dc5a20a03c6c618164ea77d596d57eee695
                        • Opcode Fuzzy Hash: 046958b3716cbb2e49a4ff9e5a99a20510d5dcd375a02a04a3b1523d8aba3246
                        • Instruction Fuzzy Hash: E2826DB6A09A41C9EB618F39C050A7C37A1EB54F88BA4D831DA4F977B5CE3DD852D310
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361248172.00007FF7EF911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EF910000, based on PE: true
                        • Associated: 00000004.00000002.1361229508.00007FF7EF910000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361295545.00007FF7EF915000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361312456.00007FF7EF918000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ff7ef910000_update.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: f644c42acbfd4f20a2e8aeeb83436ba6cfff338cf3936f006862593d7caf50e3
                        • Instruction ID: e7da5d09499cc5dcd65114a6a482b93a6fa40e77733a157479ade3c8e99fa475
                        • Opcode Fuzzy Hash: f644c42acbfd4f20a2e8aeeb83436ba6cfff338cf3936f006862593d7caf50e3
                        • Instruction Fuzzy Hash: C1114C22B14F418AEB00DF65E8443B873A4F759758F850E32DAADC7BA8DF38D1648351
                        APIs
                          • Part of subcall function 00007FFB0BE35E20: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFB0BE03956,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FFB0BE35E2F
                          • Part of subcall function 00007FFB0BE519FC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C08), ref: 00007FFB0BE51A16
                          • Part of subcall function 00007FFB0BE21D74: localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E108), ref: 00007FFB0BE21DB6
                        • _W_Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE236AC
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE236C1
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE236D8
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Gettnames_lock_localeslocaleconvmalloc
                        • String ID:
                        • API String ID: 2855664287-0
                        • Opcode ID: 0e4d6572549865836673f2b86405711eb97c2e8d61fc810d4e79705bebdc4a66
                        • Instruction ID: 6e08300995f22bd6815d775e812d444e63baa1c24226c6e4b6229cd909c11ac7
                        • Opcode Fuzzy Hash: 0e4d6572549865836673f2b86405711eb97c2e8d61fc810d4e79705bebdc4a66
                        • Instruction Fuzzy Hash: 2A82F8A1E09A4285EA569B31D990AB833E5BF68B80F44CC35DA4FD77B9DF3CE4419700
                        APIs
                          • Part of subcall function 00007FFB0BE35E20: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFB0BE03956,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FFB0BE35E2F
                          • Part of subcall function 00007FFB0BE519FC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C08), ref: 00007FFB0BE51A16
                          • Part of subcall function 00007FFB0BE21EBC: localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E2B8), ref: 00007FFB0BE21EFE
                          • Part of subcall function 00007FFB0BE21EBC: _Getvals.LIBCPMT ref: 00007FFB0BE21F3B
                        • _W_Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE2435C
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE24371
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F), ref: 00007FFB0BE24388
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$GettnamesGetvals_lock_localeslocaleconvmalloc
                        • String ID:
                        • API String ID: 4046447902-0
                        • Opcode ID: f2f3f1974034b632392e58382a41cee38905e9dda40b8f4f54091a765f7d7881
                        • Instruction ID: 56efefe29d44e98c899ca7e21419fe8846bb1e1bc33c5ddb20fac83751c7a129
                        • Opcode Fuzzy Hash: f2f3f1974034b632392e58382a41cee38905e9dda40b8f4f54091a765f7d7881
                        • Instruction Fuzzy Hash: F882F9B2A09E4295EB569B31D891AB833E1BF68780F58CC35DA4FD67B5DE3CE4418700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: FormatInfoLocaleMessage
                        • String ID: !x-sys-default-locale
                        • API String ID: 4235545615-2729719199
                        • Opcode ID: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                        • Instruction ID: eba430d1c366dc78cfbfe0cccfc5a4a9e49480800d8e4f0bb7f85692ddb93c0e
                        • Opcode Fuzzy Hash: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                        • Instruction Fuzzy Hash: E80188B2B0878682E7118B21F450FBA67A1FB98794F14C835DA4A97AB8CF3CD945C701
                        APIs
                          • Part of subcall function 00007FFB0BE30B70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE30C72
                          • Part of subcall function 00007FFB0BE35E20: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFB0BE03956,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FFB0BE35E2F
                        • _Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFB0BE0F637,?,?,?,?,?,?,?,00007FFB0BE0EFD7), ref: 00007FFB0BE333AD
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFB0BE0F637,?,?,?,?,?,?,?,00007FFB0BE0EFD7), ref: 00007FFB0BE333C2
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFB0BE0F637,?,?,?,?,?,?,?,00007FFB0BE0EFD7), ref: 00007FFB0BE333D0
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Gettnames_invalid_parameter_noinfo_noreturn_lock_locales
                        • String ID:
                        • API String ID: 962949324-0
                        • Opcode ID: f25dd3cee0831ed637a5f1edeb875f60e26aedcff1ec95318f3061ef880ce194
                        • Instruction ID: 4928d1fa4b21c90702840302a55c8a02da3e269452b48e0a704428e23308c18c
                        • Opcode Fuzzy Hash: f25dd3cee0831ed637a5f1edeb875f60e26aedcff1ec95318f3061ef880ce194
                        • Instruction Fuzzy Hash: C6322CA2E09A0285FA669B31D854EB827E1BF54B80F44CC35EA4FD77B5DE3CE4468344
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: ExitSleepWindowssystem
                        • String ID:
                        • API String ID: 3115885430-0
                        • Opcode ID: 3eef6b44d012a9c9887f9b66e6c106343d5facfd7f7b84c1613286bd6bd6dffb
                        • Instruction ID: 82f6d464d9f2dd862bcaa64a23cc71274554b69b7c878863f65f4febca61e0a5
                        • Opcode Fuzzy Hash: 3eef6b44d012a9c9887f9b66e6c106343d5facfd7f7b84c1613286bd6bd6dffb
                        • Instruction Fuzzy Hash: 21021AE2E5D58656D625CB38D504EBCBB62DBA0754B948231C60F43FE4DB7CAA0BD700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: CloseControlCreateDeviceFileHandle
                        • String ID:
                        • API String ID: 33631002-0
                        • Opcode ID: 7e4326d0cb8ab6165276b0dfc03d5ecc184c9d46b0946080999b3fa238a75c48
                        • Instruction ID: 8faf76a5aa641409393c635f1b50fc4137bc0a0a965bba7ca16f97fb4246298d
                        • Opcode Fuzzy Hash: 7e4326d0cb8ab6165276b0dfc03d5ecc184c9d46b0946080999b3fa238a75c48
                        • Instruction Fuzzy Hash: 3CA1F7B2A2E28586EB21CB24D540FE8BB51E791714F988235D75F47BA4CBBDD90AC700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 2170103895-0
                        • Opcode ID: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                        • Instruction ID: 9a2e78ff34889eba383dbc691dfb0ac6395f07ca873c64e5c059aee5668a9f14
                        • Opcode Fuzzy Hash: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                        • Instruction Fuzzy Hash: D6417CA2F14B4588FB008BB5D440AEC37B1FB58BA8F549635CE5E63AA9DF38D091C350
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: InfoLocale___lc_locale_name_func
                        • String ID:
                        • API String ID: 3366915261-0
                        • Opcode ID: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                        • Instruction ID: e46d2112c36059b562753d438d580e7d1b287d36ab987bf3e1f96e73713738bd
                        • Opcode Fuzzy Hash: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                        • Instruction Fuzzy Hash: 63F01CB2D2C582C6E3A85F38DA59F393260FB59701F54C936E64FC26B4CEACE5448741
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE16A5E
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3668304517-0
                        • Opcode ID: 94f092b16d2eb3a0eb609777faae6eb5c2aafffb1496bc8599bc75774d026947
                        • Instruction ID: 7c5967b5efd3f3375321a9ca7ed466e063359c0a7af9f9c4d7ebfec3e5da989c
                        • Opcode Fuzzy Hash: 94f092b16d2eb3a0eb609777faae6eb5c2aafffb1496bc8599bc75774d026947
                        • Instruction Fuzzy Hash: CAA18FB2F0969689EB108BB5D850ABC37A1BB55B98F64C835DE4F577B4DF28E481C300
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE16706
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3668304517-0
                        • Opcode ID: 6116495a999ca1ed43dc29054852b349c2c394fe869f6dfb99c9c0e5321e57bb
                        • Instruction ID: e96b8bfc22a608a6f81481c1e78ab8fb13778775f28cc99a646a8433fb8f2ed4
                        • Opcode Fuzzy Hash: 6116495a999ca1ed43dc29054852b349c2c394fe869f6dfb99c9c0e5321e57bb
                        • Instruction Fuzzy Hash: D8A1AFB2F086968AEB108B71D850ABC37A5BB55B98F64C835DE0E577B4DF38E481C310
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE163C7
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3668304517-0
                        • Opcode ID: 120d7cfc8fa4f40cd521fca7308292d94c36487774ba7b70247d37d38ea9f4b0
                        • Instruction ID: 591ef4635cfe02e1a7afea885d5b1406ebd71aff2ad6b24bd547bbbf0ed8d006
                        • Opcode Fuzzy Hash: 120d7cfc8fa4f40cd521fca7308292d94c36487774ba7b70247d37d38ea9f4b0
                        • Instruction Fuzzy Hash: 63A19CA2B086918AFB108B75D950ABD2BB1BB45B98F648C35CE5F577B9CF2CE445C300
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0BE0BAD7
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3668304517-0
                        • Opcode ID: 96f14b8dfb5a83fd7e9a6735aa4e397149ce2cdea82112965a7e9ab607ff54b2
                        • Instruction ID: 5acf834966390eb4d9476c314e6628fb20c81f0eb75fc46f22c3b4820eb8f287
                        • Opcode Fuzzy Hash: 96f14b8dfb5a83fd7e9a6735aa4e397149ce2cdea82112965a7e9ab607ff54b2
                        • Instruction Fuzzy Hash: 49A1B2A2A186918AFF108B75D590ABC3BB1FB05B98F548935CE5F977A5CF2CE485C300
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ac046979132c0f88e50248a467ad1b2a47680655422a3076e678b57358ebb0f7
                        • Instruction ID: 77ae1a4a453de6ce6ee2bb8b0045775fdd39dd5bd13b2a5d9ec7a55612f6bc68
                        • Opcode Fuzzy Hash: ac046979132c0f88e50248a467ad1b2a47680655422a3076e678b57358ebb0f7
                        • Instruction Fuzzy Hash: 07627AD1E1A24A42F818B276C116DBDA3966F347C0BA0D4B1E51FA77B7EC2DB90583C1
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7c70c991434da6a93303834a7e86fab48b6c3afaef482d9f699df1a86363286
                        • Instruction ID: 64145b49607059daeeb36a2b66fb9f000c2969998da912f3e26b0693e002ce10
                        • Opcode Fuzzy Hash: c7c70c991434da6a93303834a7e86fab48b6c3afaef482d9f699df1a86363286
                        • Instruction Fuzzy Hash: 6F62BAC1E0E24A46F818B375C116DBD929A6F247C0BA0D4B1E52FD77B7EC6EB9058381
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e27229f0e4035524d40feb70d8a6a10da3c40eb00ec479131169fc448a43a9f
                        • Instruction ID: a9d1e48f766a2a70dd315f34225789b60a806eef97537081def6b4dc21a78995
                        • Opcode Fuzzy Hash: 7e27229f0e4035524d40feb70d8a6a10da3c40eb00ec479131169fc448a43a9f
                        • Instruction Fuzzy Hash: C362CCC1E1E24A12FC58B375C216DBD92966F25BC0A94C4B1E51FDB3F7EC2EB9058281
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5040acebe792409f823ace1ca70d238e752c0fc6b24822a59eef389a7fee3ee
                        • Instruction ID: 75cda5d7814cd1172ce5735017f4f95a1aa9802d1fe6f378745303216c1f9f0f
                        • Opcode Fuzzy Hash: a5040acebe792409f823ace1ca70d238e752c0fc6b24822a59eef389a7fee3ee
                        • Instruction Fuzzy Hash: D17237B3A08A8585EB508F2AD494A7C37B0FB45F88F548931DA5E877A5DF3DE961C300
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _lock_locales
                        • String ID:
                        • API String ID: 3756862740-0
                        • Opcode ID: 38bc116a5126b1a1a03eb48840e0f56f9531bbce7f1c43e355d708362691d5fe
                        • Instruction ID: 1e8013577e4dd17bd7ba7c280af761c3004598c332f540e208246aab5775e0c8
                        • Opcode Fuzzy Hash: 38bc116a5126b1a1a03eb48840e0f56f9531bbce7f1c43e355d708362691d5fe
                        • Instruction Fuzzy Hash: 47E12AA1A19E0295FA569B35D850AB522E1FF64B80F94CC35DA4FC37B6DE3CE4928340
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361248172.00007FF7EF911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EF910000, based on PE: true
                        • Associated: 00000004.00000002.1361229508.00007FF7EF910000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361275935.00007FF7EF913000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361295545.00007FF7EF915000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000004.00000002.1361312456.00007FF7EF918000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ff7ef910000_update.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d2ecf55c7bbfb6065517c65784646209878225a384a8249563917ef633cf806c
                        • Instruction ID: 1fa6e18060109f3e61dd3518fda9b595b37dcc469e0721544d15c76ec8b50d87
                        • Opcode Fuzzy Hash: d2ecf55c7bbfb6065517c65784646209878225a384a8249563917ef633cf806c
                        • Instruction Fuzzy Hash: C8A00121A0CC8298EA09AB00A9506A0A230EB92705B820076C18EC18A89F3CA5158222
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                        • API String ID: 2943138195-1482988683
                        • Opcode ID: fe645fa0cf9fb8fb38c7106db32793c54410b780dee10ccae4a95b5c2ef7be77
                        • Instruction ID: 47183cd4c5960a3297ba9066dbd2ea9a59289f420b8530bce72aa4a8c5b73358
                        • Opcode Fuzzy Hash: fe645fa0cf9fb8fb38c7106db32793c54410b780dee10ccae4a95b5c2ef7be77
                        • Instruction Fuzzy Hash: 95024CF2A18F5688FB15CB78E8989FC27B2BB05364F744235DA0D16AA8DF39A505C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+$Replicator::operator[]
                        • String ID: `anonymous namespace'
                        • API String ID: 3863519203-3062148218
                        • Opcode ID: b6c8833087229f8ff0d58364892c90fb28097fc250b0c2ab6d56ce5395c29493
                        • Instruction ID: 96d145ae228b6932f975b288f2b890b9a407f339543adbf163f9c79b34d7503c
                        • Opcode Fuzzy Hash: b6c8833087229f8ff0d58364892c90fb28097fc250b0c2ab6d56ce5395c29493
                        • Instruction Fuzzy Hash: 93E146F2A08F8299EB118F34F4889E977B2FB457A8F604135EA4D17A65DF38E554C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: NameName::$Name::operator+atolswprintf_s
                        • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                        • API String ID: 2331677841-2441609178
                        • Opcode ID: 02cc3120799feeee523a6e31c5e8f77ede782e7b6fd9332275c3751b0d8d0444
                        • Instruction ID: bbf85c241d3d10ffbc41ee53db16edb6a6f519be84aa85b5c764146a87080df5
                        • Opcode Fuzzy Hash: 02cc3120799feeee523a6e31c5e8f77ede782e7b6fd9332275c3751b0d8d0444
                        • Instruction Fuzzy Hash: AEF17BE3E08F5294FB159B74E59C9FC27B2AF05764F340136CA4E26AA9DE3CA544C702
