Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
12.exe

Overview

General Information

Sample name:12.exe
Analysis ID:1544430
MD5:d4e6ee6762c4f87650cd3e591ff7f71a
SHA1:91be75dc4311c405c0267df327330fdaf585ba9b
SHA256:b53a2e87ac17942649c2fc60f3247c898faf563d84f596344cfacd03350b031a
Tags:exemammnRansomwareuser-NoName
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 12.exe (PID: 5284 cmdline: "C:\Users\user\Desktop\12.exe" MD5: D4E6EE6762C4F87650CD3E591FF7F71A)
    • conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 12.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: 12.exeReversingLabs: Detection: 52%
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F32EE0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,CryptAcquireContextA,0_2_00F32EE0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F334A0 CryptReleaseContext,0_2_00F334A0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F335B0 CryptGenRandom,CryptReleaseContext,__CxxThrowException@8,0_2_00F335B0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F948A0 CryptReleaseContext,0_2_00F948A0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F33040 CryptAcquireContextA,GetLastError,CryptReleaseContext,0_2_00F33040
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F333D0 CryptReleaseContext,0_2_00F333D0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F33410 CryptGenRandom,__CxxThrowException@8,0_2_00F33410
Source: 12.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 12.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: G:\Mammon\Release\Mammon.pdb source: 12.exe
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F08240 FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,Concurrency::details::HardwareAffinity::operator!=,std::_Container_base12::~_Container_base12,0_2_00F08240
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EFC5B0 FindFirstFileW,operator!=,operator!=,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,std::_Container_base12::~_Container_base12,0_2_00EFC5B0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EFCE60 FindFirstFileW,operator!=,std::_Container_base12::~_Container_base12,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,Concurrency::details::HardwareAffinity::operator!=,std::_Container_base12::~_Container_base12,0_2_00EFCE60
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F49A22 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose,0_2_00F49A22
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EF9C50 FindFirstFileW,std::_Container_base12::~_Container_base12,operator!=,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,std::_Container_base12::~_Container_base12,0_2_00EF9C50
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F82D68 FindFirstFileExA,0_2_00F82D68
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F07E90 GetLogicalDriveStringsW,GetDriveTypeW,std::_Container_base12::~_Container_base12,0_2_00F07E90
Source: 12.exeString found in binary or memory: https://t.me/mamondec
Source: 12.exeString found in binary or memory: https://t.me/mamondec1-Com
Source: 12.exe, 00000000.00000002.3267018222.000000000079E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/mamondecDOq
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F346D00_2_00F346D0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2E4000_2_00F2E400
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F640FE0_2_00F640FE
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F385250_2_00F38525
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F506300_2_00F50630
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F1C7400_2_00F1C740
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F38C9F0_2_00F38C9F
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2D0A40_2_00F2D0A4
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2D0970_2_00F2D097
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F390260_2_00F39026
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F651700_2_00F65170
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F392B70_2_00F392B7
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F553170_2_00F55317
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F154500_2_00F15450
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2D4400_2_00F2D440
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F396F00_2_00F396F0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F156500_2_00F15650
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F817B90_2_00F817B9
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F158F00_2_00F158F0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F1D8600_2_00F1D860
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F79C630_2_00F79C63
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2DD890_2_00F2DD89
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F35EA00_2_00F35EA0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2DFAD0_2_00F2DFAD
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F3A0800_2_00F3A080
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F661BF0_2_00F661BF
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F466900_2_00F46690
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F2E85B0_2_00F2E85B
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F469700_2_00F46970
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F72B600_2_00F72B60
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F36B500_2_00F36B50
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F3AC000_2_00F3AC00
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F46D000_2_00F46D00
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4AD000_2_00F4AD00
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F52E310_2_00F52E31
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F6F0410_2_00F6F041
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F471A00_2_00F471A0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F635600_2_00F63560
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F737B00_2_00F737B0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F638D20_2_00F638D2
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F379C00_2_00F379C0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F63B7C0_2_00F63B7C
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F47B500_2_00F47B50
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F47DF00_2_00F47DF0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F63E430_2_00F63E43
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4FE4A0_2_00F4FE4A
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F87F440_2_00F87F44
Source: C:\Users\user\Desktop\12.exeCode function: String function: 00EE8040 appears 80 times
Source: C:\Users\user\Desktop\12.exeCode function: String function: 00F4B7C6 appears 88 times
Source: C:\Users\user\Desktop\12.exeCode function: String function: 00F4C8AD appears 84 times
Source: C:\Users\user\Desktop\12.exeCode function: String function: 00F4CBB0 appears 63 times
Source: 12.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@2/5@0/0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F49D99 GetDiskFreeSpaceExW,GetLastError,GetDiskFreeSpaceExW,GetLastError,0_2_00F49D99
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5788:120:WilError_03
Source: 12.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\12.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 12.exeReversingLabs: Detection: 52%
Source: unknownProcess created: C:\Users\user\Desktop\12.exe "C:\Users\user\Desktop\12.exe"
Source: C:\Users\user\Desktop\12.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\12.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\12.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\12.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\12.exeSection loaded: rsaenh.dllJump to behavior
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 12.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: 12.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: G:\Mammon\Release\Mammon.pdb source: 12.exe
Source: 12.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 12.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 12.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 12.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 12.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F5B6A5 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00F5B6A5
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4C887 push ecx; ret 0_2_00F4C89A
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4CBF6 push ecx; ret 0_2_00F4CC09
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4AD00 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00F4AD00
Source: C:\Users\user\Desktop\12.exeAPI coverage: 5.9 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\12.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F08240 FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,Concurrency::details::HardwareAffinity::operator!=,std::_Container_base12::~_Container_base12,0_2_00F08240
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EFC5B0 FindFirstFileW,operator!=,operator!=,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,std::_Container_base12::~_Container_base12,0_2_00EFC5B0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EFCE60 FindFirstFileW,operator!=,std::_Container_base12::~_Container_base12,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,Concurrency::details::HardwareAffinity::operator!=,std::_Container_base12::~_Container_base12,0_2_00EFCE60
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F49A22 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose,0_2_00F49A22
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EF9C50 FindFirstFileW,std::_Container_base12::~_Container_base12,operator!=,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,std::_Container_base12::~_Container_base12,0_2_00EF9C50
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F82D68 FindFirstFileExA,0_2_00F82D68
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F07E90 GetLogicalDriveStringsW,GetDriveTypeW,std::_Container_base12::~_Container_base12,0_2_00F07E90
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F6C6AF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F6C6AF
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F5B6A5 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00F5B6A5
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F77781 mov eax, dword ptr fs:[00000030h]0_2_00F77781
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F83CF0 GetProcessHeap,0_2_00F83CF0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F6C6AF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F6C6AF
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4C9F0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F4C9F0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4CB52 SetUnhandledExceptionFilter,0_2_00F4CB52
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4CC0B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F4CC0B
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F4C2FF cpuid 0_2_00F4C2FF
Source: C:\Users\user\Desktop\12.exeCode function: EnumSystemLocalesW,0_2_00F7C906
Source: C:\Users\user\Desktop\12.exeCode function: GetLocaleInfoW,0_2_00F7CDEF
Source: C:\Users\user\Desktop\12.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00F85932
Source: C:\Users\user\Desktop\12.exeCode function: EnumSystemLocalesW,0_2_00F85BB9
Source: C:\Users\user\Desktop\12.exeCode function: EnumSystemLocalesW,0_2_00F85C9F
Source: C:\Users\user\Desktop\12.exeCode function: EnumSystemLocalesW,0_2_00F85C04
Source: C:\Users\user\Desktop\12.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00F85D30
Source: C:\Users\user\Desktop\12.exeCode function: GetLocaleInfoW,0_2_00F85F80
Source: C:\Users\user\Desktop\12.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00F860A9
Source: C:\Users\user\Desktop\12.exeCode function: GetLocaleInfoW,0_2_00F861B0
Source: C:\Users\user\Desktop\12.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00F8627D
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F7CE59 GetSystemTimeAsFileTime,0_2_00F7CE59
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F8050E _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00F8050E
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F52B6C GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_00F52B6C
Source: C:\Users\user\Desktop\12.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EE15F0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,0_2_00EE15F0
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00EE1590 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,0_2_00EE1590
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F5D6B9 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00F5D6B9
Source: C:\Users\user\Desktop\12.exeCode function: 0_2_00F5E3E0 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_00F5E3E0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS26
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544430 Sample: 12.exe Startdate: 29/10/2024 Architecture: WINDOWS Score: 56 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 12.exe 7 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
12.exe53%ReversingLabsWin32.Infostealer.Tinba
12.exe100%AviraTR/FileCoder.csxlc

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://t.me/mamondec1-Com12.exefalse
    		unknown
    https://t.me/mamondec12.exefalse
      		unknown
      https://t.me/mamondecDOq12.exe, 00000000.00000002.3267018222.000000000079E000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1544430
        Start date and time:2024-10-29 12:25:05 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 38s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:6
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:12.exe
        Detection:MAL
        Classification:mal56.winEXE@2/5@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 83
        • Number of non-executed functions: 217
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: 12.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\RSADecryptKey\ID.DAT

        Download File
        Process:C:\Users\user\Desktop\12.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):10
        Entropy (8bit):3.321928094887362
        Encrypted:false
        SSDEEP:3:haN:u
        MD5:30449CF77CC065CB7ECE961D844E3E9E
        SHA1:DFCECA5AE93F2EFFF7B29852E3A6CE23D971B5C1
        SHA-256:3801620940F30AD0F072C063BCB7A9E45C92395158C7660145FC21728EE0037D
        SHA-512:4DBE30A5A35B26FC4EC19D63E7DC3414F27574311A5ED84E5487FF62F751A8BDE951DBB28A341F96FE103DF83B24651C36A8CDA1A1BE64E2D53EE12B6DC65F17
        Malicious:false
        Reputation:low
        Preview:DP8WG91XFS

        C:\RSADecryptKey\KEY.DAT

        Download File
        Process:C:\Users\user\Desktop\12.exe
        File Type:data
        Category:dropped
        Size (bytes):3873
        Entropy (8bit):7.951398094272129
        Encrypted:false
        SSDEEP:96:gHp4E2KCn1S7aNtjF7TCFEhIeg4E1euv24cIWseUbfy6bfbJ:CGcuLyESebEIW5cblUm6HJ
        MD5:57D9ED6F817B9EC84CFFBD09D64266B9
        SHA1:2ECB61BD3C6104E7F141A898585AB94C31244810
        SHA-256:6BD0A83C241D2B820FF54B7BC84BAB977D9D8D50EB3E121725DFF42CB6DA7290
        SHA-512:4A8BA83E4AC52D74A599F418927DF4FDFFB588C93189B70AC53FF8B1AAFFC1718249D4D3F51E6EC49814709B612B038045C1FB62E945ACB47E5A9F3684B16C8B
        Malicious:false
        Reputation:low
        Preview:k[.SLC...\..W......d..20.D./.x|.......s....../..xS.......g.z..6.Y....su.x^f...KEY.:... .p...7.A.....i.W\@...Y-yu0.2.e\...j@....&.J'\7q.P$....E.f..o.f.9.8..x..)r..."..ax.K.].;..D7.*..+:.c..%'L.D=..I..f.ZO../......O.....R.`.2..S$Z.;.7......3.?..c.!...sq.b$............Bti.4.."QB4..TE.-^M...'...QG}4.6?..g1..r....|.i"<...n..16.....xn..RCS.G`.1...p(....Y..~.O."......`{..`...w'.^...,..?\.....>.}..W....mgf.....G:...(....N..@........d..|.'X......q\..1.vPNd.....EIv1*.'3.U..g.....(..{............r......tu.<S/.;.FS.{....*[e..k@.z.UGC(.i@...>c..#w_s..U.k.Y..%.Z...s...)J.J.Ij....y.....V%.`..8...mG..u.z,.N]c%.._...}..3Fo.A........>.@ .<.....r...>.r.R.~,..W...b.G....L.o.._.G.j<.hq...s..9..U.o\.....b...0.w..#......6..`.H.UB...Kr.Z;l."6..._.....9Y...W.K..fB.cP.T.Y........g..lt..~(.R..6.".D..D.......1.zZ.....{1.nR.C>.s@a.....K[.X~2'...:0MU-f-^.oF.`...]...$.p..i..>.ur..../...&......D.QF.J)......78..%.1........(n0..a..r....d...4x.SQ...E..2..N.x..Q}...IP*

        C:\RSADecryptKey\KEY.txt

        Download File
        Process:C:\Users\user\Desktop\12.exe
        File Type:very short file (no magic)
        Category:dropped
        Size (bytes):1
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3:V:V
        MD5:CFCD208495D565EF66E7DFF9F98764DA
        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
        Malicious:false
        Reputation:high, very likely benign file
        Preview:0

        C:\RSADecryptKey\Public.txt

        Download File
        Process:C:\Users\user\Desktop\12.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):754
        Entropy (8bit):6.006722588887071
        Encrypted:false
        SSDEEP:12:CZFecQt9jFE9nkfNgQ8lIhfDWv4Bcibkto3moEK5kHY+oUoiByMGF:0ccKFE9kfNgvIhfDSGcGJk5zPQMS
        MD5:03ECC958CE2768C6E4FCB894C70CE963
        SHA1:B2E8D5CBE80608630F56AE0ADB9C553805B88378
        SHA-256:CA5CB3C96B568272F66AD513CC826544C8C2ED64FFCB66267607E63E8AFE3942
        SHA-512:05375462553C657361A8564F8330E2719B4BD6427C78CAE6F514BDFA4D98B259A5246B8100F18FFFB5FF242AD35C52C6D8FB399306A029E522DCF4A7233AF315
        Malicious:false
        Reputation:low
        Preview:MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAuVhWVdY4F17I4F6qkjkNHymleuvN..go4j3dYdNYgG7IbLBLlp2UWFWPuFcXhDyc9SzQoF4CaqYx7m/NucHO23PlQS0ss5QsL5fT9f..dSTZO2vRxa5wUlomoAfYq1Dua/+HSShBR4DGw+o/BPpitJaDwYRaxlUXBknzcNqE5LZ1d5mr..ZKHn34qe05OKt0r9urhrf+QAaV91ErcvdHQ1BMoeq+WZxtzVj68FbgEmSOKnLv6jaWcOxH9g..cM8253L+O6lhStGMeL/VJAt3OznGnfL0K03I9kvpfuQC3pdEQxgUf7XxnBXOaMlbxjq54Gwz..1rzXawf7ZQ9cnqNRLdBxmFxdt+hu9wlSywcr+o9BQfs77/sdGvUWpJfaD/C8ZI7EsYnj/QRb..R0CDLqXFEOATg3/+k1XA0S32nXYUPSKiu6F7+uyZnAZZTs2Fp1PhpEkL30SWZ6bIhnwkSBJB..tYSNXFiDSQ0Mvc6AdngTRc6I6rba6dbhQM7D5tRtdiAJV0pql+o4akUlbjwx9+Xd1iyAqm75..hL1BYKAgvHvUzS2lIuNSnUx5QHryDa8zbeZ6BI2mB/O3EFK9AorodlLVNf3sYaCzeTKBtufl..uk0C4JtqMdwXfUiT+9ZaPJqbDS19k1mFeaxkGMYWHsV1VJ3W2glWTLrYTy0QSpSt/F9hI/vG..zP86rbMCARE=..

        \Device\ConDrv

        Download File
        Process:C:\Users\user\Desktop\12.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):28
        Entropy (8bit):3.753434386188785
        Encrypted:false
        SSDEEP:3:opI9S1XoyR/:omUqyV
        MD5:D00381ADB6305C0CA316C802BB1D7CE1
        SHA1:4929BA5F0D84D2D403A5474206FB6619FCA47CAB
        SHA-256:198550B907276D77B74951235BD1A179078EAB5D6284A47998A23C7C0264BAB7
        SHA-512:449679944A1F623B64A1DCCC104094396A93BB2E7A630B42CE446C50DF7D52D5C73BAAFA9C40382BB8FDB433E62C3729E45FA57B7E69C1A550E91761D7B62D44
        Malicious:false
        Reputation:low
        Preview:C:\..1-Com....2-dir..Choose:

        Static File Info

        General

        File type:PE32 executable (console) Intel 80386, for MS Windows
        Entropy (8bit):6.583817331975598
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:12.exe
        File size:997'376 bytes
        MD5:d4e6ee6762c4f87650cd3e591ff7f71a
        SHA1:91be75dc4311c405c0267df327330fdaf585ba9b
        SHA256:b53a2e87ac17942649c2fc60f3247c898faf563d84f596344cfacd03350b031a
        SHA512:30b52db708ba2e7fba610825496542ecca38cd9b342ab9e930110c8cc767e0ddb3a9e9ab57a043b9156c2703556a9528193db1495f55d5a0c1eb536d846fc898
        SSDEEP:24576:nS6XklOGApJ6vstNPuPROYrIzOCMPhm3g1gmunB:nS6eOGApsvX5/M6C7geBnB
        TLSH:28258D207602F536E8B304F68EBDEA5E501CFD5007655ADFB3C8666E4AB48D12E33993
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}..|...|...|.bV....|.bV..s.|.bV....|..../..|...y/U.|...x/..|.......|...}.v.|...y/..|.}.y/..|.}.....|.}.~/..|.Rich..|........

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x46c210
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows cui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Time Stamp:0x66FC7290 [Tue Oct 1 22:07:12 2024 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:5
        OS Version Minor:1
        File Version Major:5
        File Version Minor:1
        Subsystem Version Major:5
        Subsystem Version Minor:1
        Import Hash:aabe76e81d032a0fd3912dd269708aa2

        Entrypoint Preview

        Instruction
        call 00007F31B4C819A3h
        jmp 00007F31B4C80BCDh
        int3
        int3
        int3
        int3
        int3
        int3
        cmp cl, 00000040h
        jnc 00007F31B4C80D77h
        cmp cl, 00000020h
        jnc 00007F31B4C80D68h
        shld edx, eax, cl
        shl eax, cl
        ret
        mov edx, eax
        xor eax, eax
        and cl, 0000001Fh
        shl edx, cl
        ret
        xor eax, eax
        xor edx, edx
        ret
        int3
        push esi
        mov eax, dword ptr [esp+14h]
        or eax, eax
        jne 00007F31B4C80D8Ah
        mov ecx, dword ptr [esp+10h]
        mov eax, dword ptr [esp+0Ch]
        xor edx, edx
        div ecx
        mov ebx, eax
        mov eax, dword ptr [esp+08h]
        div ecx
        mov esi, eax
        mov eax, ebx
        mul dword ptr [esp+10h]
        mov ecx, eax
        mov eax, esi
        mul dword ptr [esp+10h]
        add edx, ecx
        jmp 00007F31B4C80DA9h
        mov ecx, eax
        mov ebx, dword ptr [esp+10h]
        mov edx, dword ptr [esp+0Ch]
        mov eax, dword ptr [esp+08h]
        shr ecx, 1
        rcr ebx, 1
        shr edx, 1
        rcr eax, 1
        or ecx, ecx
        jne 00007F31B4C80D56h
        div ebx
        mov esi, eax
        mul dword ptr [esp+14h]
        mov ecx, eax
        mov eax, dword ptr [esp+10h]
        mul esi
        add edx, ecx
        jc 00007F31B4C80D70h
        cmp edx, dword ptr [esp+0Ch]
        jnbe 00007F31B4C80D6Ah
        jc 00007F31B4C80D71h
        cmp eax, dword ptr [esp+08h]
        jbe 00007F31B4C80D6Bh
        dec esi
        sub eax, dword ptr [esp+10h]
        sbb edx, dword ptr [esp+14h]
        xor ebx, ebx
        sub eax, dword ptr [esp+08h]
        sbb edx, dword ptr [esp+0Ch]
        neg edx
        neg eax
        sbb edx, 00000000h
        mov ecx, edx
        mov edx, ebx
        mov ebx, ecx
        mov ecx, eax
        mov eax, esi
        pop esi
        retn 0010h
        int3
        int3