                        APIs
                        • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4642
                        • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4657
                        • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA466C
                        • ?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA46AD
                        • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA46CC
                        • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA46DF
                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA46EB
                        • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA472A
                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4739
                        • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4753
                        • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4766
                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA4772
                        • ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA47B6
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,00000000,?,?,?,2166333925707B38,00007FFB0BFA3F98), ref: 00007FFB0BFA47DF
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$?rdbuf@?$basic_ios@D@std@@@2@V?$basic_streambuf@$?fill@?$basic_ios@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?setstate@?$basic_ios@?sputn@?$basic_streambuf@
                        • String ID:
                        • API String ID: 4125389999-0
                        • Opcode ID: a781772613a6ccb750bfcdea0c630eb1f7341004f5509084be5b2e2f75b222fe
                        • Instruction ID: 267e472aeb3cb9365bbd7a8f07026806aa4845467dc7e6689612f68ff21bf6a3
                        • Opcode Fuzzy Hash: a781772613a6ccb750bfcdea0c630eb1f7341004f5509084be5b2e2f75b222fe
                        • Instruction Fuzzy Hash: DE512FA2A08A8682EB249F35E854AB96760FF91F85F14D871DA4FC7775CE7CD4068304
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID:
                        • API String ID: 2943138195-0
                        • Opcode ID: 876faa57ff79795a5c1059d9e9be40cf01e694a924f5e3fff1249e01cfdef333
                        • Instruction ID: fc240706e7211bcb41293c70b35e7d4081469f7f5eb2cc97986a64c43a53b9c6
                        • Opcode Fuzzy Hash: 876faa57ff79795a5c1059d9e9be40cf01e694a924f5e3fff1249e01cfdef333
                        • Instruction Fuzzy Hash: 0FF18AF2A08B869EE711DFB4E4995EC37B2AB0475CB604032EB4D67A99DF38D515C380
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString
                        • String ID:
                        • API String ID: 3420081407-0
                        • Opcode ID: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                        • Instruction ID: 400c2a96443abf38c389684eb7f425ad8cc5def30d8204b6761ea011a4a364c9
                        • Opcode Fuzzy Hash: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                        • Instruction Fuzzy Hash: 68A1D3A2A1878246EF318B35D448B7967D1EF44BA4F448A31DB6F867E4DF7CE4848310
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                        • String ID: csm$csm$csm
                        • API String ID: 4223619315-393685449
                        • Opcode ID: cfe6cce2b906701a9ac1d76f761d88fce5f408b5b6504f1d048e98039d5fa770
                        • Instruction ID: 5ef8f1448e384a26c01b85b80a0bd2cceddc4328f2642084c9d835b391324671
                        • Opcode Fuzzy Hash: cfe6cce2b906701a9ac1d76f761d88fce5f408b5b6504f1d048e98039d5fa770
                        • Instruction Fuzzy Hash: 64E15CF2A08B4186EB609B75E449AED77B5FB45BA8F300135EA8D57B59CF38E580C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Replicator::operator[]
                        • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                        • API String ID: 3676697650-3207858774
                        • Opcode ID: ffe630230d3b2de6161d53b0b22072a88b75348d547415f53f7225053af77ced
                        • Instruction ID: ad2be8067926517ce4259b024a5721e02b5c7147362a5643502d4618ccbe74e8
                        • Opcode Fuzzy Hash: ffe630230d3b2de6161d53b0b22072a88b75348d547415f53f7225053af77ced
                        • Instruction Fuzzy Hash: 16919AF2A08F4699FB519B30E448AF837B2AB49B68F744132DA4D036A5DF3CE505D760
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE1E90E), ref: 00007FFB0BE16E53
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE1E90E), ref: 00007FFB0BE16E73
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE16E8D
                        • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE1E90E), ref: 00007FFB0BE16E96
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE1E90E), ref: 00007FFB0BE16EB6
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE16ED0
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE16EE5
                          • Part of subcall function 00007FFB0BE04EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F12
                          • Part of subcall function 00007FFB0BE04EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F38
                          • Part of subcall function 00007FFB0BE04EF0: memmove.VCRUNTIME140(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F50
                        Strings
                        • :AM:am:PM:pm, xrefs: 00007FFB0BE16EDE
                        • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0BE16E7D
                        • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0BE16EC0
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                        • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                        • API String ID: 269533641-35662545
                        • Opcode ID: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                        • Instruction ID: 3adf64db28162f09ad9cb2727966a2992bcfa0f4977e801ecdd0d699106af010
                        • Opcode Fuzzy Hash: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                        • Instruction Fuzzy Hash: 28314FB2A14B8585EB00DF31D840AA977A5FB98F80F498935DB4E8376ADF3CE581C740
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ByteCharMultiStringWide$freemalloc$__strncnt
                        • String ID:
                        • API String ID: 1733283546-0
                        • Opcode ID: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                        • Instruction ID: fa49f4729f91d39a34c9956885da46afa7d23dd56a73b6e8cc61b3f805a9f9af
                        • Opcode Fuzzy Hash: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                        • Instruction Fuzzy Hash: DB8181B261874186EF218F21E444B6963E1FF54BA8F148A35EA5F97BE8DF3CD4858700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID:
                        • API String ID: 2943138195-0
                        • Opcode ID: 374c7b4445af7e25337ba4d0cee41d0a88a1d907b97d00518b00ac12b1785505
                        • Instruction ID: 6c62fa0391ef51238beaaca1ba97ac5b51b7e75c37d75b7155c7977f83197530
                        • Opcode Fuzzy Hash: 374c7b4445af7e25337ba4d0cee41d0a88a1d907b97d00518b00ac12b1785505
                        • Instruction Fuzzy Hash: 167138F2B04F469DEB11DF74E4599EC23B2EB04B9CB604431DA0D67A99DE38D619C390
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                        • Instruction ID: 424e3cd33aaec0d26a18ef0e95946b9bcd50daebe3296692a12d9a3dd5a524b2
                        • Opcode Fuzzy Hash: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                        • Instruction Fuzzy Hash: 8491A3A2A18A4685EF28CB25D451BB92761FB44F84F44C836DA4F877B5DF2DD846C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                        • API String ID: 2943138195-1464470183
                        • Opcode ID: 51d946b78c79f4e17bb7b1de47df1de08bef63135b59b13d9939b22af4cdf764
                        • Instruction ID: 5586079b81309a5f130eed98256df50333f976f01f5cab5c9c95411521b85377
                        • Opcode Fuzzy Hash: 51d946b78c79f4e17bb7b1de47df1de08bef63135b59b13d9939b22af4cdf764
                        • Instruction Fuzzy Hash: 4B514AF2E08F1689FB11CBB4F8899EC27B2BB04364F701135DA4D56A58DF39A556D700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setw$Xp_setn$Xp_addx$isspaceisxdigit
                        • String ID:
                        • API String ID: 2501290797-0
                        • Opcode ID: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                        • Instruction ID: 65f86c5373100228912c3836a88d51c3b34f62c25358ed0b697b15f15a6e15b7
                        • Opcode Fuzzy Hash: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                        • Instruction Fuzzy Hash: E06194A3F085169AF710DBB1C440DFD3761BB59B48F508935DE0EA7AA5DE3CE90A8700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setw$Xp_setn$Xp_addx$iswspaceiswxdigit
                        • String ID:
                        • API String ID: 3781602613-0
                        • Opcode ID: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                        • Instruction ID: aad1b5096cf8144b2837770e3ec6a1f7bc4b9db7fde62d62306fc6754b8d41d9
                        • Opcode Fuzzy Hash: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                        • Instruction Fuzzy Hash: C26194A7F085129AF710DBB2C4419FD3761BB58B48F508935DE0FA76A6DF38E50A8700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abort$AdjustPointermemcpy
                        • String ID:
                        • API String ID: 1935411290-0
                        • Opcode ID: aebe0f645d41f27a904c6eb73277e930433f088ab6010ad71299a227848cdf1b
                        • Instruction ID: b182d8c6ebef5051b507ef47b3b1b163d7aaeaf9a7845b620fdeec9384b1dcc2
                        • Opcode Fuzzy Hash: aebe0f645d41f27a904c6eb73277e930433f088ab6010ad71299a227848cdf1b
                        • Instruction Fuzzy Hash: 4E5153A1A0DE4281EA6DDB75D44473C62A7AFCCFA4F094679DACD06B9CEF2CE4419310
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                        • String ID: csm$csm$csm
                        • API String ID: 211107550-393685449
                        • Opcode ID: f08a6160a870c66b307bcb88c6cb9ab2db23fad1165b2d4216fdaba5ff46f998
                        • Instruction ID: 8f12955f99bc761edc9befe3cd879d54f460284b11db514195efd2c831c94e63
                        • Opcode Fuzzy Hash: f08a6160a870c66b307bcb88c6cb9ab2db23fad1165b2d4216fdaba5ff46f998
                        • Instruction Fuzzy Hash: BDE1D5B2908A818AE7159F75D4803BD37A2FB99768F150239DECD5775AEF38E481C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                        • String ID: csm$csm$csm
                        • API String ID: 211107550-393685449
                        • Opcode ID: 2d839ff92fc702e036e90624670e50b4b038d53a36dae6cd485ed0c05d9b95aa
                        • Instruction ID: afa2b6edac56bf0255f579339566c5da3b3b144b8255751f0138194c9ac9e253
                        • Opcode Fuzzy Hash: 2d839ff92fc702e036e90624670e50b4b038d53a36dae6cd485ed0c05d9b95aa
                        • Instruction Fuzzy Hash: 81E18FF2908B818AE7509F74E4896ED7BB2FB45B68F340135DA8C47655CF38E585CB00
                        APIs
                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE3892D
                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE389CB
                        • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE389DD
                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE38A18
                        • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE38A26
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FFB0BE1005B), ref: 00007FFB0BE38AA6
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memchrtolower$_errnoisspace
                        • String ID: 0$0123456789abcdefghijklmnopqrstuvwxyz
                        • API String ID: 3508154992-2692187688
                        • Opcode ID: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                        • Instruction ID: d094b62438f974fb4dedd91d2820c94d62bbd865d969c7684c62c35189c4b62e
                        • Opcode Fuzzy Hash: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                        • Instruction Fuzzy Hash: A3510893A0C6C645EB618F30D418B7967A07B45F90F48D931ED9F873A5DE3CA8438301
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                        • API String ID: 2943138195-2239912363
                        • Opcode ID: ea02cf8ce8bf4896aceb1c373d4fd9d14f74077d5493258d274ba5c53a618762
                        • Instruction ID: 0d35ed2fa860f9fb4d80ceac7783188962fbf08f3fea389b507957f9390b5d67
                        • Opcode Fuzzy Hash: ea02cf8ce8bf4896aceb1c373d4fd9d14f74077d5493258d274ba5c53a618762
                        • Instruction Fuzzy Hash: 105104F2E18F5588FB118B70F849AE836B2BB08768F744136DA4D12A95DF7CA1548714
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrow$std::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 1099746521-1866435925
                        • Opcode ID: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                        • Instruction ID: 8e002c6db083697ff260b258dbdcaad31cac77e62f5257a1a1ec2735883e1da7
                        • Opcode Fuzzy Hash: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                        • Instruction Fuzzy Hash: 3121AED1A2850699EE149B20E482FF91321EF94344F98CC35D64FC25BAEF2DEA99C341
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: AddressProc$HandleModule
                        • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                        • API String ID: 667068680-1247241052
                        • Opcode ID: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                        • Instruction ID: fdf97d9bf2242cbb84acad4df079bbd4b352ae2b7528e09c05cbc96c55875309
                        • Opcode Fuzzy Hash: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                        • Instruction Fuzzy Hash: 4EF062E4A09A0382EA049B71E854D6523A4BF58796FA4D935C81F87339EE7CA1998350
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                        • Instruction ID: b85f19a2f99b81e7003be11fb98c0f4beb1631d9db2dcc87acd0071b41c4e9af
                        • Opcode Fuzzy Hash: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                        • Instruction Fuzzy Hash: B1619FA2A09A4585EB68CF25D491BB92760FF84F84F44C836CA4F837B9CF2DE446C341
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                        • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                        • API String ID: 1852475696-928371585
                        • Opcode ID: 28c61b586168f291ea3da12388abcaf5ca085dd19308925c811ceb375cbad7b4
                        • Instruction ID: b303a0b85abc1bc93580005401aed3e8879c22f485ddb2a7bd50ad84ff2a65f2
                        • Opcode Fuzzy Hash: 28c61b586168f291ea3da12388abcaf5ca085dd19308925c811ceb375cbad7b4
                        • Instruction Fuzzy Hash: 6C5190E2609F4682EA60DB70F8A89F97372FB44BA4F704535DA4E07A65DE3CE105D700
                        APIs
                        • std::ios_base::failure::failure.LIBCPMT ref: 00007FFB0BE48B03
                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFB0BE3AB84), ref: 00007FFB0BE48B14
                        • std::ios_base::failure::failure.LIBCPMT ref: 00007FFB0BE48B57
                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFB0BE3AB84), ref: 00007FFB0BE48B68
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                        • Instruction ID: 50057404697dd454a03956bab457c5e76992a2944c412d1f424e3340900c8983
                        • Opcode Fuzzy Hash: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                        • Instruction Fuzzy Hash: 5E6192A2A08A4585EB68CF29D491BB92760FB84F84F44C936DA4F877B5DF7CD449C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memchrtolower$_errnoisspace