        Rich Headers

        Programming Language:
        • [IMP] VS2008 SP1 build 30729

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0xe1b840x3c.rdata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0xed0000x1e0.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xac20.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0xcf3500x70.rdata
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0xcf4600x18.rdata
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xcf3c00x40.rdata
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0xb50000x234.rdata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000xb3c0a0xb3e00fb0cae030696caa1dc9919c6ad8de0c5False0.4671687695448228data6.596706338829282IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .rdata0xb50000x2d8800x2da00975e074796cc72e19d8890f1b536cd33False0.37914169520547947data5.048372166875648IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .data0xe30000x94a00x6c0046b470985e0a41b7b6eb92e2977ddbaaFalse0.1622902199074074data4.933537473400661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc0xed0000x1e00x200e004de00c8e4161f9a8b96a63f27f057False0.53125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0xee0000xac200xae005770e65cea08e5886129734ea3b19784False0.5582121048850575data6.523366272247362IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_MANIFEST0xed0600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

        Imports

        DLLImport
        KERNEL32.dllGetLogicalDriveStringsW, GetDriveTypeA, GetDriveTypeW, FreeConsole, GetLastError, FindNextFileW, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentThread, GetThreadTimes, SetEndOfFile, FindFirstFileW, lstrcmpW, SetLastError, FindClose, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, FormatMessageW, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, GetCurrentThreadId, GetCurrentDirectoryW, CreateDirectoryW, CreateFileW, DeleteFileW, FindFirstFileExW, GetDiskFreeSpaceExW, GetFileAttributesExW, GetFileInformationByHandle, AreFileApisANSI, CloseHandle, GetModuleHandleW, GetProcAddress, CopyFileW, MoveFileExW, DuplicateHandle, WaitForSingleObjectEx, Sleep, GetCurrentProcess, SwitchToThread, GetExitCodeThread, EncodePointer, DecodePointer, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, SetEvent, ResetEvent, InitializeSListHead, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, GetCurrentProcessId, CreateTimerQueue, SignalObjectAndWait, CreateThread, SetThreadPriority, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, FreeLibrary, FreeLibraryAndExitThread, GetModuleFileNameW, GetModuleHandleA, LoadLibraryExW, GetVersionExW, VirtualAlloc, VirtualProtect, VirtualFree, ReleaseSemaphore, InterlockedPopEntrySList, InterlockedPushEntrySList, InterlockedFlushSList, QueryDepthSList, UnregisterWaitEx, LoadLibraryW, RaiseException, RtlUnwind, ExitThread, GetModuleHandleExW, ExitProcess, GetModuleFileNameA, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, GetACP, HeapAlloc, HeapFree, GetFileType, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, ReadConsoleW, SetFilePointerEx, GetTimeZoneInformation, HeapReAlloc, HeapSize, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, GetProcessHeap, SetStdHandle, WriteConsoleW
        ADVAPI32.dllCryptReleaseContext, CryptAcquireContextA, CryptGenRandom

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:07:25:54
        Start date:29/10/2024
        Path:C:\Users\user\Desktop\12.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\12.exe"
        Imagebase:0xee0000
        File size:997'376 bytes
        MD5 hash:D4E6EE6762C4F87650CD3E591FF7F71A
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:1
        Start time:07:25:54
        Start date:29/10/2024
        Path:C:\Windows\System32\conhost.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Imagebase:0x7ff6d64d0000
        File size:862'208 bytes
        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:false

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:7.6%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:6%
          Total number of Nodes:2000
          Total number of Limit Nodes:27
          execution_graph 80300 f13820 80301 f1382b 80300->80301 80304 f13850 80301->80304 80305 f1388b 80304->80305 80306 f13891 80305->80306 80310 f33fe0 80305->80310 80351 f4bcfe 80306->80351 80308 f1384a 80311 f3401b 80310->80311 80321 f34035 80310->80321 80312 f3407d 80311->80312 80314 f34030 80311->80314 80371 f352c0 80312->80371 80358 f34e10 80314->80358 80318 f34098 80319 f352c0 111 API calls 80318->80319 80320 f3409f 80319->80320 80323 f340f0 80320->80323 80377 f34f80 111 API calls 3 library calls 80320->80377 80321->80306 80376 f34f80 111 API calls 3 library calls 80323->80376 80325 f34172 80325->80306 80326 f34132 80326->80323 80326->80325 80327 f3420b 80326->80327 80378 efc200 45 API calls 2 library calls 80327->80378 80329 f34216 80379 eea760 27 API calls std::ios_base::failure::failure 80329->80379 80331 f34227 80380 f63148 80331->80380 80333 f34235 80334 f34272 80333->80334 80335 f342a4 80333->80335 80383 ef9220 80334->80383 80395 ee8040 80335->80395 80340 f342d2 80400 f33da0 80340->80400 80341 f34286 80343 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80341->80343 80346 f3429e 80343->80346 80344 f342c4 80347 f63148 __CxxThrowException@8 RaiseException 80344->80347 80346->80306 80347->80340 80349 f63148 __CxxThrowException@8 RaiseException 80350 f342e8 80349->80350 80352 f4bd07 80351->80352 80353 f4bd09 IsProcessorFeaturePresent 80351->80353 80352->80308 80355 f4cc47 80353->80355 80743 f4cc0b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 80355->80743 80357 f4cd2a 80357->80308 80359 f34e5b 80358->80359 80411 f0cf80 80359->80411 80362 f34e7e 80363 f34f0d 80362->80363 80433 efc200 45 API calls 2 library calls 80362->80433 80363->80321 80365 f34f5f 80434 eea760 27 API calls std::ios_base::failure::failure 80365->80434 80367 f34f6c 80368 f63148 __CxxThrowException@8 RaiseException 80367->80368 80369 f34f7a 80368->80369 80372 f352f9 80371->80372 80373 f0cf80 111 API calls 80372->80373 80374 f34086 80373->80374 80375 f35120 111 API calls 3 library calls 80374->80375 80375->80318 80376->80321 80377->80326 80378->80329 80379->80331 80381 f63168 RaiseException 80380->80381 80381->80333 80384 ef925d 80383->80384 80385 ef92c8 80384->80385 80583 eeab60 80384->80583 80386 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80385->80386 80388 ef92e0 80386->80388 80388->80340 80388->80341 80389 ef92b9 80591 eec8e0 80389->80591 80390 ef926d 80390->80389 80587 efe1f0 80390->80587 80394 efef00 46 API calls 80394->80389 80396 ee806e numpunct 80395->80396 80719 ef6a40 80396->80719 80399 f33750 27 API calls std::system_error::system_error 80399->80344 80401 ee8040 numpunct 27 API calls 80400->80401 80402 f33dde 80401->80402 80728 ee7e90 80402->80728 80405 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80407 f33e5e 80405->80407 80406 f33e62 80732 f6c889 26 API calls _memcpy_s 80406->80732 80407->80349 80408 f33e36 shared_ptr 80408->80405 80415 f0cfc4 std::ios_base::good 80411->80415 80412 efef00 46 API calls 80413 f0d16e 80412->80413 80414 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80413->80414 80417 f0d1a6 80414->80417 80416 f0d0f5 std::ios_base::good 80415->80416 80418 ef9220 74 API calls 80415->80418 80419 f0cffc std::ios_base::getloc 80415->80419 80416->80412 80416->80413 80417->80362 80427 effbd0 80417->80427 80418->80419 80419->80416 80435 ee6080 80419->80435 80421 f0d054 std::locale::~locale 80451 f0fe90 80421->80451 80423 f0d0db 80456 efef00 80423->80456 80425 f0d08d ctype operator!= char_traits 80425->80416 80425->80423 80455 f0ff90 30 API calls 2 library calls 80425->80455 80428 effbec operator!= 80427->80428 80429 effc06 operator!= char_traits 80428->80429 80503 eff5e0 80428->80503 80430 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80429->80430 80431 effc90 80430->80431 80431->80362 80433->80365 80434->80367 80460 f4811a 80435->80460 80439 ee60cb std::locale::_Getfacet 80450 ee60ed 80439->80450 80481 ef3c50 81 API calls 5 library calls 80439->80481 80441 ee61a2 80443 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80441->80443 80445 ee61ba 80443->80445 80444 ee6105 80446 ee610d std::bad_alloc::bad_alloc 80444->80446 80448 ee6125 std::ios_base::_Init 80444->80448 80445->80421 80447 f63148 __CxxThrowException@8 RaiseException 80446->80447 80447->80450 80482 f48a82 8 API calls Mailbox 80448->80482 80474 f48172 80450->80474 80452 f0fea1 operator!= 80451->80452 80453 f0feb5 operator!= 80452->80453 80454 effbd0 30 API calls 80452->80454 80453->80425 80454->80453 80455->80425 80457 efef14 std::ios_base::good 80456->80457 80487 ef7130 80457->80487 80461 f48130 80460->80461 80462 f48129 80460->80462 80464 ee60b2 80461->80464 80484 f4aa11 EnterCriticalSection 80461->80484 80483 f75128 EnterCriticalSection _Atexit 80462->80483 80466 eed050 80464->80466 80467 eed09f 80466->80467 80468 eed06b 80466->80468 80469 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80467->80469 80470 f4811a std::_Lockit::_Lockit 2 API calls 80468->80470 80471 eed0ae 80469->80471 80472 eed075 80470->80472 80471->80439 80473 f48172 std::_Lockit::~_Lockit 2 API calls 80472->80473 80473->80467 80475 f75131 80474->80475 80476 f4817c 80474->80476 80486 f75111 LeaveCriticalSection 80475->80486 80480 f4818f 80476->80480 80485 f4aa1f LeaveCriticalSection 80476->80485 80479 f75138 80479->80441 80480->80441 80481->80444 80482->80450 80483->80464 80484->80464 80485->80480 80486->80479 80488 ef7148 80487->80488 80491 ef7190 80488->80491 80492 ef716a 80491->80492 80493 ef71b9 80491->80493 80492->80416 80494 f63148 __CxxThrowException@8 RaiseException 80493->80494 80495 ef71ca 80493->80495 80494->80495 80501 efc200 45 API calls 2 library calls 80495->80501 80497 ef71fe 80502 eea760 27 API calls std::ios_base::failure::failure 80497->80502 80499 ef720e 80500 f63148 __CxxThrowException@8 RaiseException 80499->80500 80500->80492 80501->80497 80502->80499 80504 eff614 operator!= 80503->80504 80505 eff668 80504->80505 80508 eff62e operator!= char_traits 80504->80508 80517 eff6a3 codecvt std::ios_base::good _Error_objects std::runtime_error::runtime_error 80504->80517 80525 ee38e0 80505->80525 80507 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80509 eff85b 80507->80509 80508->80507 80509->80429 80511 eff6ca char_traits 80548 eeb9f0 80511->80548 80514 eff765 char_traits 80518 eeb9f0 ThreadProxyFactory 26 API calls 80514->80518 80515 eff75b 80515->80514 80516 eff7f3 80515->80516 80520 eeb9f0 ThreadProxyFactory 26 API calls 80516->80520 80517->80511 80517->80514 80517->80515 80521 eff772 std::ios_base::good std::runtime_error::runtime_error 80517->80521 80528 f6d76e 80517->80528 80551 efe220 27 API calls 4 library calls 80517->80551 80553 ef8f30 27 API calls 3 library calls 80517->80553 80518->80508 80520->80508 80522 eff7b6 operator!= 80521->80522 80552 f6e55b 29 API calls 6 library calls 80521->80552 80524 eeb9f0 ThreadProxyFactory 26 API calls 80522->80524 80524->80508 80526 f6d76e _Fgetc 28 API calls 80525->80526 80527 ee38ed 80526->80527 80527->80508 80529 f6d77a __FrameHandler3::FrameUnwindToState 80528->80529 80530 f6d7a3 80529->80530 80531 f6d78b 80529->80531 80554 f6d422 EnterCriticalSection 80530->80554 80562 f6c962 20 API calls __dosmaperr 80531->80562 80534 f6d790 80563 f6c879 26 API calls _memcpy_s 80534->80563 80535 f6d7ad 80537 f6d843 80535->80537 80564 f7b5e8 80535->80564 80555 f6d727 80537->80555 80540 f6d849 80573 f6d866 LeaveCriticalSection _Fgetc 80540->80573 80542 f6d79b @_EH4_CallFilterFunc@8 __wsopen_s 80542->80517 80543 f6d81b 80571 f6c962 20 API calls __dosmaperr 80543->80571 80544 f6d7c6 80544->80537 80544->80543 80546 f6d820 80572 f6c879 26 API calls _memcpy_s 80546->80572 80578 ef6050 80548->80578 80550 eeba1e ~ 80550->80508 80551->80517 80552->80521 80553->80517 80554->80535 80556 f6d733 80555->80556 80557 f6d748 __fread_nolock 80555->80557 80574 f6c962 20 API calls __dosmaperr 80556->80574 80557->80540 80559 f6d738 80575 f6c879 26 API calls _memcpy_s 80559->80575 80561 f6d743 80561->80540 80562->80534 80563->80542 80565 f7b5f4 80564->80565 80566 f7b609 80564->80566 80576 f6c962 20 API calls __dosmaperr 80565->80576 80566->80544 80568 f7b5f9 80577 f6c879 26 API calls _memcpy_s 80568->80577 80570 f7b604 80570->80544 80571->80546 80572->80542 80573->80542 80574->80559 80575->80561 80576->80568 80577->80570 80580 ef6061 std::system_error::system_error allocator Concurrency::details::ContextBase::GetWorkQueueIdentity ctype 80578->80580 80579 ef60bd std::system_error::system_error 80579->80550 80580->80579 80582 ef76a0 26 API calls _Deallocate 80580->80582 80582->80579 80585 eeab92 std::ios_base::good 