                        • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                        • API String ID: 3508154992-4256519037
                        • Opcode ID: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                        • Instruction ID: 765992a4fc6c8b764b6a6f4f47ed2adb8e14c5597d7e29085426f37d18b01bbc
                        • Opcode Fuzzy Hash: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                        • Instruction Fuzzy Hash: BA51D6A7A1C68646E7618A35D818B797B91BF94F94F488934ED9FC33A4DE3CE4428700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                        • Instruction ID: cf1ee885e69b381253a1730f4831e8019d60617f0b57dce65b561203852e2a61
                        • Opcode Fuzzy Hash: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                        • Instruction Fuzzy Hash: 6C5193A2A28A4685EF10CB39D480A6D7360FF84B85F64C931DA4E837B9DF3DD985C740
                        APIs
                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D89363D
                        • GetLastError.KERNEL32(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D89364B
                        • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D893664
                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D893676
                        • FreeLibrary.KERNEL32(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D8936BC
                        • GetProcAddress.KERNEL32(?,?,?,00007FFB1D893777,?,?,00000000,00007FFB1D8935A8,?,?,?,?,00007FFB1D893319), ref: 00007FFB1D8936C8
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                        • String ID: api-ms-
                        • API String ID: 916704608-2084034818
                        • Opcode ID: cf5019d4659be4cdeff9ec28b9b2da129224bb91f5b965e621d510b94666e210
                        • Instruction ID: 367f2e11855c17d10f7c6d42e2abe72669d6e1838cecc012bd440400249af3bf
                        • Opcode Fuzzy Hash: cf5019d4659be4cdeff9ec28b9b2da129224bb91f5b965e621d510b94666e210
                        • Instruction Fuzzy Hash: 1431D261B1AE0291EE2ADB22E8007762395BF8CBB0F595535DD9E07398FE3CE4498710
                        APIs
                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376BE1
                        • GetLastError.KERNEL32(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376BEF
                        • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376C08
                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376C1A
                        • FreeLibrary.KERNEL32(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376C60
                        • GetProcAddress.KERNEL32(?,?,?,00007FFB1C376D1B,?,?,00000000,00007FFB1C376B4C,?,?,?,?,00007FFB1C376885), ref: 00007FFB1C376C6C
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                        • String ID: api-ms-
                        • API String ID: 916704608-2084034818
                        • Opcode ID: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                        • Instruction ID: c4b2ae51b3bee6f88a9bebdfba34deaa4a120c23709f085d2e87bfb4fcad47fd
                        • Opcode Fuzzy Hash: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                        • Instruction Fuzzy Hash: 4C31ADE1A1AF4281EE21AB62F8589E473B6FB48BB0F790635DD1D4A390DF3CE1449344
                        APIs
                          • Part of subcall function 00007FFB0BFA4188: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFB0BFA41B4
                          • Part of subcall function 00007FFB0BFA4188: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFB0BFA41D8
                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FFB0BFA3F01
                        • ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FFB0BFA3F11
                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FFB0BFA3F2F
                        • ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z.MSVCP140 ref: 00007FFB0BFA3F61
                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FFB0BFA3FA2
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: U?$char_traits@$D@std@@@std@@$?seekg@?$basic_istream@V01@V12@_$??0?$basic_ios@??0?$basic_istream@??6?$basic_ostream@?read@?$basic_istream@?tellg@?$basic_istream@D@std@@@1@_Mbstatet@@@2@V01@@V12@V?$basic_streambuf@V?$fpos@
                        • String ID: Failed to open file$bin
                        • API String ID: 1211816364-2428805354
                        • Opcode ID: 9bebb527b3029ba476b1ebdfe56b22eaa755be2bfd26b6012e0c03359a0602d2
                        • Instruction ID: 6f7126e8748073df1c711c4cf0b052d819e2a3110c764a57ebb96e4be0810ce0
                        • Opcode Fuzzy Hash: 9bebb527b3029ba476b1ebdfe56b22eaa755be2bfd26b6012e0c03359a0602d2
                        • Instruction Fuzzy Hash: 093173E2A1858295DB24DB71E851BFD6361FB95744F408031E94F87A7ADEACD609C700
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE2FFB7
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE2FFD7
                        • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE2FFFA
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE3001A
                          • Part of subcall function 00007FFB0BE04EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F12
                          • Part of subcall function 00007FFB0BE04EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F38
                          • Part of subcall function 00007FFB0BE04EF0: memmove.VCRUNTIME140(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F50
                        Strings
                        • :AM:am:PM:pm, xrefs: 00007FFB0BE30042
                        • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0BE2FFE1
                        • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0BE30024
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                        • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                        • API String ID: 2607222871-35662545
                        • Opcode ID: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                        • Instruction ID: 8834a5f1ac0e59a1c1955e67314974433c32e7850cf7162a89880ec006f1d8fa
                        • Opcode Fuzzy Hash: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                        • Instruction Fuzzy Hash: 11317FA6A14B8585EB00DF31E840AA977A5FB98F80F498535DE4E9376ADF3CE181C740
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE16F52
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE16F72
                        • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE16F90
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE16FB0
                          • Part of subcall function 00007FFB0BE04F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04F99
                          • Part of subcall function 00007FFB0BE04F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FC8
                          • Part of subcall function 00007FFB0BE04F70: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FDF
                        Strings
                        • :AM:am:PM:pm, xrefs: 00007FFB0BE16FCA
                        • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFB0BE16FBA
                        • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0BE16F7C
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                        • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                        • API String ID: 2607222871-3743323925
                        • Opcode ID: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                        • Instruction ID: a73d3c91a626377c8f58321940f11787e9e2ccecf24ec135b2f41a46e30aef86
                        • Opcode Fuzzy Hash: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                        • Instruction Fuzzy Hash: 25213C62A05B4686EA10DF31E94066973B0FB58B80F449531DB4E83766DF7CE580C740
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort$AdjustPointer
                        • String ID:
                        • API String ID: 1501936508-0
                        • Opcode ID: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                        • Instruction ID: 33217a9ee230ceda8d13b18a958ed432433978174f32c28bd20b711c2cfa8252
                        • Opcode Fuzzy Hash: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                        • Instruction Fuzzy Hash: 1E516DE1A09F43C1EEA59F71E44CEB863B6AF04FA0B368539DA4D06785DE3DD4418750
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort$AdjustPointer
                        • String ID:
                        • API String ID: 1501936508-0
                        • Opcode ID: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                        • Instruction ID: 47bb70a5ec4691be300b4c98cba79f15e851c14969e072b0bd004607d4b0b22a
                        • Opcode Fuzzy Hash: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                        • Instruction Fuzzy Hash: CD51ACE2E09F42D1EA659B71F44CEF863B2AF45FA0B394035CA4D06795DE3EE4528710
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: U?$char_traits@$D@std@@@std@@$Tempmemcpy$??0?$basic_streambuf@??0ios_base@std@@??1ios_base@std@@?fail@ios_base@std@@?init@?$basic_ios@?write@?$basic_ostream@D@std@@@2@_FileNamePathV12@V?$basic_streambuf@strlen
                        • String ID:
                        • API String ID: 3953574764-0
                        • Opcode ID: 07d93f6f217778419ae1a04cec633c43303d1106759966e13a025eff051e6a06
                        • Instruction ID: ac0cfebb88eb2a71f45f775a551922a22798392c19c0944b0faa26d21987c28a
                        • Opcode Fuzzy Hash: 07d93f6f217778419ae1a04cec633c43303d1106759966e13a025eff051e6a06
                        • Instruction Fuzzy Hash: F051A3B2A14B8695EB308F31E854BE86360FB54794F448236CE5E97AE6DF78D285C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnmemsetstrcspn$localeconv
                        • String ID:
                        • API String ID: 4135771353-0
                        • Opcode ID: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                        • Instruction ID: 927465d6d42e93cdeab84ac70d0e6a7a702f83ce7c64919746cf75c2f2a184f2
                        • Opcode Fuzzy Hash: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                        • Instruction Fuzzy Hash: 5AF1AF62B28A8689FF018F75D440AAC6371FB58B88F548931DE5E977B9DE38E485C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: FileHeader_local_unwind
                        • String ID: MOC$RCC$csm$csm
                        • API String ID: 2627209546-1441736206
                        • Opcode ID: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                        • Instruction ID: e29efcb6109a1be9880091bd57b8050aa1c1cfe99bb9d9d3fd4708b61e79dd5a
                        • Opcode Fuzzy Hash: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                        • Instruction Fuzzy Hash: D15180E2909B4286EA649F35E049BFD26B2FF85BB4F340035DA4D562D5DF3CE4418A01
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: {for
                        • API String ID: 2943138195-864106941
                        • Opcode ID: 1d198ef7d00c42b7b5d6345a2de299b4b6d6df6816ee118919713e1a20d08d6c
                        • Instruction ID: 7c424bec6075efc0f968660d09b870094ccc6ed6e644bb014aa430944462dbad
                        • Opcode Fuzzy Hash: 1d198ef7d00c42b7b5d6345a2de299b4b6d6df6816ee118919713e1a20d08d6c
                        • Instruction Fuzzy Hash: E45157F2A08F85A9EB028F34E4487E823B2EB44768F608131EA4C17BA9DF7CD554C750
                        APIs
                        • memmove.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0DFD0
                        • memset.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0DFE0
                        • memmove.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0DFF5
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0E029
                        • memmove.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0E033
                        • memset.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0E043
                        • memmove.VCRUNTIME140(?,00000000,?,00007FFB0BE114FF,?,?,?,?,00000000,00007FFB0BE0B771), ref: 00007FFB0BE0E053
                          • Part of subcall function 00007FFB0BE519FC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C08), ref: 00007FFB0BE51A16
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memmove$memset$_invalid_parameter_noinfo_noreturnmalloc
                        • String ID:
                        • API String ID: 1468981775-0
                        • Opcode ID: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                        • Instruction ID: 052425776f78bf55955a1e4fc83e1a2a26dae9ad88852001369b3d3644546ee1
                        • Opcode Fuzzy Hash: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                        • Instruction Fuzzy Hash: 2741D7A1B1868185DE04DF76D504AB96351FB44BC4F54C932DF5F4BBA9DE3CE0828300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowsetvbufstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2924853686-1866435925
                        • Opcode ID: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                        • Instruction ID: 88d2b969c6bdd2cf8f94f53108eca630b033de320d3a218b27ddc2776062e5ee
                        • Opcode Fuzzy Hash: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                        • Instruction Fuzzy Hash: E64161B2A14B4696EB54CF34D440BA933B0FB18B88F649931DA4E877A5DF3CD5A4C740
                        APIs
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0BE22032
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE220AB
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE220C1
                        • _Getvals.LIBCPMT ref: 00007FFB0BE22166
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                        • String ID: false$true
                        • API String ID: 2626534690-2658103896
                        • Opcode ID: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                        • Instruction ID: 4bf394d69a0fdc9511a4c04347dbea40f16ce39eba68de1737a1abdc049fe175
                        • Opcode Fuzzy Hash: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                        • Instruction Fuzzy Hash: 35416972B08B8199E710CF74E4405ED33B1FB88748B409626EF4E67A69EF38D596C344
                        APIs
                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA07B0
                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA07D6
                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA07F8
                        • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA081E
                        • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA0845
                        • std::_Facet_Register.LIBCPMT ref: 00007FFB0BFA0859
                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,?,00007FFB0BFA0A38,?,?,?,?,2166333925707B38,?), ref: 00007FFB0BFA0877
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Lockit@std@@$??0_??1_$Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
                        • String ID:
                        • API String ID: 2592695469-0
                        • Opcode ID: efd7d7198deb53208aa820a203906280dd0841ab7db95c34dcaa91e290874071
                        • Instruction ID: 283bd18fc911a74ea66d250bb1d20fe98d893e54dde698ffea19467759171324
                        • Opcode Fuzzy Hash: efd7d7198deb53208aa820a203906280dd0841ab7db95c34dcaa91e290874071
                        • Instruction Fuzzy Hash: EE417AB6A04A0194FB158F75E940AAC6771FB98BA4F488671CE2E937E4CF38D496C340