80583->80585 80584 eeabf4 std::ios_base::good 80584->80390 80585->80584 80586 ef9220 74 API calls 80585->80586 80586->80584 80588 efe20d 80587->80588 80595 eff3c0 80588->80595 80592 eec90b 80591->80592 80594 eec91c 80592->80594 80718 ef53c0 74 API calls std::ios_base::good 80592->80718 80594->80385 80596 eff3d2 char_traits 80595->80596 80598 ef929a 80595->80598 80596->80598 80599 f6d6ce 80596->80599 80598->80389 80598->80394 80600 f6d6da __FrameHandler3::FrameUnwindToState 80599->80600 80601 f6d6e1 80600->80601 80602 f6d6ea 80600->80602 80621 f6d5f6 71 API calls 4 library calls 80601->80621 80610 f6d422 EnterCriticalSection 80602->80610 80605 f6d6f4 80611 f6d5a6 80605->80611 80608 f6d6e7 __wsopen_s 80608->80598 80610->80605 80612 f6d5b3 80611->80612 80613 f6d5bc 80611->80613 80629 f6d5f6 71 API calls 4 library calls 80612->80629 80623 f6d540 80613->80623 80617 f6d5b9 80622 f6d71f LeaveCriticalSection _Fgetc 80617->80622 80618 f7b5e8 _Fputc 26 API calls 80619 f6d5dc 80618->80619 80630 f7d6e9 30 API calls 2 library calls 80619->80630 80621->80608 80622->80608 80624 f6d554 80623->80624 80625 f6d558 80623->80625 80624->80617 80624->80618 80625->80624 80626 f7b5e8 _Fputc 26 API calls 80625->80626 80627 f6d578 80626->80627 80631 f7dce8 80627->80631 80629->80617 80630->80617 80632 f7dcf4 __FrameHandler3::FrameUnwindToState 80631->80632 80633 f7dd14 80632->80633 80634 f7dcfc 80632->80634 80636 f7ddb2 80633->80636 80641 f7dd49 80633->80641 80710 f6c94f 20 API calls __dosmaperr 80634->80710 80715 f6c94f 20 API calls __dosmaperr 80636->80715 80637 f7dd01 80711 f6c962 20 API calls __dosmaperr 80637->80711 80640 f7ddb7 80716 f6c962 20 API calls __dosmaperr 80640->80716 80656 f83fa6 EnterCriticalSection 80641->80656 80642 f7dd09 __wsopen_s 80642->80624 80645 f7ddbf 80717 f6c879 26 API calls _memcpy_s 80645->80717 80646 f7dd4f 80648 f7dd80 80646->80648 80649 f7dd6b 80646->80649 80657 f7ddd3 80648->80657 80712 f6c962 20 API calls __dosmaperr 80649->80712 80652 f7dd70 80713 f6c94f 20 API calls __dosmaperr 80652->80713 80654 f7dd7b 80714 f7ddaa LeaveCriticalSection __wsopen_s 80654->80714 80656->80646 80658 f7de01 80657->80658 80659 f7ddfa 80657->80659 80660 f7de05 80658->80660 80661 f7de24 80658->80661 80662 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80659->80662 80663 f6c94f __dosmaperr 20 API calls 80660->80663 80664 f7de75 80661->80664 80665 f7de58 80661->80665 80666 f7dfdb 80662->80666 80667 f7de0a 80663->80667 80669 f7de8b 80664->80669 80673 f7f073 __fread_nolock 28 API calls 80664->80673 80668 f6c94f __dosmaperr 20 API calls 80665->80668 80666->80654 80670 f6c962 __Stolx 20 API calls 80667->80670 80672 f7de5d 80668->80672 80671 f7d978 __wsopen_s 44 API calls 80669->80671 80674 f7de11 80670->80674 80675 f7de94 80671->80675 80676 f6c962 __Stolx 20 API calls 80672->80676 80673->80669 80677 f6c879 _memcpy_s 26 API calls 80674->80677 80678 f7ded2 80675->80678 80679 f7de99 80675->80679 80680 f7de65 80676->80680 80677->80659 80684 f7dee6 80678->80684 80685 f7df2c WriteFile 80678->80685 80681 f7debf 80679->80681 80682 f7de9d 80679->80682 80683 f6c879 _memcpy_s 26 API calls 80680->80683 80686 f7d758 __wsopen_s 50 API calls 80681->80686 80690 f7d90b __wsopen_s GetLastError WriteConsoleW CreateFileW 80682->80690 80692 f7df93 80682->80692 80683->80659 80688 f7deee 80684->80688 80689 f7df1c 80684->80689 80687 f7df4f GetLastError 80685->80687 80697 f7deb5 80685->80697 80686->80697 80687->80697 80693 f7def3 80688->80693 80694 f7df0c 80688->80694 80691 f7d9ee __wsopen_s 7 API calls 80689->80691 80690->80697 80691->80697 80692->80659 80696 f6c962 __Stolx 20 API calls 80692->80696 80693->80692 80698 f7defc 80693->80698 80695 f7dbbb __wsopen_s 8 API calls 80694->80695 80700 f7df0a 80695->80700 80701 f7dfb8 80696->80701 80697->80659 80697->80692 80702 f7df6f 80697->80702 80699 f7dacd __wsopen_s 7 API calls 80698->80699 80699->80700 80700->80697 80703 f6c94f __dosmaperr 20 API calls 80701->80703 80704 f7df76 80702->80704 80705 f7df8a 80702->80705 80703->80659 80707 f6c962 __Stolx 20 API calls 80704->80707 80706 f6c92c __dosmaperr 20 API calls 80705->80706 80706->80659 80708 f7df7b 80707->80708 80709 f6c94f __dosmaperr 20 API calls 80708->80709 80709->80659 80710->80637 80711->80642 80712->80652 80713->80654 80714->80642 80715->80640 80716->80645 80717->80642 80718->80594 80720 ef6a50 allocator char_traits 80719->80720 80723 ef6a70 80720->80723 80722 ee8089 80722->80399 80724 ef6a81 Concurrency::details::ContextBase::GetWorkQueueIdentity 80723->80724 80726 ef6a8f std::system_error::system_error std::runtime_error::runtime_error 80724->80726 80727 ee4360 27 API calls 6 library calls 80724->80727 80726->80722 80727->80726 80729 ee7ec0 std::system_error::system_error allocator Concurrency::details::ContextBase::GetWorkQueueIdentity 80728->80729 80733 ef2850 80729->80733 80734 ef286b Concurrency::details::ContextBase::GetWorkQueueIdentity std::runtime_error::runtime_error 80733->80734 80735 ef2893 construct std::system_error::system_error allocator 80734->80735 80741 efc240 5 API calls 6 library calls 80734->80741 80737 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80735->80737 80739 ee7ee9 80737->80739 80738 ef28d0 _Min_value 80742 ef6580 27 API calls 2 library calls 80738->80742 80739->80406 80739->80408 80741->80738 80742->80735 80743->80357 80744 f7c6a6 80749 f7c230 80744->80749 80747 f7c6ce 80752 f7c25b 80749->80752 80751 f7c44e 80768 f6c879 26 API calls _memcpy_s 80751->80768 80760 f7c3a4 80752->80760 80764 f87104 51 API calls 2 library calls 80752->80764 80754 f7c3ad 80754->80747 80761 f8791e 80754->80761 80756 f7c3ee 80756->80760 80765 f87104 51 API calls 2 library calls 80756->80765 80758 f7c40d 80758->80760 80766 f87104 51 API calls 2 library calls 80758->80766 80760->80754 80767 f6c962 20 API calls __dosmaperr 80760->80767 80769 f87227 80761->80769 80763 f87939 80763->80747 80764->80756 80765->80758 80766->80760 80767->80751 80768->80754 80770 f87233 __FrameHandler3::FrameUnwindToState 80769->80770 80771 f87241 80770->80771 80774 f8727a 80770->80774 80787 f6c962 20 API calls __dosmaperr 80771->80787 80773 f87246 80788 f6c879 26 API calls _memcpy_s 80773->80788 80780 f878cd 80774->80780 80779 f87250 __wsopen_s 80779->80763 80790 f8a611 80780->80790 80783 f8729e 80789 f872c7 LeaveCriticalSection __wsopen_s 80783->80789 80787->80773 80788->80779 80789->80779 80791 f8a61d 80790->80791 80792 f8a634 80790->80792 80867 f6c962 20 API calls __dosmaperr 80791->80867 80794 f8a63c 80792->80794 80795 f8a653 80792->80795 80869 f6c962 20 API calls __dosmaperr 80794->80869 80871 f7cae3 10 API calls 2 library calls 80795->80871 80797 f8a622 80868 f6c879 26 API calls _memcpy_s 80797->80868 80799 f8a641 80870 f6c879 26 API calls _memcpy_s 80799->80870 80800 f8a65a MultiByteToWideChar 80803 f8a689 80800->80803 80804 f8a679 GetLastError 80800->80804 80873 f7f17c 80803->80873 80872 f6c92c 20 API calls 3 library calls 80804->80872 80807 f878e3 80807->80783 80814 f8793e 80807->80814 80809 f8a698 MultiByteToWideChar 80811 f8a6ad GetLastError 80809->80811 80813 f8a6b9 80809->80813 80810 f7b207 _free 20 API calls 80810->80807 80880 f6c92c 20 API calls 3 library calls 80811->80880 80813->80810 80883 f876a1 80814->80883 80817 f87989 80900 f84080 80817->80900 80818 f87970 80914 f6c94f 20 API calls __dosmaperr 80818->80914 80821 f8798e 80822 f879ae 80821->80822 80823 f87997 80821->80823 80913 f8760c CreateFileW 80822->80913 80916 f6c94f 20 API calls __dosmaperr 80823->80916 80827 f8799c 80917 f6c962 20 API calls __dosmaperr 80827->80917 80829 f87a64 GetFileType 80831 f87a6f GetLastError 80829->80831 80835 f87ab6 80829->80835 80830 f87a39 GetLastError 80919 f6c92c 20 API calls 3 library calls 80830->80919 80920 f6c92c 20 API calls 3 library calls 80831->80920 80832 f879e7 80832->80829 80832->80830 80918 f8760c CreateFileW 80832->80918 80922 f83fc9 21 API calls 3 library calls 80835->80922 80837 f87975 80915 f6c962 20 API calls __dosmaperr 80837->80915 80838 f87a7d CloseHandle 80838->80837 80841 f87aa6 80838->80841 80840 f87a2c 80840->80829 80840->80830 80921 f6c962 20 API calls __dosmaperr 80841->80921 80842 f87ad7 80844 f87b23 80842->80844 80923 f8781d 77 API calls 4 library calls 80842->80923 80849 f87b50 80844->80849 80924 f873bf 77 API calls 5 library calls 80844->80924 80845 f87aab 80845->80837 80848 f87b49 80848->80849 80850 f87b61 80848->80850 80925 f7d58d 80849->80925 80852 f8790b 80850->80852 80853 f87bdf CloseHandle 80850->80853 80861 f7b207 80852->80861 80940 f8760c CreateFileW 80853->80940 80855 f87c0a 80856 f87c14 GetLastError 80855->80856 80857 f87c40 80855->80857 80941 f6c92c 20 API calls 3 library calls 80856->80941 80857->80852 80859 f87c20 80942 f84192 21 API calls 3 library calls 80859->80942 80862 f7b212 HeapFree 80861->80862 80863 f7b23b _free 80861->80863 80862->80863 80864 f7b227 80862->80864 80863->80783 80994 f6c962 20 API calls __dosmaperr 80864->80994 80866 f7b22d GetLastError 80866->80863 80867->80797 80868->80807 80869->80799 80870->80807 80871->80800 80872->80807 80874 f7f1ba 80873->80874 80878 f7f18a _abort 80873->80878 80882 f6c962 20 API calls __dosmaperr 80874->80882 80876 f7f1a5 RtlAllocateHeap 80877 f7f1b8 80876->80877 80876->80878 80877->80809 80877->80813 80878->80874 80878->80876 80881 f75a8a 7 API calls 2 library calls 80878->80881 80880->80813 80881->80878 80882->80877 80884 f876c2 80883->80884 80889 f876dc 80883->80889 80884->80889 80950 f6c962 20 API calls __dosmaperr 80884->80950 80887 f876d1 80951 f6c879 26 API calls _memcpy_s 80887->80951 80943 f87631 80889->80943 80890 f87743 80898 f87796 80890->80898 80954 f7854f 26 API calls 2 library calls 80890->80954 80891 f87714 80891->80890 80952 f6c962 20 API calls __dosmaperr 80891->80952 80894 f87791 80894->80898 80955 f6c8a6 IsProcessorFeaturePresent 80894->80955 80895 f87738 80953 f6c879 26 API calls _memcpy_s 80895->80953 80898->80817 80898->80818 80899 f8781c 80901 f8408c __FrameHandler3::FrameUnwindToState 80900->80901 80967 f750c1 EnterCriticalSection 80901->80967 80903 f840da 80968 f84189 80903->80968 80905 f840b8 80971 f83e5f 21 API calls 3 library calls 80905->80971 80906 f84103 __wsopen_s 80906->80821 80908 f84093 80908->80903 80908->80905 80910 f84126 EnterCriticalSection 80908->80910 80909 f840bd 80909->80903 80972 f83fa6 EnterCriticalSection 80909->80972 80910->80903 80912 f84133 LeaveCriticalSection 80910->80912 80912->80908 80913->80832 80914->80837 80915->80852 80916->80827 80917->80837 80918->80840 80919->80837 80920->80838 80921->80845 80922->80842 80923->80844 80924->80848 80974 f84223 80925->80974 80927 f7d5a3 80987 f84192 21 API calls 3 library calls 80927->80987 80929 f7d59d 80929->80927 80930 f84223 __wsopen_s 26 API calls 80929->80930 80939 f7d5d5 80929->80939 80933 f7d5cc 80930->80933 80931 f84223 __wsopen_s 26 API calls 80934 f7d5e1 CloseHandle 80931->80934 80932 f7d5fb 80935 f7d61d 80932->80935 80988 f6c92c 20 API calls 3 library calls 80932->80988 80936 f84223 __wsopen_s 26 API calls 80933->80936 80934->80927 80937 f7d5ed GetLastError 80934->80937 80935->80852 80936->80939 80937->80927 80939->80927 80939->80931 80940->80855 80941->80859 80942->80857 80946 f87649 80943->80946 80944 f87664 80944->80891 80946->80944 80959 f6c962 20 API calls __dosmaperr 80946->80959 80947 f87688 80960 f6c879 26 API calls _memcpy_s 80947->80960 80949 f87693 80949->80891 80950->80887 80951->80889 80952->80895 80953->80890 80954->80894 80956 f6c8b1 80955->80956 80961 f6c6af 80956->80961 80959->80947 80960->80949 80962 f6c6cb Hash ___scrt_fastfail 80961->80962 80963 f6c6f7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 80962->80963 80965 f6c7c8 ___scrt_fastfail 80963->80965 80964 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 80966 f6c7e6 GetCurrentProcess TerminateProcess 80964->80966 80965->80964 80966->80899 80967->80908 80973 f75111 LeaveCriticalSection 80968->80973 80970 f84190 80970->80906 80971->80909 80972->80903 80973->80970 80975 f84230 80974->80975 80976 f84245 80974->80976 80989 f6c94f 20 API calls __dosmaperr 80975->80989 80980 f8426a 80976->80980 80991 f6c94f 20 API calls __dosmaperr 80976->80991 80979 f84235 80990 f6c962 20 API calls __dosmaperr 80979->80990 80980->80929 80981 f84275 80992 f6c962 20 API calls __dosmaperr 80981->80992 80984 f8423d 80984->80929 80985 f8427d 80993 f6c879 26 API calls _memcpy_s 80985->80993 80987->80932 80988->80935 80989->80979 80990->80984 80991->80981 80992->80985 80993->80984 80994->80866 80995 f2f640 80996 f2f654 80995->80996 80997 f2f675 80996->80997 81001 f2f6b3 80996->81001 81003 f13ee0 80996->81003 81015 f47330 40 API calls 3 library calls 80997->81015 80999 f2f6a4 81016 f73769 80999->81016 81004 f13f21 81003->81004 81005 f13f29 81004->81005 81006 f13f4f 81004->81006 81019 f2e400 81005->81019 81040 f12110 27 API calls 5 library calls 81006->81040 81007 f13f31 81008 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81007->81008 81009 f13f49 81008->81009 81009->80997 81011 f13f6e 81012 f63148 __CxxThrowException@8 RaiseException 81011->81012 81013 f13f7c 81012->81013 81015->80999 81098 f736ea 81016->81098 81018 f73786 81018->81001 81020 f2e415 81019->81020 81041 ef0d20 81020->81041 81024 f2e454 81045 f2d3a0 5 API calls Concurrency::task_options::get_cancellation_token 81024->81045 81026 f2e462 81027 f2e46e 81026->81027 81046 f2d3e0 5 API calls Concurrency::task_options::get_cancellation_token 81026->81046 81038 f2e475 81027->81038 81047 f2cb05 27 API calls Concurrency::task_options::get_cancellation_token 81027->81047 81030 f2e4d1 81033 f2e7a2 81030->81033 81039 f2e801 81030->81039 81048 f15010 26 API calls 4 library calls 81030->81048 81031 f2e879 81031->81007 81033->81039 81049 f15010 26 API calls 4 library calls 81033->81049 81036 f2f0e0 81036->81038 81051 f15010 26 API calls 4 library calls 81036->81051 81038->81007 81039->81031 81050 f2d3a0 5 API calls Concurrency::task_options::get_cancellation_token 81039->81050 81040->81011 81052 efe490 81041->81052 81044 f216f0 29 API calls 2 library calls 81044->81024 81045->81026 81046->81027 81047->81030 81048->81033 81049->81039 81050->81036 81051->81038 81055 ee2fa0 81052->81055 81054 ef0d4b 81054->81044 81056 ee2fae boost::exception::~exception 81055->81056 81057 ee2fb6 81055->81057 81056->81054 81058 ee2fbe 81057->81058 81059 ee301f boost::exception::~exception 81057->81059 81060 ef6480 Concurrency::details::SchedulerBase::HasSearchers 29 API calls 81058->81060 81064 ef6480 81059->81064 81061 ee2fcc _Min_value 81060->81061 81061->81056 81072 f00aa0 26 API calls 4 library calls 81061->81072 81073 eef790 81064->81073 81067 ef64af 81084 f153e0 81067->81084 81068 ef64a1 81083 f15150 29 API calls 4 library calls 81068->81083 81071 ef6499 81071->81056 81072->81056 81074 eef7b9 81073->81074 81075 eef7f6 81073->81075 81076 ee8040 numpunct 27 API calls 81074->81076 81075->81067 81075->81068 81075->81071 81077 eef7c6 81076->81077 81091 ee97f0 81077->81091 81080 f63148 __CxxThrowException@8 RaiseException 81081 eef7e7 81080->81081 81082 eeb9f0 ThreadProxyFactory 26 API calls 81081->81082 81082->81075 81083->81071 81090 f153ef _Yarn 81084->81090 81085 f1541b 81085->81071 81086 f4a986 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection Concurrency::details::SchedulerBase::HasSearchers 81086->81090 81087 f15421 Concurrency::details::GetSharedTimerQueue 81088 f63148 __CxxThrowException@8 RaiseException 81087->81088 81089 f15439 81088->81089 81090->81085 81090->81086 81090->81087 81094 ee92a0 81091->81094 81095 ee92d0 std::exception::exception 81094->81095 81096 ee7e90 std::system_error::system_error 27 API calls 81095->81096 81097 ee92fe 81096->81097 81097->81080 81099 f7370d 81098->81099 81100 f736f9 81098->81100 81105 f73709 __alldvrm 81099->81105 81108 f7ce59 11 API calls 2 library calls 81099->81108 81106 f6c962 20 API calls __dosmaperr 81100->81106 81102 f736fe 81107 f6c879 26 API calls _memcpy_s 81102->81107 81105->81018 81106->81102 81107->81105 81108->81105 81109 f6d0d2 81111 f6d0de __FrameHandler3::FrameUnwindToState 81109->81111 81110 f6d0ec 81134 f6c962 20 API calls __dosmaperr 81110->81134 81111->81110 81113 f6d119 81111->81113 81116 f6d11e 81113->81116 81117 f6d12b 81113->81117 81114 f6d0f1 81135 f6c879 26 API calls _memcpy_s 81114->81135 81136 f6c962 20 API calls __dosmaperr 81116->81136 81126 f7c0d3 81117->81126 81120 f6d134 81121 f6d13b 81120->81121 81123 f6d148 81120->81123 81137 f6c962 20 API calls __dosmaperr 81121->81137 81138 f6d17c LeaveCriticalSection _Fgetc _Xfiopen 81123->81138 81125 f6d0fc __wsopen_s 81127 f7c0df __FrameHandler3::FrameUnwindToState 81126->81127 81139 f750c1 EnterCriticalSection 81127->81139 81129 f7c0ed 81140 f7c16d 81129->81140 81133 f7c11e __wsopen_s 81133->81120 81134->81114 81135->81125 81136->81125 81137->81125 81138->81125 81139->81129 81146 f7c190 81140->81146 81141 f7c1e9 81158 f7b1aa 81141->81158 81145 f7b207 _free 20 API calls 81147 f7c1fb 81145->81147 81146->81141 81146->81146 81152 f7c0fa 81146->81152 81156 f6d422 EnterCriticalSection 81146->81156 81157 f6d436 LeaveCriticalSection 81146->81157 81147->81152 81167 f7cf86 11 API calls 2 library calls 81147->81167 81149 f7c21a 81168 f6d422 EnterCriticalSection 81149->81168 81153 f7c129 81152->81153 81171 f75111 LeaveCriticalSection 81153->81171 81155 f7c130 81155->81133 81156->81146 81157->81146 81159 f7b1b7 81158->81159 81160 f7b1f7 81159->81160 81161 f7b1e2 HeapAlloc 81159->81161 81162 f7b1cb _abort 81159->81162 81170 f6c962 20 API calls __dosmaperr 81160->81170 81161->81162 81163 f7b1f5 81161->81163 81162->81160 81162->81161 81169 