                        APIs
                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC10
                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC36
                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC58
                        • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CC7E
                        • ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CCA5
                        • std::_Facet_Register.LIBCPMT ref: 00007FFB0BF4CCB9
                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,00000201,?,00007FFB0BF340AA,?,?,00007FFB0BF254B3), ref: 00007FFB0BF4CCD7
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Lockit@std@@$??0_??1_$Facet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@W@std@@std::_
                        • String ID:
                        • API String ID: 4282147145-0
                        • Opcode ID: 7d2a91df8e3b1f9b5228c6e76f2083b66941f0278b6541fa9c6a8a7ad93dd124
                        • Instruction ID: 4fc1a92422b4f8d9871e7f5609a8fb7d93c4b0b51e51fc1927a1869b7483a35e
                        • Opcode Fuzzy Hash: 7d2a91df8e3b1f9b5228c6e76f2083b66941f0278b6541fa9c6a8a7ad93dd124
                        • Instruction Fuzzy Hash: 77417CB6B05A4184EB158F31D980ABD27B1FB98BA4F588631CE2E937A4CF38D495C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: NameName::atol
                        • String ID: `template-parameter$void
                        • API String ID: 2130343216-4057429177
                        • Opcode ID: 99e8a3aeda194b23daaeb8e320394810a7e422b566c05f224998a45ae8f9928a
                        • Instruction ID: adf1b1c016d8b129d481fbb741f9162a795243d7ccabc16c4c0b3a74564fb879
                        • Opcode Fuzzy Hash: 99e8a3aeda194b23daaeb8e320394810a7e422b566c05f224998a45ae8f9928a
                        • Instruction Fuzzy Hash: FF414AE2B08F5688FB019BB0E8596EC23B2BB447A8F744235DE0D26A59DF789445C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+Replicator::operator[]
                        • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                        • API String ID: 1405650943-2211150622
                        • Opcode ID: 2d64ae1c8566e52113f7ea7f0519ec7cc2fdd75a0b800f0bfe5adc2fd519a96a
                        • Instruction ID: 3ef127a476dac21f879a12dfbed0d91dcb3081e2ab29d76373686c55036b7b85
                        • Opcode Fuzzy Hash: 2d64ae1c8566e52113f7ea7f0519ec7cc2fdd75a0b800f0bfe5adc2fd519a96a
                        • Instruction Fuzzy Hash: 2E4138F2A08F4688FB518B74E8486F837B2BB09368F744631DA4C227A5DF7CA541D702
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: char $int $long $short $unsigned
                        • API String ID: 2943138195-3894466517
                        • Opcode ID: d3dd5d4b7b7d9da7287822680feab4e52e9236e75075d12403fdf1d6dd1a2c6b
                        • Instruction ID: 5aa86e981b42893df7641ea31723e7bb9475e64832a60e7f0fe7bfd70d5f145d
                        • Opcode Fuzzy Hash: d3dd5d4b7b7d9da7287822680feab4e52e9236e75075d12403fdf1d6dd1a2c6b
                        • Instruction Fuzzy Hash: 9E3160F2E18F4589F7028BB8E849BF827B2BB05768F749135DA0C06A99DF3D9545C740
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32memsetwcscmp
                        • String ID:
                        • API String ID: 361602011-0
                        • Opcode ID: d85daa28f570e1069e87b1a4eb69b68c88aae9451c37ff8ce12254cc8de67927
                        • Instruction ID: 8af692d810bd116dbbc33229c505dce5eb71dbe79697753eda4674bc06b4afb8
                        • Opcode Fuzzy Hash: d85daa28f570e1069e87b1a4eb69b68c88aae9451c37ff8ce12254cc8de67927
                        • Instruction Fuzzy Hash: F60165E160D54282E7649B35E54867A73A0AF84BD4F44C270D56F876E4DFBCD548C700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Dunscale$_errno
                        • String ID:
                        • API String ID: 2900277114-0
                        • Opcode ID: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                        • Instruction ID: ed540c824af15d1cb59128547f2f3a85ac2903eabb2854aff098abc7b4bcfb2a
                        • Opcode Fuzzy Hash: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                        • Instruction Fuzzy Hash: 52A1E1A2D086A69AEB14DF36C5818BC7711FF5D784F54CA31EA0B926A4EF38B0959700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Dunscale$_errno
                        • String ID:
                        • API String ID: 2900277114-0
                        • Opcode ID: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                        • Instruction ID: cc8b63d0e0014e73bb319e13dff1a72e8977c9321608dc253726eeade77adb76
                        • Opcode Fuzzy Hash: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                        • Instruction Fuzzy Hash: A2A1D3D3D18E4A89D711CE34C984DBE3362FF55B94F50CA31EA4B965A5EF38E8928300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: fgetc
                        • String ID:
                        • API String ID: 2807381905-0
                        • Opcode ID: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                        • Instruction ID: 21dbedc5010e02d5a1a50311e3710118b60d7119a9e433636c5a7d3e0436628f
                        • Opcode Fuzzy Hash: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                        • Instruction Fuzzy Hash: 75816E77619A8189DF10CF39D4907AC33A0FB54B58F448A32EB5E87AAADF38D594C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                        • String ID:
                        • API String ID: 3490103321-0
                        • Opcode ID: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                        • Instruction ID: 6dd2c2003c022733591955f68670297c811ccc2486ff4318d11c1e20a61add19
                        • Opcode Fuzzy Hash: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                        • Instruction Fuzzy Hash: 5261C4A7B1C64282E711DE71E480DBE6760FB94B44F508932EE4F936A6DF7CD9468B00
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                        • String ID:
                        • API String ID: 3490103321-0
                        • Opcode ID: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                        • Instruction ID: 0be375f22d6a5dd80bfacb7655e79aedb12a0e81bc84b68ce7682187fa73fa40
                        • Opcode Fuzzy Hash: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                        • Instruction Fuzzy Hash: FF61F7A3B1C54296E711DF71E4449BE6720FB85B44F509932EE8F936A5DF3CD88A8B00
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                        • String ID:
                        • API String ID: 2908567333-0
                        • Opcode ID: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                        • Instruction ID: 33f9a26611bab4ca5926e9075ac79b5312b34201e8fabfac5f24b006f0576c8f
                        • Opcode Fuzzy Hash: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                        • Instruction Fuzzy Hash: 2261B5A3B1C94296EB119F71E4409BE6760FF85B44F508932FA4F936A5DE3CD8498700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                        • String ID:
                        • API String ID: 2908567333-0
                        • Opcode ID: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                        • Instruction ID: 28fcf359a7b2b63be3629e92683cf969913e47e2fb8ff0e7d039610dc0b5e574
                        • Opcode Fuzzy Hash: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                        • Instruction Fuzzy Hash: 3861C3A3B1C64296E7119E71E480DAE7721FB84B44F509932EE4F93AA5DE3CD9468B00
                        APIs
                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0BF24B24
                          • Part of subcall function 00007FFB0BF4CA50: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CA91
                          • Part of subcall function 00007FFB0BF4CA50: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CAB5
                          • Part of subcall function 00007FFB0BF4CA50: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FFB0BF24B46), ref: 00007FFB0BF4CAC5
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FFB0BF24BAA
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FFB0BF24C26
                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFB0BF24C78
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFB0BF24C7E
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFB0BF24C8B
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@_U?$char_traits@_W@std@@@std@@$?clear@?$basic_ios@?flush@?$basic_ostream@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@wcslen
                        • String ID:
                        • API String ID: 2917415390-0
                        • Opcode ID: 9e30ae6e10e201372754b3273e6dee0ed45e32e519ba762c3ff0450db198a0e1
                        • Instruction ID: 601058adaa3d451695dd7d7e43c3595178f626859b4298148a961180450892a9
                        • Opcode Fuzzy Hash: 9e30ae6e10e201372754b3273e6dee0ed45e32e519ba762c3ff0450db198a0e1
                        • Instruction Fuzzy Hash: 58518376B14A51C5EB50DB29D548A7C3BA0FB48B95F0A8626DF5E937A0DF38D442C310
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: FileHandle$CloseCreateInformation
                        • String ID:
                        • API String ID: 1240749428-0
                        • Opcode ID: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                        • Instruction ID: bf1e1f325893b76b36d4836a2d5512dcb5ba0d6c6f5d1712c2c54e16ed55a8f4
                        • Opcode Fuzzy Hash: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                        • Instruction Fuzzy Hash: EC41A272F146498AF710CF70D450BA923B1EB54798F409B35ED5E82AA8DE38E5958700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                        • String ID:
                        • API String ID: 184115430-0
                        • Opcode ID: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                        • Instruction ID: 98d0ee64f8ce180a9bf8f75d672d1ac4041f3c28e0c14379b8591910049b8fd3
                        • Opcode Fuzzy Hash: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                        • Instruction Fuzzy Hash: 2F41FCB6A1864286EB648F34D840A7A73A0FB54B54F608D35D74FC26B8DF3CE895CB11
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: File$Write$Readmemcpymemset
                        • String ID:
                        • API String ID: 371399112-0
                        • Opcode ID: 1562e6b768e377e0ab10b6865ececbd90df6fd96d43cc05d9452c77149f523be
                        • Instruction ID: d1a8cd144f90de2964373ece8f43ce42347708a2ab70c1e3209028ff8593d2c2
                        • Opcode Fuzzy Hash: 1562e6b768e377e0ab10b6865ececbd90df6fd96d43cc05d9452c77149f523be
                        • Instruction Fuzzy Hash: 804198B2A1864292E7508F21E554BAEB374FB84785F00C035F78E97AA4DFBCD595CB40
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                        • String ID:
                        • API String ID: 3741236498-0
                        • Opcode ID: 15fe56e746848034ceae3c74ae24cd98c02c43889dad90caa4cb656d1d360567
                        • Instruction ID: b80fd83ac38e9773833cdf2739933bb2e9ca0c534fd5784f52632015dcda1aa2
                        • Opcode Fuzzy Hash: 15fe56e746848034ceae3c74ae24cd98c02c43889dad90caa4cb656d1d360567
                        • Instruction Fuzzy Hash: FE31A1E2A19F9590EA118B35F8189A933B5BB48FF4BB54635DD2D03380EE3DD452D340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: File$Write$Readmemset
                        • String ID: xEHs
                        • API String ID: 4189786482-137559503
                        • Opcode ID: 2a5436eb506c980e1fc34a9fef9fec6666d0a87db67ffe0957de76c95b72064a
                        • Instruction ID: b86ef838683f82e2722449731c2a35b470150e29e6e08d17f2a0c6ca3e287024
                        • Opcode Fuzzy Hash: 2a5436eb506c980e1fc34a9fef9fec6666d0a87db67ffe0957de76c95b72064a
                        • Instruction Fuzzy Hash: C7E1E8A2E29592A2E764CF35D011FB96BA0EB51744F80C231D64F93AA4CF7DD686DB00
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32memsetwcscmp
                        • String ID:
                        • API String ID: 1263422760-0
                        • Opcode ID: 5c04be2f53fbfbcd9d16c4a12d10a2bb599b54139f1af2b8ac2b0b24da71b70f
                        • Instruction ID: 699b69b9599d95e00ab2b01d1a0cdaab36d56835f81f9f747bf5023a79c81b8a
                        • Opcode Fuzzy Hash: 5c04be2f53fbfbcd9d16c4a12d10a2bb599b54139f1af2b8ac2b0b24da71b70f
                        • Instruction Fuzzy Hash: 991182A1B0850282F6609772E918FB9A6557F86BE0F44C331DD6FD76E4CE7CE54AC200
                        APIs
                        • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE02F99
                        • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE02FAB
                        • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE02FBA
                        • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE03020
                        • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE0302E
                        • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FFB0BE060A6), ref: 00007FFB0BE03041
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                        • String ID:
                        • API String ID: 490008815-0
                        • Opcode ID: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                        • Instruction ID: 77e7b13d075516b29863405bab5c10573e90b81e72086b4c0be55682327aef25
                        • Opcode Fuzzy Hash: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                        • Instruction Fuzzy Hash: 3C215E62D19B8583E7018F38C50567833A0FBA9B49F15E620CF8E06226EF79F5D5C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abort$CallEncodePointerTranslator
                        • String ID: MOC$RCC
                        • API String ID: 2889003569-2084237596
                        • Opcode ID: 415b55739cfe6c816ee0bf64f3aa1c118a5f5bf48e41dc984f05d79a212aa231
                        • Instruction ID: bb686a24a0d8c523dd41312b96516445b17e6519657ee738a550d551db8b45f4
                        • Opcode Fuzzy Hash: 415b55739cfe6c816ee0bf64f3aa1c118a5f5bf48e41dc984f05d79a212aa231
                        • Instruction Fuzzy Hash: FC91A2B3A08B819AE715CF75D8803AD77B1FB89798F104229EA8D17759EF38D195C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort$CallEncodePointerTranslator
                        • String ID: MOC$RCC
                        • API String ID: 2889003569-2084237596
                        • Opcode ID: 8f0da28b834415bf94a2588a677a7c1d22b03c176692cab6c1aa6134d6a9ba6e
                        • Instruction ID: 50ab4167c0eb897d9e5815e3b64d3ec09adfd9dc082eafd9a21f46ba812cc2c5
                        • Opcode Fuzzy Hash: 8f0da28b834415bf94a2588a677a7c1d22b03c176692cab6c1aa6134d6a9ba6e
                        • Instruction Fuzzy Hash: 3F918DF3A08B958AE7509B75E8846ED7BB1F704BA8F30412AEA8D17754DF38D195CB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                        • API String ID: 2943138195-757766384
                        • Opcode ID: a4b8fa5738cb077c0dd1c715c93faa489c025e3a231d02453c6ff42b09dc2204
                        • Instruction ID: c542ca8aa8e66a52c9df8072ada25adab75cbd3a4af3105f7dbcc9d5bb9d1514
                        • Opcode Fuzzy Hash: a4b8fa5738cb077c0dd1c715c93faa489c025e3a231d02453c6ff42b09dc2204
                        • Instruction Fuzzy Hash: 577159F2A08F4684FB148F34F9588F866B2BB057A4F744635DA5D52AA9DF3CE150D380
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort$CallEncodePointerTranslator
                        • String ID: MOC$RCC
                        • API String ID: 2889003569-2084237596
                        • Opcode ID: 57666f04986205aaeb6cec4485343161f235cd4bd3cca67b34c3d672c94bd25f
                        • Instruction ID: e156ebeb48b6691c55a29a9f0df0d24a839119db7fe5259f744121cda218f650
                        • Opcode Fuzzy Hash: 57666f04986205aaeb6cec4485343161f235cd4bd3cca67b34c3d672c94bd25f
                        • Instruction Fuzzy Hash: 10616AB2A08B858AEB508F75E4857ED77B1FB49BA8F244225DE4D13B98DF38E055C700
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E2B8), ref: 00007FFB0BE21EFE
                          • Part of subcall function 00007FFB0BE0BCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD07
                          • Part of subcall function 00007FFB0BE0BCDC: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD23
                        • _Getvals.LIBCPMT ref: 00007FFB0BE21F3B
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                        • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                        • API String ID: 3031888307-3573081731
                        • Opcode ID: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                        • Instruction ID: 6ef7f5a9a1a6b9376aba11ff66444b3813b9831abf7079777b4a6400b067d2a3
                        • Opcode Fuzzy Hash: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                        • Instruction Fuzzy Hash: 034190B2A08B868BE724CB35C580B7D7BA0FB48B81F158625D75A93A51DF7CF561C700
                        APIs
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0BE221BE
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE22237
                        • _Maklocstr.LIBCPMT ref: 00007FFB0BE2224D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                        • String ID: false$true
                        • API String ID: 309754672-2658103896
                        • Opcode ID: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                        • Instruction ID: b58546c8db92f74a2b3769bd4b2371a7df05b56d87e539a1c91253f7b590293e
                        • Opcode Fuzzy Hash: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                        • Instruction Fuzzy Hash: D1416A63B18B4599E710CF70E4405ED33B0FB48B88B408526EE4E67B29EF38D5A5C344
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                        • Instruction ID: 28625ed967c65ce60e7ae7dcec913f1cfaafe80febdab51bf639c6db81fa089f
                        • Opcode Fuzzy Hash: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                        • Instruction Fuzzy Hash: 3E21AFA2A2864696EE149B34E541BA92360FB54784F448831E78F876B6EF3CE5E5C340
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: CloseHandle$CreateObjectProcessSingleWait
                        • String ID: h
                        • API String ID: 2059082233-2439710439
                        • Opcode ID: 257dd1af0ab200be9724a2baba51deef08535a2208485f0075472fe9b36c9178
                        • Instruction ID: 9773e6c6a6a9fa3cc28ee55d93b8f597879264e9598c6049b88be4833fba5452
                        • Opcode Fuzzy Hash: 257dd1af0ab200be9724a2baba51deef08535a2208485f0075472fe9b36c9178
                        • Instruction Fuzzy Hash: 56110A72908AC182E3258B28E455BEAB364FFD1754F109225EA8942A64EF7ED1D6CB40
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrowstd::ios_base::failure::failure
                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                        • API String ID: 2003779279-1866435925
                        • Opcode ID: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                        • Instruction ID: d27698529ce59875352899c78506f83d91a47451c36438ecbfe16ddc6fd982b4
                        • Opcode Fuzzy Hash: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                        • Instruction Fuzzy Hash: 71F0A2A1A2850686EE54CB20D841EE52321EB90744F948C31D24F865B9DF3DE586C381
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                        • String ID:
                        • API String ID: 1326169664-0
                        • Opcode ID: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                        • Instruction ID: ad67faa07c99cf1b41163094d36199c183e178c3e9c5569c15066628d80b5b55
                        • Opcode Fuzzy Hash: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                        • Instruction Fuzzy Hash: ECD16072B18B458AEB10CB75D540AAC73B1FB98B88F508936DE4E97B69DF38E445C340
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                        • String ID:
                        • API String ID: 1326169664-0
                        • Opcode ID: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                        • Instruction ID: 665dbfa7d8d976f7eb182555f3ef208dfe9bafce3dca99bf167dd87180f952a9
                        • Opcode Fuzzy Hash: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                        • Instruction Fuzzy Hash: 53D170B2B14B4586EB10CF75D540AAC23B1FB98B94F508936DE5E57768DF38E445C340
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: fgetwc
                        • String ID:
                        • API String ID: 2948136663-0
                        • Opcode ID: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                        • Instruction ID: 16f5883231ad5cfd9027e29dcf6182babae539090d06f205d8e48ce1ae2db396
                        • Opcode Fuzzy Hash: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                        • Instruction Fuzzy Hash: 96914BB3605A8199DB208F35C494AAC33B1FB58B48F559A32EA5E87BA8DF39D454C700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memmovememset$_invalid_parameter_noinfo_noreturnmalloc
                        • String ID:
                        • API String ID: 3042321802-0
                        • Opcode ID: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                        • Instruction ID: 2dc16018a224fa4c06a7288533170aa2d3b3b4591dcb80e5cf7425a83520d2f2
                        • Opcode Fuzzy Hash: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                        • Instruction Fuzzy Hash: 3831F8A1B1868681EE049B76D904B7A6355FB18BD4F54C931DF5E4BBAACE7CE0C28300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: NameName::$Name::operator+
                        • String ID:
                        • API String ID: 826178784-0
                        • Opcode ID: 1d3f62f49c0834609423dd0bd46333a683c0de2f358683d99f687fb4e9606eea
                        • Instruction ID: 0c53b2cae4940465e6b7fc1f014982fdbd6b05ee3962b8f1ffef872b9f0590b4
                        • Opcode Fuzzy Hash: 1d3f62f49c0834609423dd0bd46333a683c0de2f358683d99f687fb4e9606eea
                        • Instruction Fuzzy Hash: EF418CF2A08F4694E711CB70E8598F827B6BB15BA4B745031DA5D137A1DF39E412E300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: strstr$_strdupfreetolower
                        • String ID:
                        • API String ID: 2199777400-0
                        • Opcode ID: e3f29d522606988901fec7a11cee130deea1ef16aed4ab042a9d869c9b490bfe
                        • Instruction ID: 80b69c704e25678ed9711bd16d10729827489728a8e0b486fbd771bdf3e36f73
                        • Opcode Fuzzy Hash: e3f29d522606988901fec7a11cee130deea1ef16aed4ab042a9d869c9b490bfe
                        • Instruction Fuzzy Hash: CA21C6E2E0A50180FE544B32D5419B83792AF59BC0F48E431DF8F877A1DFACE8958300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ConditionSleepVariablesys_get_time$abort
                        • String ID:
                        • API String ID: 312482523-0
                        • Opcode ID: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                        • Instruction ID: 1649280ce6cdc42fe17734227fcb3384c514e0cbe4edc7a57f964c500ef504bf
                        • Opcode Fuzzy Hash: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                        • Instruction Fuzzy Hash: BF1190A2B0860652FA14A735E951EBA1350BF95BC4F90CC30EF1F83AB5DE2CE5058600
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ErrorFileHandleLast$CloseCreateInformation
                        • String ID:
                        • API String ID: 1345328482-0
                        • Opcode ID: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                        • Instruction ID: 6ce2f76d370cc4f3cc27db70270fef8cc8b926099fee999493ea37979c255f04
                        • Opcode Fuzzy Hash: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                        • Instruction Fuzzy Hash: E7019675B0874983E7009B66F904A1977F4FB94BA0F448631CB2A837B4DF78E855C700
                        APIs
                          • Part of subcall function 00007FFB0BE11820: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFB0BE04DCE,?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE1182F
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04DD7
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04DEB
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04DFF
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04E13
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04E27
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE05C6B), ref: 00007FFB0BE04E3B
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$setlocale
                        • String ID:
                        • API String ID: 294139027-0
                        • Opcode ID: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                        • Instruction ID: b6c1b8e95021bbe6474cc5a9c502d68a97f8d6b0d5b10287b791011a9db9e84d
                        • Opcode Fuzzy Hash: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                        • Instruction Fuzzy Hash: 0E11FEA2A1660589FF199F71D4A5B3863B0EF54F09F184934C60F891ACCF6CD8D4C380
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __acrt_iob_func$abortfputcfputs
                        • String ID:
                        • API String ID: 2697642930-0
                        • Opcode ID: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                        • Instruction ID: bba3de021b2393e263c2f6631fae0d469282da610f20a4e6ad283738e9c791b6
                        • Opcode Fuzzy Hash: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                        • Instruction Fuzzy Hash: D7E067A4A0860686E6082BB1FC1DF3D52A6EF6CB92F148838CA0F863B9DD2C64494711
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB0BF4C947,?,?,?,?,?,?,?), ref: 00007FFB0BF4C73F
                        • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FFB0BF4C75B
                          • Part of subcall function 00007FFB0BFA3778: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BFA3BD3,?,?,000002A7D9771040,00007FFB0BF4CCBE,?,?,?,?,?,00000000,?,00000201), ref: 00007FFB0BFA3792
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Xlength_error@std@@_invalid_parameter_noinfo_noreturnmalloc
                        • String ID: string too long
                        • API String ID: 2405436290-2556327735
                        • Opcode ID: 26626b7969afeb08db3de75da627d42987b67611fd77444364f93ade3f6cdda3
                        • Instruction ID: 4792d9c9528651e3454a01c8cd70d1d4e03d2a8677d3fb0149d7bbd9071319d6
                        • Opcode Fuzzy Hash: 26626b7969afeb08db3de75da627d42987b67611fd77444364f93ade3f6cdda3
                        • Instruction Fuzzy Hash: 3F6126A2F05A4591EA189B35E9806BD6770FB147A4F40D631DF6E53BE5DF38A4D2C300
                        APIs
                          • Part of subcall function 00007FFB1D8934FC: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFB1D891222), ref: 00007FFB1D89353C
                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1D89222F
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abort
                        • String ID: $csm$csm
                        • API String ID: 4206212132-1512788406
                        • Opcode ID: dfb13a1d0044ae19a6d4b53525c6503561b35a1894cc0a4fa4ff32093aa6b369
                        • Instruction ID: 6ac383ae772f644432452cd5335049f4b5f31ab13d75efff1bcbd80f2a06b4c9
                        • Opcode Fuzzy Hash: dfb13a1d0044ae19a6d4b53525c6503561b35a1894cc0a4fa4ff32093aa6b369
                        • Instruction Fuzzy Hash: E571C5B2A08A8186D7298F75D480779B7A2EB89FA5F844135DE8C17B9DEB3CD491C700
                        APIs
                          • Part of subcall function 00007FFB1C3769C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB1C3725CE), ref: 00007FFB1C3769CE
                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1C374407
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort
                        • String ID: $csm$csm
                        • API String ID: 4206212132-1512788406
                        • Opcode ID: 041b58f3de5196c69b124c2ba61789f4a272a12b531fce9fd61be4661d159c18
                        • Instruction ID: f4341bc52c43ff9583bf1ee2de3b204b7862f26e1c92515fed6bcceea4d7cd70
                        • Opcode Fuzzy Hash: 041b58f3de5196c69b124c2ba61789f4a272a12b531fce9fd61be4661d159c18
                        • Instruction Fuzzy Hash: 72718FF2508B9186D7608B35E048AB97BB2FB04BA8F348135DB4D47A95CF3CE461DB01
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnmemcpystrlen
                        • String ID: 92?;%;=W
                        • API String ID: 2181439248-3283404351
                        • Opcode ID: 0ad4da3389a4be4b58b87c9c0405b05da280af5bc17041fc8c28cb3268ec75a0
                        • Instruction ID: 8543976c9f985c4b12ea221a5729e461cf9d8b3127d045f594f33551aa09fef3
                        • Opcode Fuzzy Hash: 0ad4da3389a4be4b58b87c9c0405b05da280af5bc17041fc8c28cb3268ec75a0
                        • Instruction Fuzzy Hash: B351D4A3F1D652A0FB108B74D904AFC6361BB55BA4F80D631CA0ED7AA5EF6CA5D18340
                        APIs
                          • Part of subcall function 00007FFB1C3769C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB1C3725CE), ref: 00007FFB1C3769CE
                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1C374157
                        • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFB1C374167
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Frameabort$EmptyHandler3::StateUnwind
                        • String ID: csm$csm
                        • API String ID: 4108983575-3733052814
                        • Opcode ID: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                        • Instruction ID: f9ca7c8281eb5af9c72e26377da5e7fb717c76e0177a91acdf023b45894f11da
                        • Opcode Fuzzy Hash: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                        • Instruction Fuzzy Hash: C55162F2908B8286EA649B31E4487E876B2FB55BA4F344135DA5C47B95CF3CF460CB01
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: CurrentImageNonwritableUnwind
                        • String ID: csm$f
                        • API String ID: 451473138-629598281
                        • Opcode ID: 85b5fcb7b97597723a806be8e626fa0e1197ae9fcad6cd090af730aec85bac0a
                        • Instruction ID: b7ef2cb151cf15cc0c436f514bfaeb7cc14722992221966eb4e97e2459093eb0
                        • Opcode Fuzzy Hash: 85b5fcb7b97597723a806be8e626fa0e1197ae9fcad6cd090af730aec85bac0a
                        • Instruction Fuzzy Hash: 2B518DB6A19B0286DB14DB25F448EAD37B6FB48BA8F708130DA1E47748DF78E841C744
                        APIs
                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0BE37992), ref: 00007FFB0BE3857C
                        • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0BE37992), ref: 00007FFB0BE385D8
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: isspaceisxdigit
                        • String ID: (
                        • API String ID: 2593999819-3887548279