f75a8a 7 API calls 2 library calls 81162->81169 81165 f7b1fc 81163->81165 81165->81145 81167->81149 81168->81152 81169->81162 81170->81165 81171->81155 81172 f4c082 81173 f4c08e __FrameHandler3::FrameUnwindToState 81172->81173 81202 f4b84f 81173->81202 81175 f4c095 81176 f4c1ee 81175->81176 81179 f4c0bf 81175->81179 81363 f4c9f0 4 API calls 2 library calls 81176->81363 81178 f4c1f5 81364 f778eb 28 API calls _Atexit 81178->81364 81188 f4c0fe ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 81179->81188 81357 f7850a 5 API calls __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 81179->81357 81181 f4c1fb 81365 f7789d 28 API calls _Atexit 81181->81365 81184 f4c0d8 81186 f4c0de 81184->81186 81358 f784ae 5 API calls __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 81184->81358 81185 f4c203 81189 f4c15f 81188->81189 81359 f6f9d6 43 API calls 3 library calls 81188->81359 81213 f77ec7 81189->81213 81203 f4b858 81202->81203 81366 f4c2ff IsProcessorFeaturePresent 81203->81366 81205 f4b864 81367 f65a4b 10 API calls 3 library calls 81205->81367 81207 f4b869 81208 f4b86d 81207->81208 81368 f783e7 81207->81368 81208->81175 81211 f4b884 81211->81175 81214 f77ed0 81213->81214 81215 f4c173 81213->81215 81383 f77bfa 62 API calls 81214->81383 81217 f10280 81215->81217 81384 ee82f0 81217->81384 81220 ee82f0 numpunct 27 API calls 81221 f102d6 std::ios_base::_Init 81220->81221 81388 ee8200 81221->81388 81225 f10301 SafeSQueue 81801 f01830 81225->81801 81227 f103ab std::ios_base::_Init 81805 f07e90 81227->81805 81229 f103c2 _Error_objects 81835 f0e370 81229->81835 81235 f10433 81236 eeb9f0 ThreadProxyFactory 26 API calls 81235->81236 81237 f1043e 81236->81237 81853 eec8c0 81237->81853 81239 f1044d SafeSQueue 81240 f01830 27 API calls 81239->81240 81241 f104ca std::ios_base::_Init 81240->81241 81856 ee1d10 81241->81856 81246 f10548 81247 f1112a FreeConsole 81246->81247 81327 f10555 81246->81327 81248 f1113e 81247->81248 81900 f050b0 59 API calls 2 library calls 81248->81900 81251 f11693 81912 eebe60 43 API calls std::_Container_base12::~_Container_base12 81251->81912 81252 f1116e 81901 f0fb40 44 API calls allocator 81252->81901 81255 f1169f 81913 eebe60 43 API calls std::_Container_base12::~_Container_base12 81255->81913 81256 f11196 81261 f1055a std::ios_base::_Init 81263 f105a6 81261->81263 81283 f10843 Concurrency::details::VirtualProcessor::IsAvailable ISource 81261->81283 81270 ee7e90 std::system_error::system_error 27 API calls 81263->81270 81273 f105ba std::runtime_error::runtime_error 81270->81273 81279 f105c9 GetDriveTypeA 81273->81279 81277 f108ca std::ios_base::_Init 81295 f109dd 81277->81295 81317 f10c09 Concurrency::details::VirtualProcessor::IsAvailable ISource 81277->81317 81294 f105e7 SafeSQueue operator!= 81279->81294 81283->81277 81886 f0f7b0 50 API calls 2 library calls 81283->81886 81285 f1082f 81294->81285 81297 f01830 27 API calls 81294->81297 81299 ee7e90 std::system_error::system_error 27 API calls 81295->81299 81298 f106a6 81297->81298 81300 f109f1 std::runtime_error::runtime_error 81299->81300 81305 f10a00 GetDriveTypeA 81300->81305 81324 f10c90 std::ios_base::_Init 81317->81324 81890 f0f7b0 50 API calls 2 library calls 81317->81890 81326 f10da3 81324->81326 81324->81327 81331 ee7e90 std::system_error::system_error 27 API calls 81326->81331 81911 f071e0 26 API calls std::_Container_base12::~_Container_base12 81327->81911 81357->81184 81358->81188 81359->81189 81363->81178 81364->81181 81365->81185 81366->81205 81367->81207 81372 f83d1a 81368->81372 81371 f65a74 8 API calls 3 library calls 81371->81208 81373 f83d37 81372->81373 81376 f83d33 81372->81376 81373->81376 81378 f7ba17 81373->81378 81374 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81375 f4b876 81374->81375 81375->81211 81375->81371 81376->81374 81379 f7ba1e 81378->81379 81380 f7ba61 GetStdHandle 81379->81380 81381 f7bac9 81379->81381 81382 f7ba74 GetFileType 81379->81382 81380->81379 81381->81373 81382->81379 81383->81215 81385 ee831e numpunct 81384->81385 81917 ef6bc0 81385->81917 81389 ee8230 std::system_error::system_error allocator Concurrency::details::ContextBase::GetWorkQueueIdentity 81388->81389 81926 ef2970 81389->81926 81392 f08810 81393 f08841 __wsopen_s 81392->81393 81936 f0aa40 81393->81936 81396 f074a0 26 API calls 81397 f08891 81396->81397 81398 eeb9f0 ThreadProxyFactory 26 API calls 81397->81398 81399 f0889c 81398->81399 81400 ee8040 numpunct 27 API calls 81399->81400 81401 f088ac _Error_objects 81400->81401 81402 ee82f0 numpunct 27 API calls 81401->81402 81403 f088cf 81402->81403 81404 ee82f0 numpunct 27 API calls 81403->81404 81405 f088e3 81404->81405 81950 f00c70 81405->81950 81410 eec8c0 ~ 26 API calls 81411 f08944 81410->81411 81412 f0a443 81411->81412 81413 f08953 std::ios_base::_Init 81411->81413 81414 f00c70 49 API calls 81412->81414 81416 f07e90 29 API calls 81413->81416 81415 f0a455 81414->81415 81417 f0f5a0 63 API calls 81415->81417 81436 f08976 std::ios_base::_Init 81416->81436 81418 f0a474 81417->81418 81419 f0a4f4 81418->81419 81420 f00c70 49 API calls 81418->81420 81421 f0a544 81419->81421 81423 eec8c0 ~ 26 API calls 81419->81423 81422 f0a494 81420->81422 81424 f0a568 81421->81424 81426 eec8c0 ~ 26 API calls 81421->81426 81425 f0f5a0 63 API calls 81422->81425 81423->81421 81428 eec8c0 ~ 26 API calls 81424->81428 81431 f0a58c std::ios_base::_Init 81424->81431 81427 f0a4b6 81425->81427 81426->81424 81427->81419 81429 f00c70 49 API calls 81427->81429 81428->81431 81430 f0a4d2 81429->81430 81433 f0f5a0 63 API calls 81430->81433 81432 ee9b90 29 API calls 81431->81432 81435 f0a43e SafeSQueue _Receive_impl 81431->81435 81434 f0a5b5 std::ios_base::_Init 81432->81434 81433->81419 81438 f4b796 Mailbox 8 API calls 81434->81438 81439 f018e0 27 API calls 81435->81439 81437 ee7e90 std::system_error::system_error 27 API calls 81436->81437 81456 f08c51 std::ios_base::_Init 81436->81456 81441 f089f2 operator!= 81437->81441 81442 f0a5cd std::ios_base::_Init 81438->81442 81443 f0a810 std::ios_base::_Init SafeSQueue 81439->81443 81440 f0a5fd 81444 f063f0 29 API calls 81440->81444 81518 f08b85 81441->81518 81963 f01e10 81441->81963 81442->81440 82270 ee8bd0 29 API calls 81442->82270 81450 ee7e90 std::system_error::system_error 27 API calls 81443->81450 81448 f0a63a 81444->81448 81445 eeb9f0 ThreadProxyFactory 26 API calls 81445->81456 81451 f3bd90 27 API calls 81448->81451 81453 f0a842 81450->81453 81459 f0a65c std::ios_base::_Init 81451->81459 81454 ee7e90 std::system_error::system_error 27 API calls 81453->81454 81458 f0a858 _Smanip 81454->81458 81455 f09016 std::ios_base::_Init 82004 f05970 81455->82004 81456->81455 81463 ee7e90 std::system_error::system_error 27 API calls 81456->81463 82261 f06060 81458->82261 81461 f4b796 Mailbox 8 API calls 81459->81461 81460 f0f5a0 63 API calls 81464 f08a74 81460->81464 81471 f0a670 std::ios_base::_Init 81461->81471 81473 f08ccb operator!= 81463->81473 81470 eec8c0 ~ 26 API calls 81464->81470 81467 f0a6a3 81474 f060c0 29 API calls 81467->81474 81468 ee1cd0 75 API calls 81469 f09056 81468->81469 82014 ef7310 81469->82014 81475 f08ab9 81470->81475 81471->81467 82271 ee74a0 27 API calls 81471->82271 81479 f01990 49 API calls 81473->81479 81549 f08f4a 81473->81549 81480 f0a6db 81474->81480 81476 eeb9f0 ThreadProxyFactory 26 API calls 81475->81476 81482 f08ac8 81476->81482 81478 f09064 std::ios_base::_Init 82019 ee8b60 81478->82019 81484 f08d06 81479->81484 81485 f3c750 29 API calls 81480->81485 81481 eeb9f0 ThreadProxyFactory 26 API calls 81481->81455 81486 f08b4f 81482->81486 81490 f01e10 27 API calls 81482->81490 81483 f0a8a6 Concurrency::details::SchedulerBase::Cleanup 81491 f07220 std::_Container_base12::~_Container_base12 26 API calls 81483->81491 81996 f100b0 81484->81996 81488 f0a6fd 81485->81488 81988 ee1cd0 81486->81988 81489 ef0b30 128 API calls 81488->81489 81495 f0a70c std::ios_base::_Init 81489->81495 81496 f08aeb 81490->81496 81497 f0a8ec 81491->81497 82272 f056b0 81495->82272 81501 f01990 49 API calls 81496->81501 81502 eeb9f0 ThreadProxyFactory 26 API calls 81497->81502 81498 f09083 std::ios_base::_Init 82024 f06580 81498->82024 81500 eec8c0 ~ 26 API calls 81504 f08dbe __aulldiv 81500->81504 81505 f08b18 81501->81505 81506 f0a8fb 81502->81506 81512 f01e10 27 API calls 81504->81512 81978 f0e0e0 81505->81978 81510 eeba40 ~ 26 API calls 81506->81510 81515 f0a90a 81510->81515 81519 f08e2c 81512->81519 81516 eeba40 ~ 26 API calls 81515->81516 81522 f0a919 81516->81522 81518->81445 81524 f01990 49 API calls 81519->81524 81521 eec8c0 ~ 26 API calls 81526 f08b40 81521->81526 81527 eeb9f0 ThreadProxyFactory 26 API calls 81522->81527 81529 f08e59 81524->81529 81531 eeb9f0 ThreadProxyFactory 26 API calls 81526->81531 81532 f0a928 81527->81532 81533 f0f5a0 63 API calls 