                        • Opcode ID: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                        • Instruction ID: 11859e4ddcfc38f4d861584423ee3e98f769a638e364e890c52634b54424d575
                        • Opcode Fuzzy Hash: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                        • Instruction Fuzzy Hash: 5341E79390C2C245FB644F30D468AB96B91BF15F80F09D830DBDA872A5DE2EE846C711
                        APIs
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0BE39A82), ref: 00007FFB0BE3A475
                        • iswxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0BE39A82), ref: 00007FFB0BE3A4E0
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: iswspaceiswxdigit
                        • String ID: (
                        • API String ID: 1229460652-3887548279
                        • Opcode ID: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                        • Instruction ID: 6ed39e551246aedeb9926c32347f4bb325cfc5352c41724a2fdba50691984f8b
                        • Opcode Fuzzy Hash: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                        • Instruction Fuzzy Hash: 3A4190A7A0415380EB649F31D4096BD72E0FB10F84B48D832DACA871A8EF3DE8C19610
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Exception$RaiseThrowabort
                        • String ID: csm
                        • API String ID: 3758033050-1018135373
                        • Opcode ID: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                        • Instruction ID: 3664bcf5e589b9f69a94d1511a0ef6cc13fd18dfd4be07abdb224021d0934f2b
                        • Opcode Fuzzy Hash: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                        • Instruction Fuzzy Hash: CB518C62914B8986EB20CF38C4506A833A0FB98B58F15D726DB5E477A6EF38E5D5C300
                        APIs
                        • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0BE0F0C4
                        • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0BE0F0D6
                        • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0BE0F15B
                          • Part of subcall function 00007FFB0BE04EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F12
                          • Part of subcall function 00007FFB0BE04EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F38
                          • Part of subcall function 00007FFB0BE04EF0: memmove.VCRUNTIME140(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F50
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: setlocale$freemallocmemmove
                        • String ID: bad locale name
                        • API String ID: 4085402405-1405518554
                        • Opcode ID: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                        • Instruction ID: 7fb3a30c5661c9a426da408808248f871f20333aabdc359c5f1312f9943b01a6
                        • Opcode Fuzzy Hash: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                        • Instruction Fuzzy Hash: E031C7A2F1864241FF658B35D44097962A1EF94BC0F58C435DA4FC77A9DE7CE8D18340
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE30F78), ref: 00007FFB0BE32AF6
                          • Part of subcall function 00007FFB0BE0BCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD07
                          • Part of subcall function 00007FFB0BE0BCDC: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD23
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                        • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                        • API String ID: 462457024-3573081731
                        • Opcode ID: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                        • Instruction ID: 8cb61181230f30a7277ceb58bda7f890f236911945def0c8c15ee95eaf1bc220
                        • Opcode Fuzzy Hash: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                        • Instruction Fuzzy Hash: B641AEB3A08B858BE764CF31D594B6D7BA0FB54B41F048629C78A83A61DB6CF4A1C700
                        APIs
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFB0BE1E108), ref: 00007FFB0BE21DB6
                          • Part of subcall function 00007FFB0BE0BCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD07
                          • Part of subcall function 00007FFB0BE0BCDC: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE2FFF6,?,?,?,?,?,?,?,?,00000000,00007FFB0BE3113E), ref: 00007FFB0BE0BD23
                          • Part of subcall function 00007FFB0BE16C8C: _Maklocstr.LIBCPMT ref: 00007FFB0BE16CBC
                          • Part of subcall function 00007FFB0BE16C8C: _Maklocstr.LIBCPMT ref: 00007FFB0BE16CDB
                          • Part of subcall function 00007FFB0BE16C8C: _Maklocstr.LIBCPMT ref: 00007FFB0BE16CFA
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                        • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                        • API String ID: 2504686060-3573081731
                        • Opcode ID: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                        • Instruction ID: 8b585fce2f417b15717ba3db201690ab6d60e87d9f96b87ee1361208b17af0a8
                        • Opcode Fuzzy Hash: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                        • Instruction Fuzzy Hash: A941AFB2A08B859BE724CF31C590B7D7BA0FB58B81F058625C74A93A61DF78F565C700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: NameName::
                        • String ID: %lf
                        • API String ID: 1333004437-2891890143
                        • Opcode ID: 5a7c290a84f6e8b1167a4a77f7bfc329acb267dd37a995d028402671466fb2be
                        • Instruction ID: 77c4a2f9b336abda77621a04849c7bc034dec1d92e5c039e059a32771e908b0c
                        • Opcode Fuzzy Hash: 5a7c290a84f6e8b1167a4a77f7bfc329acb267dd37a995d028402671466fb2be
                        • Instruction Fuzzy Hash: 0E31B2E1A08F4645E6119B31F8598F9B3B2BF59BA0B744235EA4E47791DE3CE1428704
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: FileFindNext$wcscpy_s
                        • String ID: .
                        • API String ID: 544952861-248832578
                        • Opcode ID: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                        • Instruction ID: aa91172192be6547a6efb409f18add26362b8c539b4240c5e5065aa52fa885f8
                        • Opcode Fuzzy Hash: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                        • Instruction Fuzzy Hash: 872187A2A2C74686EE709F35E805B7973A0FB54794F449531DA4EC36A4DF3CD4858B40
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrow$std::ios_base::failure::failure
                        • String ID: ios_base::badbit set
                        • API String ID: 1099746521-3882152299
                        • Opcode ID: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                        • Instruction ID: a1b012ea408d374f7e171a452e33892fddb9e4951084a75111d1b7ae8db403da
                        • Opcode Fuzzy Hash: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                        • Instruction Fuzzy Hash: AE01F2D1E3860649FE18A635D481FB91312EF80344F14CC31D60F869BADE3DE586D280
                        APIs
                          • Part of subcall function 00007FFB1D8934FC: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFB1D891222), ref: 00007FFB1D89353C
                        • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1D8912A6
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abortterminate
                        • String ID: MOC$RCC$csm
                        • API String ID: 661698970-2671469338
                        • Opcode ID: 959f04728602a81433a0b6c3a82064beabd568bdef91fbca2d9194c842358ce4
                        • Instruction ID: e57cfe07ac032390fd7801bf0209d80b5b3e4ed9b24ba6c4767c5c8bd24fa6bd
                        • Opcode Fuzzy Hash: 959f04728602a81433a0b6c3a82064beabd568bdef91fbca2d9194c842358ce4
                        • Instruction Fuzzy Hash: 9BF0C875908E06C2D718AF70E54166C32A5EFCCB60F096175D7884335ADF3CD890C700
                        APIs
                          • Part of subcall function 00007FFB1C3769C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB1C3725CE), ref: 00007FFB1C3769CE
                        • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1C37266E
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abortterminate
                        • String ID: MOC$RCC$csm
                        • API String ID: 661698970-2671469338
                        • Opcode ID: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                        • Instruction ID: 2d9b5d4e875ddfa03f1466ed51d727799fdeb9bab308a55dfe216f69995621a3
                        • Opcode Fuzzy Hash: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                        • Instruction Fuzzy Hash: 51F08CF2908B06C1E7505B70F1884A832B1EB49B64F395171CB4802256CF7DD490DA40
                        APIs
                          • Part of subcall function 00007FFB0BFA3778: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BFA3BD3,?,?,000002A7D9771040,00007FFB0BF4CCBE,?,?,?,?,?,00000000,?,00000201), ref: 00007FFB0BFA3792
                        • memcpy.VCRUNTIME140 ref: 00007FFB0BF362FD
                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0BF3666C
                        • memcpy.VCRUNTIME140 ref: 00007FFB0BF36699
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: memcpy$mallocstrlen
                        • String ID: 92?;%;=W
                        • API String ID: 2479879881-3283404351
                        • Opcode ID: 0ad261dc0c57c5e42a74b22cedea360fe3779e034ffdd13642957861467ff078
                        • Instruction ID: 8871b589d2c46a0412989f585121be7d3f8da30c7356b1b79e6c2570ce852637
                        • Opcode Fuzzy Hash: 0ad261dc0c57c5e42a74b22cedea360fe3779e034ffdd13642957861467ff078
                        • Instruction Fuzzy Hash: 7DF13AE7F6D592B2EB208F38D504EFC6B61BB15B94B948330C61B83EA4DB2C65479300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID:
                        • API String ID: 2943138195-0
                        • Opcode ID: f8e503547d28693e7c2caa01b602f421454b5c59d39c80ab22d5e562bf931295
                        • Instruction ID: bc12fde53c6c03549722b84ff1ac6431b8663d128f9428ec191a5540b67c3f3d
                        • Opcode Fuzzy Hash: f8e503547d28693e7c2caa01b602f421454b5c59d39c80ab22d5e562bf931295
                        • Instruction Fuzzy Hash: EA9167F2E08B5288F7118BB0E849BEC27B2BB04768F745135DA4D276A5DF7CA846D340
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                        • Instruction ID: ae589b62331486347e7ac341a2ece2f163857c785b286719e54688731cd99407
                        • Opcode Fuzzy Hash: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                        • Instruction Fuzzy Hash: 545108A3F18A458AF7108B75D410AFC6371EB58798F508A35DE5EA7AA9DE38E481C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                        • Instruction ID: 563b8cb97b4c8179b78a1b63505e3af36f5cb56ba1cef3e40407c8ea39cd0823
                        • Opcode Fuzzy Hash: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                        • Instruction Fuzzy Hash: 845109A2F18A458AF7108B74D400AFD6371EB54798F10CA35DE5EA76B9DF3CE1818300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                        • Instruction ID: b9bd6bf39ec574142dbbc09d1bfef2d7265724e2b550d9a4dd8e6aa4802f7d4e
                        • Opcode Fuzzy Hash: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                        • Instruction Fuzzy Hash: 32511963F18A458AFB108B74D800BFD63B1EF58798F108A35DE5EA77A8DE28E145C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                        • Instruction ID: 6ca095b50c9045754cc5a05cd5b4dae5a5aa62ad420725dd42e678bf20536512
                        • Opcode Fuzzy Hash: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                        • Instruction Fuzzy Hash: 8B5138A2F18A458AF7108B75D441AFC73B1EF58798F049A31DE5EA7AA8DF38E045C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                        • Instruction ID: 28eccef51969afcb9f5d11a5b9b146b853a45b62498c00a12bd53caf0c19d76f
                        • Opcode Fuzzy Hash: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                        • Instruction Fuzzy Hash: 0E51F8A2F18A458AF7148B75D451AFC63B1EF5C798F048B35DE5EA7AA8DF28E441C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                        • String ID:
                        • API String ID: 2079887105-0
                        • Opcode ID: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                        • Instruction ID: e841c12c8534e4c35071e325063f7cfebca9f6b601bdbfa1a0764ce8eb1e63d8
                        • Opcode Fuzzy Hash: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                        • Instruction Fuzzy Hash: E451F8A2F18A458AF7108B75D440AFC63B1EB58798F109A35DE5EA7BA8DF38E445C200
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+$NameName::
                        • String ID:
                        • API String ID: 168861036-0
                        • Opcode ID: 096c067aeb964192ba966c7c35baf04cde4b320096b69fd5cc1f53e0d293a66c
                        • Instruction ID: e422e55f8ba9a9721fccb6f7897a89586b48b104a26847be45f8c8210cf79b32
                        • Opcode Fuzzy Hash: 096c067aeb964192ba966c7c35baf04cde4b320096b69fd5cc1f53e0d293a66c
                        • Instruction Fuzzy Hash: 115177F2A18F5A88EB118F70E84ABEC37B2BB45B64F745131DA0D17695DF38A452D700
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 2016347663-0
                        • Opcode ID: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                        • Instruction ID: 92081a7da268d0dc4e1d6e7d5dcc765d11bb0d17239dd81a3852de695bd0e47c
                        • Opcode Fuzzy Hash: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                        • Instruction Fuzzy Hash: F841D2B5B0865691EA149B36E104A796355EB08FE4F648E31DE7E47BF9EE7CE0428300
                        APIs
                        • ??0ios_base@std@@IEAA@XZ.MSVCP140 ref: 00007FFB0BF9B99E
                        • ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140 ref: 00007FFB0BF9BA22
                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFB0BF9BA4B
                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFB0BF9BB02
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?clear@?$basic_ios@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
                        • String ID:
                        • API String ID: 1990788069-0
                        • Opcode ID: 739f3b714321b28593b837de2aa39100d12a1b4e9693b420d25f45f04d899269
                        • Instruction ID: 0e302f81aeee4c20a93499f971c1195184ee9f7b804df3a36a1627f7d8d0b37d
                        • Opcode Fuzzy Hash: 739f3b714321b28593b837de2aa39100d12a1b4e9693b420d25f45f04d899269
                        • Instruction Fuzzy Hash: CF512676611F8585DB00CF29E884BAD77A4FB58B58F66C62ACA6D43370EF39C196C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: Xp_movx$Xp_setw_errnoldexpmemmove
                        • String ID:
                        • API String ID: 2295688418-0
                        • Opcode ID: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                        • Instruction ID: db624770f760b7d37e8271883563436336ebd322df98f1c3eb340baa749217c6
                        • Opcode Fuzzy Hash: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                        • Instruction Fuzzy Hash: 8241A6A2A1CA5586F6119B39D441EB97360BF8C740F54CA31EE4F977B9DF3CE5068600
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                        • String ID:
                        • API String ID: 2234106055-0
                        • Opcode ID: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                        • Instruction ID: 83aa2228c33dabf8e6e53ed0c19d0cad6d23322a5a81a2bb15a8cac79d475b99
                        • Opcode Fuzzy Hash: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                        • Instruction Fuzzy Hash: 5C31E8A2A1C74181FB118F25E45077D6A91FB98B81F188835DA8F877A9DF3CE484C704
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                        • String ID:
                        • API String ID: 3857474680-0
                        • Opcode ID: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                        • Instruction ID: 30a57184532781d03ce9f16e7dfd765cbcac175de69ad3deb5f111fbaf10dfad
                        • Opcode Fuzzy Hash: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                        • Instruction Fuzzy Hash: E7311AB2A1C74141FB118B25E45077D7A91EF98B81F188835DA8F877A8DE7CE4C4C704
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+$Replicator::operator[]
                        • String ID:
                        • API String ID: 3863519203-0
                        • Opcode ID: 208b778abe9c40dc360d596873b711c1b4c9531dde43fa8ad9a0283702b0b82e
                        • Instruction ID: 0795764c0ab744f5c17a541c047e186e9919370551d48be659950aae2973675e
                        • Opcode Fuzzy Hash: 208b778abe9c40dc360d596873b711c1b4c9531dde43fa8ad9a0283702b0b82e
                        • Instruction Fuzzy Hash: AB4153F2A04B9589EB028F78E8487EC3BB2BB48B68F748425CA4D57769DF789441C750
                        APIs
                        • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,00000000,?,?,?,00007FFB0BE2CFD4), ref: 00007FFB0BE39827
                        • memmove.VCRUNTIME140(?,00000000,?,?,?,00007FFB0BE2CFD4), ref: 00007FFB0BE3984B
                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFB0BE2CFD4), ref: 00007FFB0BE39858
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFB0BE2CFD4), ref: 00007FFB0BE398CB
                          • Part of subcall function 00007FFB0BE02E70: wcsnlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0BE02E9A
                          • Part of subcall function 00007FFB0BE02E70: LCMapStringEx.KERNEL32 ref: 00007FFB0BE02EDE
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: String___lc_locale_name_funcfreemallocmemmovewcsnlen
                        • String ID:
                        • API String ID: 1076354707-0
                        • Opcode ID: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                        • Instruction ID: efe4805271644f2ed5ca3d5d5f66ddcf54120205485201778c735b3448c58378
                        • Opcode Fuzzy Hash: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                        • Instruction Fuzzy Hash: 2C21E8A6B0869185EA209F22E40496AA790FB94FE4F588A31DE5F577B5DF7CE0428700
                        APIs
                        • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38E74
                        • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38E7E
                          • Part of subcall function 00007FFB0BE02740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0BE02786
                          • Part of subcall function 00007FFB0BE02740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0BE027AB
                          • Part of subcall function 00007FFB0BE02740: GetCPInfo.KERNEL32 ref: 00007FFB0BE027EB
                        • memcmp.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38EA1
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFB0BE33DBB), ref: 00007FFB0BE38EDF
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                        • String ID:
                        • API String ID: 3421985146-0
                        • Opcode ID: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                        • Instruction ID: 660177cec0862ac569d4d330ab46c01e5a78d18228e2a339a8ba06afd153eb40
                        • Opcode Fuzzy Hash: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                        • Instruction Fuzzy Hash: 77219572A1874286E7108F36D844529B794FB94FD0F498535EA5E93BA4CF3CE8018704
                        APIs
                        • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                        • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                        • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                        • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                        • String ID:
                        • API String ID: 3203701943-0
                        • Opcode ID: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                        • Instruction ID: 117c42c64648dd200dad3453639b9dd15b6e8f80a5d83cac3eac295d564ac167
                        • Opcode Fuzzy Hash: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                        • Instruction Fuzzy Hash: B001E5E2E1474186DB059F7AD414938B7A0FB68F84B14C635D94F87628DB7CE0828700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: malloc
                        • String ID: MOC$RCC$csm
                        • API String ID: 2803490479-2671469338
                        • Opcode ID: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                        • Instruction ID: b63180ab95610a3415e1d2dd1a032a25728d9c905106ff0683ba2f4237a66472
                        • Opcode Fuzzy Hash: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                        • Instruction Fuzzy Hash: 4301B5A1E1820186EF655E31D158A7C63E1EF59B88F58D431CB0F876A9CE2CE4C18607
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: 7cd6a416b24dbc5e49de2362387c8759ef165b1766214851de74db2a672abbf1
                        • Instruction ID: 0438822f285df522ca6e03f5b6b27706512d23f6618c1d20f3badd56c54ff717
                        • Opcode Fuzzy Hash: 7cd6a416b24dbc5e49de2362387c8759ef165b1766214851de74db2a672abbf1
                        • Instruction Fuzzy Hash: B2111F62B14F0189EB008F70E8553B833A4FB5D768F440D31DAAD46758EF7CE1688380
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: 45c0d435f10f91d8f2172058805b4e3405f5ffe10102bb18ef7bac981fdd4318
                        • Instruction ID: 0b62b0b804850db2a552d60d755fbbe3a3daaa26f169484550ad6cc00b1048b2
                        • Opcode Fuzzy Hash: 45c0d435f10f91d8f2172058805b4e3405f5ffe10102bb18ef7bac981fdd4318
                        • Instruction Fuzzy Hash: BE111C72B14B018AEB008B70E854AB833B4F759758F445E31EA6EC77A8EF7CD1A48340
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: a30b212504c3ea6b2c4515981d1649eccb2ffc9a0f80d390e0ca8da10d082644
                        • Instruction ID: b7ac9fbbdc0c6ecaf517aee6cc66abe402f9d0597519d9beb7bd47a7f2ce540f
                        • Opcode Fuzzy Hash: a30b212504c3ea6b2c4515981d1649eccb2ffc9a0f80d390e0ca8da10d082644
                        • Instruction Fuzzy Hash: 09111CE2B14F4189EB008BB0E8596F833B4F759768F640E31DA6D467A8DF78D1989344
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                        • Instruction ID: 6430ed2124ce394767a89139231c1372d53fd82792333d1523a6325b50d593f7
                        • Opcode Fuzzy Hash: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                        • Instruction Fuzzy Hash: 1A113062B14F0289EB00CF70E8546B833A4FB19B58F441E35EA6E877A8DF78E1558340
                        APIs
                        • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FFB0BF4C75B
                        • memcpy.VCRUNTIME140 ref: 00007FFB0BF4C8E3
                          • Part of subcall function 00007FFB0BFA3778: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BFA3BD3,?,?,000002A7D9771040,00007FFB0BF4CCBE,?,?,?,?,?,00000000,?,00000201), ref: 00007FFB0BFA3792
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: Xlength_error@std@@mallocmemcpy
                        • String ID: string too long
                        • API String ID: 1871349122-2556327735
                        • Opcode ID: 078c041976cf557d4d53c348a6c0b004fee8c7093f01fab557d43a84b4375bf8
                        • Instruction ID: 46a2504c0b1fbcd199661de2d2ce97948c294db02f0ab881ca70852f64278847
                        • Opcode Fuzzy Hash: 078c041976cf557d4d53c348a6c0b004fee8c7093f01fab557d43a84b4375bf8
                        • Instruction Fuzzy Hash: 424124A2F06A15A1EA149B21E8819AD6774FB147B4F009331EE6E43BE4DF3890A2C300
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: rand_s
                        • String ID: invalid random_device value
                        • API String ID: 863162693-3926945683
                        • Opcode ID: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                        • Instruction ID: c62159c4c22b965c82d76710b6b3ee938a054631f5006c555f88132487b86862
                        • Opcode Fuzzy Hash: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                        • Instruction Fuzzy Hash: 4051D0D3D18A8685F2539B34C455DBA73A0BF15BC4F14CF32E55FB65B5DF28A8928200
                        APIs
                          • Part of subcall function 00007FFB1D8934FC: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFB1D891222), ref: 00007FFB1D89353C
                        • _CreateFrameInfo.LIBVCRUNTIME ref: 00007FFB1D8926B6
                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1D892714
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: abort$CreateFrameInfo
                        • String ID: csm
                        • API String ID: 2697087660-1018135373
                        • Opcode ID: 38db9c11bde365fe9e894775720f0754f8382e2c52f7966776c48f209a7017e6
                        • Instruction ID: a2fd23f66591896762aac9246a7e29b174f39a34c3d86990fdb84347d977e762
                        • Opcode Fuzzy Hash: 38db9c11bde365fe9e894775720f0754f8382e2c52f7966776c48f209a7017e6
                        • Instruction Fuzzy Hash: BA513CB6618B8196D624AB25E44176E77A5FBCCBA0F141134EBCD07B5AEF3CE461CB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: abort$CreateFrameInfo
                        • String ID: csm
                        • API String ID: 2697087660-1018135373
                        • Opcode ID: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                        • Instruction ID: c23b9d6d098e25e8c80b6e8871393be200cbfc5ba49d414fa61fe234b451c7c7
                        • Opcode Fuzzy Hash: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                        • Instruction Fuzzy Hash: C4512AB2618B4186E660AB36F0486AE77F5FB89BA0F300535EB8D07B55DF39E454CB00
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                        • Instruction ID: 89538d21373e41e0a1cf43b620a5b5ea0173f162ca94f34d95349ce10df33593
                        • Opcode Fuzzy Hash: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                        • Instruction Fuzzy Hash: 8021F292A0CBC486E7218B21E4017EEB791EB99784F58C435EB8D47BA9DF7CD448C701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                        • Instruction ID: ab9caf716bb5d4bf1ea68f7e4f47934c070a71a4cca9ff5b1f0ef7ec27c002a9
                        • Opcode Fuzzy Hash: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                        • Instruction Fuzzy Hash: 3C31E56260C7C185E7219725E451BEAAB51EB9A784F548435EB8D47BA6CF3CD048C701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                        • Instruction ID: 18946381b344294d05fcc93b8e9d2182ace43bf57f7ad31381daec71eaea85db
                        • Opcode Fuzzy Hash: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                        • Instruction Fuzzy Hash: B031E36260C7C189EB218B25E4507EAAB51EB99784F58C835EB8D47BA6CF3CD449C701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                        • Instruction ID: 36eb90d720b31548d0284ef7d60fa3cbd6200792cb592815e7b061a1146974ff
                        • Opcode Fuzzy Hash: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                        • Instruction Fuzzy Hash: 7621E192A0CBC486E7218721E4007EAB7A1EB99784F58C435EF8D47BA9DF7CD048C701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                        • Instruction ID: 5367648c3343223c07e24263f4c46931080d5fc5905168b7cc346f18689d8727
                        • Opcode Fuzzy Hash: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                        • Instruction Fuzzy Hash: 1A21F86360CBC485E7218769E4007EEB761EB99784F68C031EA8D53B99DF7CD446C741
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                        • Instruction ID: fedcb4c3355812c5a58c7ae55cc5fdbf13371fede324558aed114cf1b689fe4d
                        • Opcode Fuzzy Hash: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                        • Instruction Fuzzy Hash: 3221D66360C7C485E7218725E8017EEB7A1EBA9784F58C031EA8D47B99DF7CD446C741
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                        • Instruction ID: 7dacbf0924f47ec3ec2d0701a4b99af749f100705ab627b90e24f47e35aeb66b
                        • Opcode Fuzzy Hash: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                        • Instruction Fuzzy Hash: F421E663A0C7C585E7218764E4407EAB761E799784F28C435EACD53BAACF3CD445C741
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                        • Instruction ID: 62715060452a3c20d5483c261d9a820791f9dbee3a56e4b534f1be66918e7bd9
                        • Opcode Fuzzy Hash: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                        • Instruction Fuzzy Hash: 8021F56360C7C589F7219724E4407EAB7A1E799784F288531EACD47BAACF3CC446CB50
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: swprintf_s
                        • String ID: %$+
                        • API String ID: 3896565401-2626897407
                        • Opcode ID: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                        • Instruction ID: 82f88e1f6e19040e7bb5010b510210946eb1982d7bd51df8ab384f42b784646b
                        • Opcode Fuzzy Hash: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                        • Instruction Fuzzy Hash: D721076360C7C585E7218B35E8007EAB7A1EBA9788F58C031EA8D43BA9DF7CD446C701
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: Name::operator+
                        • String ID: void$void
                        • API String ID: 2943138195-3746155364
                        • Opcode ID: 8ff03fe2419e3974eeb67dfb792afb4a9b9cae7aa7e23c2e8fbe84b60f38a0b9
                        • Instruction ID: 1dda573771321f9025d9067a0337cfa8495c87de4a7d66ffc19cb1daba682e22
                        • Opcode Fuzzy Hash: 8ff03fe2419e3974eeb67dfb792afb4a9b9cae7aa7e23c2e8fbe84b60f38a0b9
                        • Instruction Fuzzy Hash: C53125F2E18F5988FB018BB0E8498EC37B1BB48758B640636EA4E62B59DF389144C754
                        APIs
                        • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFB0BE0E864), ref: 00007FFB0BE0E9A4
                          • Part of subcall function 00007FFB0BE39900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39920
                          • Part of subcall function 00007FFB0BE39900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39928
                          • Part of subcall function 00007FFB0BE39900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE39931
                          • Part of subcall function 00007FFB0BE39900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFB0BE061A3), ref: 00007FFB0BE3994D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                        • String ID: false$true
                        • API String ID: 2502581279-2658103896
                        • Opcode ID: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                        • Instruction ID: 4a4101ee3f0362dc45a1abb002308ff4c11d70db1fd0836b398688f63d8c9799
                        • Opcode Fuzzy Hash: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                        • Instruction Fuzzy Hash: E621B1A6918B4581EB20DF30E0407AA77A0FB9CB98F458932DA8E47369CF3CD591C780
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: FileHeader$ExceptionRaise
                        • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                        • API String ID: 3685223789-3176238549
                        • Opcode ID: 1336bfc7bd71620dddb987db4d102eb14b6a352524fa12ffdcc3c0e48972cdbe
                        • Instruction ID: 5b8fe09076b4c00910d4de1e7ff658dc8cc0dfc4147e08e405ccfb225e3fbf7e
                        • Opcode Fuzzy Hash: 1336bfc7bd71620dddb987db4d102eb14b6a352524fa12ffdcc3c0e48972cdbe
                        • Instruction Fuzzy Hash: 61015EE1A19F4691EE409B60F8689F87372FF807A4F705135E64E06A65EF7CE508D700
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: ExceptionFileHeaderRaise
                        • String ID: csm
                        • API String ID: 2573137834-1018135373
                        • Opcode ID: 773630a601210f53501a9ddf254d547572cffa7b210bb5d13eb4ac83e88bb2ad
                        • Instruction ID: 228d57ae81b3c90a5b72b89895cc15680a593ad28e2e5d1f2151b5dce90e3de4
                        • Opcode Fuzzy Hash: 773630a601210f53501a9ddf254d547572cffa7b210bb5d13eb4ac83e88bb2ad
                        • Instruction Fuzzy Hash: DC113A72608B8182EB248B25E44026977A6FBC8BA4F584231DECD07B68EF3CD5518B40
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: ExceptionFileHeaderRaise
                        • String ID: csm
                        • API String ID: 2573137834-1018135373
                        • Opcode ID: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                        • Instruction ID: 978fa7cf69069ee410fb34a9fb5ce6e4e46e392bd7941a5e5debfb68114a6038
                        • Opcode Fuzzy Hash: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                        • Instruction Fuzzy Hash: 93113DB2608F8182EB108F25F4546A977B6FB88B94F784231DE8C07768DF3DD5558B40
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361477459.00007FFB0BF21000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFB0BF20000, based on PE: true
                        • Associated: 00000004.00000002.1361459451.00007FFB0BF20000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361545381.00007FFB0BFB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC4000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361567850.00007FFB0BFC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361613626.00007FFB0BFCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                        • Associated: 00000004.00000002.1361631868.00007FFB0BFCF000.00000002.00000001.01000000.00000005.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0bf20000_update.jbxd
                        Similarity
                        • API ID: ExceptionThrow__std_exception_copy
                        • String ID: bad array new length
                        • API String ID: 1552479455-1242854226
                        • Opcode ID: f3820f1b80bde5f778f5aad804d389af6f6def4e05f02526a6862dfecc3bb5b6
                        • Instruction ID: 45f75e680d656de2e6f83a95bf7cad02cc29790d07314e929fb175c32a58843b
                        • Opcode Fuzzy Hash: f3820f1b80bde5f778f5aad804d389af6f6def4e05f02526a6862dfecc3bb5b6
                        • Instruction Fuzzy Hash: 41F01DA1A15B4295DA10AB24F880AE57364EB68714F90D232D98D87730EF3CD296C700
                        APIs
                          • Part of subcall function 00007FFB1C37F040: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFB1C37F100
                          • Part of subcall function 00007FFB1C37F040: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFB1C37EE05), ref: 00007FFB1C37F14F
                          • Part of subcall function 00007FFB1C3769C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB1C3725CE), ref: 00007FFB1C3769CE
                        • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB1C37EE2A
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: CurrentImageNonwritableUnwindabortterminate
                        • String ID: csm$f
                        • API String ID: 4189928240-629598281
                        • Opcode ID: fb015faef4bf75acf24bdce02b26b27ea635390a237ea967a8c643fc2c3390a7
                        • Instruction ID: 0aaedea98ffa050be601973d3a6f228012801569a76c63e640511be6dc981c29
                        • Opcode Fuzzy Hash: fb015faef4bf75acf24bdce02b26b27ea635390a237ea967a8c643fc2c3390a7
                        • Instruction Fuzzy Hash: 38E065F1D08B4281E7606B71F1885BD36B6AF0AB74F349434DA8806646CF3DD490C641
                        APIs
                        • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0BE0644D
                          • Part of subcall function 00007FFB0BE04EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F12
                          • Part of subcall function 00007FFB0BE04EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F38
                          • Part of subcall function 00007FFB0BE04EF0: memmove.VCRUNTIME140(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F50
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0BE0646A
                        Strings
                        • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0BE06475
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Getmonthsmallocmemmove
                        • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                        • API String ID: 794196016-4232081075
                        • Opcode ID: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                        • Instruction ID: c8d6b92529df7df51a9f54f751d26699823e811554bff721c1eacd9995d0ec63
                        • Opcode Fuzzy Hash: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                        • Instruction Fuzzy Hash: 04E06DA2A29A4181EF048F31E585B6963B0EF18B84F448434DA0E467B9DF3CD8E5C380
                        APIs
                        • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0BE063DD
                          • Part of subcall function 00007FFB0BE04EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F12
                          • Part of subcall function 00007FFB0BE04EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F38
                          • Part of subcall function 00007FFB0BE04EF0: memmove.VCRUNTIME140(?,?,?,00007FFB0BE117E4,?,?,?,00007FFB0BE0454B,?,?,?,00007FFB0BE05C41), ref: 00007FFB0BE04F50
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0BE063FA
                        Strings
                        • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0BE06405
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Getdaysmallocmemmove
                        • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                        • API String ID: 2126063425-3283725177
                        • Opcode ID: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                        • Instruction ID: dbfb12deb5b50379f6155ee0ec78f158b84e91ca97b0755714782b8d11b8581f
                        • Opcode Fuzzy Hash: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                        • Instruction Fuzzy Hash: C1E06D62618B8181EF008F21E584B69A3A0EF04B84F48C431DA0E8A7A9DF3CD8D5C750
                        APIs
                        • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0BE06B5D
                          • Part of subcall function 00007FFB0BE04F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04F99
                          • Part of subcall function 00007FFB0BE04F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FC8
                          • Part of subcall function 00007FFB0BE04F70: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FDF
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0BE06B7A
                        Strings
                        • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFB0BE06B85
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Getmonthsmallocmemmove
                        • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                        • API String ID: 794196016-2030377133
                        • Opcode ID: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                        • Instruction ID: f70a76d67b78eb74717aaa748e3c9f7563d7aa4c3ac80bbea909e3da4335f63c
                        • Opcode Fuzzy Hash: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                        • Instruction Fuzzy Hash: BCE06D61619A4189EF409B31F584B7963B4EF04BD4F449431DA0F46368DF3CD8D4C380
                        APIs
                        • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0BE06B0D
                          • Part of subcall function 00007FFB0BE04F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04F99
                          • Part of subcall function 00007FFB0BE04F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FC8
                          • Part of subcall function 00007FFB0BE04F70: memmove.VCRUNTIME140(?,?,00000000,00007FFB0BE16FAD,?,?,?,?,?,?,?,?,?,00007FFB0BE1E9FE), ref: 00007FFB0BE04FDF
                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0BE06B2A
                        Strings
                        • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0BE06B35
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free$Getdaysmallocmemmove
                        • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                        • API String ID: 2126063425-3283725177
                        • Opcode ID: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                        • Instruction ID: 08da34a37a4eefaa963f35fd1caa5196a56171f9f722990276b2dfda19fdccb2
                        • Opcode Fuzzy Hash: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                        • Instruction Fuzzy Hash: 91E06DA2718A4185EF109F21E584B6963B0EF08B94F949530DA0E46378DF3CD8D4C740
                        APIs
                        • GetLastError.KERNEL32(?,?,?,00007FFB1D8932ED,?,?,?,?,00007FFB1D89419A,?,?,?,?,?), ref: 00007FFB1D89345B
                        • SetLastError.KERNEL32(?,?,?,00007FFB1D8932ED,?,?,?,?,00007FFB1D89419A,?,?,?,?,?), ref: 00007FFB1D8934E3
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361807835.00007FFB1D891000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1D890000, based on PE: true
                        • Associated: 00000004.00000002.1361787207.00007FFB1D890000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1361981452.00007FFB1D895000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362003712.00007FFB1D898000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000004.00000002.1362030230.00007FFB1D899000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1d890000_update.jbxd
                        Similarity
                        • API ID: ErrorLast
                        • String ID:
                        • API String ID: 1452528299-0
                        • Opcode ID: 132749c40bd0ba5ebb6955e424a6ad121b3b2b2249ec90cc81fed750c6e1c92e
                        • Instruction ID: 0bb2c7df9907825c2f8bf2415a4bc0aeef379959c413ba91cbec45f52db46399
                        • Opcode Fuzzy Hash: 132749c40bd0ba5ebb6955e424a6ad121b3b2b2249ec90cc81fed750c6e1c92e
                        • Instruction Fuzzy Hash: E5112EE0E19E1392EA299B31E84073922A36FDC7B0F055634D9AE467DCFE3CB851C610
                        APIs
                        • GetLastError.KERNEL32(?,?,?,00007FFB1C376859,?,?,?,?,00007FFB1C37FF42,?,?,?,?,?), ref: 00007FFB1C3769FB
                        • SetLastError.KERNEL32(?,?,?,00007FFB1C376859,?,?,?,?,00007FFB1C37FF42,?,?,?,?,?), ref: 00007FFB1C376A84
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361687335.00007FFB1C371000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB1C370000, based on PE: true
                        • Associated: 00000004.00000002.1361667717.00007FFB1C370000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361711955.00007FFB1C381000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361742738.00007FFB1C386000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000004.00000002.1361764113.00007FFB1C387000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb1c370000_update.jbxd
                        Similarity
                        • API ID: ErrorLast
                        • String ID:
                        • API String ID: 1452528299-0
                        • Opcode ID: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                        • Instruction ID: 54c6f40c639ff559bf6f7de919abc6df1749bc92db143aad96adf25877eee078
                        • Opcode Fuzzy Hash: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                        • Instruction Fuzzy Hash: 0A111FE0A19F4381EA549B71F85C9F432B2AF487F0F349734D96E063D5DE3CA841A644
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free
                        • String ID:
                        • API String ID: 1294909896-0
                        • Opcode ID: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                        • Instruction ID: 4a635009618947d8fd4770cfe8a6b0cd26f015e7a8b45e44c780ad6f99439df0
                        • Opcode Fuzzy Hash: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                        • Instruction Fuzzy Hash: 3DF06276718B029ADB049B25E994A387360FF88F81F008430CA4E83B79DF3CE4A5C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free
                        • String ID:
                        • API String ID: 1294909896-0
                        • Opcode ID: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                        • Instruction ID: 1bf3e074f3c14bc3a468030929aedc52d6abd8e93da0a255a89d89d10a0feb35
                        • Opcode Fuzzy Hash: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                        • Instruction Fuzzy Hash: C8F04F75718B029ADB448B25E994A787360FF88F81F108831CA5E83B39DF3CE4A5C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free
                        • String ID:
                        • API String ID: 1294909896-0
                        • Opcode ID: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                        • Instruction ID: add819b005a2e51669d553b37c7e0c0e396a8446a985cb1a4c24760e5d11c3d2
                        • Opcode Fuzzy Hash: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                        • Instruction Fuzzy Hash: 4EF0FF75718B029AEB449B25E994A787360FF88F81F548431DA5E83B79DF7CE4A5C300
                        APIs
                        Memory Dump Source
                        • Source File: 00000004.00000002.1361345499.00007FFB0BE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFB0BE00000, based on PE: true
                        • Associated: 00000004.00000002.1361328897.00007FFB0BE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361387732.00007FFB0BE55000.00000002.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361419756.00007FFB0BE83000.00000004.00000001.01000000.00000006.sdmpDownload File
                        • Associated: 00000004.00000002.1361439847.00007FFB0BE87000.00000002.00000001.01000000.00000006.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_7ffb0be00000_update.jbxd
                        Similarity
                        • API ID: free
                        • String ID:
                        • API String ID: 1294909896-0
                        • Opcode ID: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                        • Instruction ID: a8e5615ac7a91c9f4a3e4f01ecae0221403eaa80732a876ffd6edb96aa0c0554
                        • Opcode Fuzzy Hash: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                        • Instruction Fuzzy Hash: 4EE00AB6A15A019AEB149F31DC549287374EF98F5AB185931CE1F8627CCF68D495C300