81529->81533 81531->81486 81535 eeb9f0 ThreadProxyFactory 26 API calls 81532->81535 81536 f08e6f 81533->81536 81538 f0a937 81535->81538 81541 eec8c0 ~ 26 API calls 81536->81541 81539 eeba40 ~ 26 API calls 81538->81539 81540 f0a946 81539->81540 81542 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81540->81542 81543 f08eb4 81541->81543 81544 f0a960 81542->81544 81546 eeb9f0 ThreadProxyFactory 26 API calls 81543->81546 81544->81225 81545 f090d7 std::ios_base::_Init _Receive_impl _Error_objects 81547 f4b796 Mailbox 8 API calls 81545->81547 81548 f08ec3 81546->81548 81553 f09109 std::ios_base::_Init 81547->81553 81548->81549 81550 f01e10 27 API calls 81548->81550 81549->81481 81552 f08ee6 81550->81552 81551 f0913e 82060 f060c0 81551->82060 81554 f01990 49 API calls 81552->81554 81553->81551 82265 ee74a0 27 API calls 81553->82265 81557 f08f13 81554->81557 81559 f0e0e0 54 API calls 81557->81559 81561 f08f29 81559->81561 81563 eec8c0 ~ 26 API calls 81561->81563 81565 f08f3b 81563->81565 81567 eeb9f0 ThreadProxyFactory 26 API calls 81565->81567 81567->81549 81802 f01864 std::system_error::system_error ctype numpunct 81801->81802 84331 f025d0 81802->84331 81806 f07ed2 std::ios_base::_Init SafeSQueue 81805->81806 84341 f05f90 81806->84341 81808 f07eeb GetLogicalDriveStringsW 81809 f07f2d 81808->81809 81812 f07f19 std::ios_base::_Init operator!= 81808->81812 81810 f07f6a 81809->81810 81809->81812 81811 ee82f0 numpunct 27 API calls 81810->81811 81813 f07f7c SafeSQueue 81811->81813 81816 f081ca 81812->81816 84350 f07660 5 API calls 2 library calls 81812->84350 84351 f0f500 26 API calls 4 library calls 81812->84351 81814 f018e0 27 API calls 81813->81814 81815 f07ffd GetDriveTypeW 81814->81815 81817 f08044 81815->81817 81818 f08037 81815->81818 81819 f07220 std::_Container_base12::~_Container_base12 26 API calls 81816->81819 81824 eeb9f0 ThreadProxyFactory 26 API calls 81817->81824 81818->81817 81820 f080b2 81818->81820 81821 f0806c 81818->81821 81822 f0808f 81818->81822 81823 f081fa 81819->81823 84349 f0fb20 27 API calls 81820->84349 84347 f0fb20 27 API calls 81821->84347 84348 f0fb20 27 API calls 81822->84348 81828 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81823->81828 81829 f08115 81824->81829 81830 f08212 81828->81830 81831 eeba40 ~ 26 API calls 81829->81831 81830->81229 81833 f08124 81831->81833 81833->81229 81836 f0e3a7 81835->81836 84353 f0b260 81836->84353 81839 f0e3d1 81841 eec8c0 ~ 26 API calls 81839->81841 81842 f0e3f5 81841->81842 81843 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81842->81843 81844 f0e40d 81843->81844 81845 eff330 81844->81845 81846 eff348 SafeSQueue 81845->81846 84364 ee5d50 81846->84364 81849 f074a0 81850 f074d1 allocator 81849->81850 81851 ef6050 std::system_error::system_error 26 API calls 81850->81851 81852 f074e1 allocator Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 81850->81852 81851->81852 81852->81235 81854 eeba40 ~ 26 API calls 81853->81854 81855 eec8cf 81854->81855 81855->81239 81858 ee1d52 char_traits 81856->81858 81857 eeab60 74 API calls 81869 ee1dff char_traits 81857->81869 81858->81857 81859 efef00 46 API calls 81860 ee205b 81859->81860 81861 eec8e0 74 API calls 81860->81861 81863 ee2070 81861->81863 81862 ee1e15 std::ios_base::width 81862->81859 81865 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81863->81865 81864 ee1edc 81866 eff1e0 70 API calls 81864->81866 81871 ee1f1f char_traits 81864->81871 81867 ee208b 81865->81867 81866->81871 81872 f07540 81867->81872 81868 eff0b0 70 API calls 81868->81869 81869->81862 81869->81864 81869->81868 81870 eff0b0 70 API calls 81870->81871 81871->81862 81871->81870 84397 f023b0 81872->84397 81875 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81876 f0757c FreeConsole 81875->81876 81876->81246 81876->81261 81886->81283 81890->81317 81900->81252 81901->81256 81911->81251 81912->81255 81918 ef6bd0 allocator _WChar_traits 81917->81918 81921 ef6bf0 81918->81921 81920 ee8339 81920->81220 81922 ef6c01 Concurrency::details::ContextBase::GetWorkQueueIdentity 81921->81922 81924 ef6c0f std::_Winerror_message numpunct 81922->81924 81925 ee4260 27 API calls 8 library calls 81922->81925 81924->81920 81925->81924 81927 ef298b Concurrency::details::ContextBase::GetWorkQueueIdentity std::_Winerror_message 81926->81927 81933 ef29b3 construct allocator numpunct 81927->81933 81934 efc2c0 5 API calls 5 library calls 81927->81934 81929 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81931 ee8259 81929->81931 81930 ef29f0 _Min_value 81935 ef65e0 27 API calls 2 library calls 81930->81935 81931->81392 81933->81929 81934->81930 81935->81933 81937 f0aa5b __wsopen_s 81936->81937 81938 ee8040 numpunct 27 API calls 81937->81938 81939 f0aa86 SafeSQueue 81938->81939 82292 eed8d0 81939->82292 81941 f0aa9d 82295 ee5d10 81941->82295 81946 eeb9f0 ThreadProxyFactory 26 API calls 81947 f0ab22 81946->81947 81948 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81947->81948 81949 f08877 81948->81949 81949->81396 82367 f02620 81950->82367 81953 f0f5a0 81954 f0f5ba std::ios_base::_Init 81953->81954 82410 f06a40 81954->82410 81958 f0f5cf Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 81959 f0f5f6 81958->81959 82418 f0d8d0 52 API calls 3 library calls 81958->82418 81961 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81959->81961 81962 f08909 81961->81962 81962->81410 81964 f01e48 allocator std::ios_base::good _Error_objects char_traits 81963->81964 82480 efe700 81964->82480 81970 f01e91 std::system_error::system_error 81971 eeb9f0 ThreadProxyFactory 26 API calls 81970->81971 81972 f01eb5 81971->81972 81973 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81972->81973 81974 f01ece 81973->81974 81975 f01990 81974->81975 82508 f026c0 81975->82508 81979 f0e0fa std::ios_base::_Init 81978->81979 81980 f06a40 45 API calls 81979->81980 81981 f0e102 81980->81981 82512 f0e150 81981->82512 81983 f0e10f Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 81984 f0e136 81983->81984 82532 f0d8d0 52 API calls 3 library calls 81983->82532 81986 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 81984->81986 81987 f08b2e 81986->81987 81987->81521 81989 ee1cde std::ios_base::good std::runtime_error::runtime_error 81988->81989 82573 ee3bf0 81989->82573 81992 eecb20 81993 eecb42 81992->81993 82671 ee5a80 81993->82671 81997 f100d4 81996->81997 82693 f49d99 GetDiskFreeSpaceExW 81997->82693 81999 f100da 82000 f100f5 81999->82000 82699 ef5cb0 52 API calls 4 library calls 81999->82699 82002 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82000->82002 82003 f08d23 82002->82003 82003->81500 82005 f059a5 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 82004->82005 82700 ee7bc0 82005->82700 82011 f05a46 82012 f05a64 82011->82012 82013 efef00 46 API calls 82011->82013 82012->81468 82013->82012 82750 ef7230 82014->82750 82017 ef7342 82017->81478 82018 efef00 46 API calls 82018->82017 82840 f2f2f0 82019->82840 82021 ee8b8e 82849 f335b0 82021->82849 82023 ee8baf 82023->81498 82025 f065b5 82024->82025 82026 ee9b90 29 API calls 82025->82026 82027 f065f1 82026->82027 82958 f06710 82027->82958 82032 f1a2e0 29 API calls 82033 f06680 82032->82033 82034 f1a2e0 29 API calls 82033->82034 82035 f06692 82034->82035 82036 f1a2e0 29 API calls 82035->82036 82037 f066a4 82036->82037 82038 f1a2e0 29 API calls 82037->82038 82039 f066b6 82038->82039 82040 f1a2e0 29 API calls 82039->82040 82041 f066c8 82040->82041 82042 f1a120 82041->82042 82043 f1a13c 82042->82043 82044 f1a137 82042->82044 82046 ef64d0 Concurrency::task_options::get_cancellation_token 29 API calls 82043->82046 82976 f2b420 5 API calls Concurrency::task_options::get_cancellation_token 82044->82976 82047 f090b5 82046->82047 82048 f3f4f0 82047->82048 82049 f3f52e 82048->82049 82050 f1a120 29 API calls 82049->82050 82051 f3f53e 82050->82051 82977 f21740 82051->82977 82053 f3f55a 82989 ee2500 82053->82989 82055 f3f583 82056 f4b796 Mailbox 8 API calls 82055->82056 82057 f3f5bb 82056->82057 82059 f3f5f2 boost::exception::~exception 82057->82059 82995 f1a040 82057->82995 82059->81545 82061 f4b796 Mailbox 8 API calls 82060->82061 82063 f060f5 std::ios_base::_Init 82061->82063 82065 f4b796 Mailbox 8 API calls 82063->82065 82071 f06165 82063->82071 82067 f06119 std::ios_base::_Init 82065->82067 82068 f0613d 82067->82068 83015 ee9ce0 82071->83015 82262 f06075 std::error_category::equivalent 82261->82262 84212 f03c50 82262->84212 82264 f060b1 82264->81483 82265->81551 82270->81440 82271->81467 82273 f056e5 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 82272->82273 82274 f058a0 87 API calls 82273->82274 82275 f0571c 82274->82275 82276 ee7890 50 API calls 82275->82276 82277 f05762 82276->82277 82278 f0f990 81 API calls 82277->82278 82279 f05786 82278->82279 82280 f057a4 82279->82280 82281 efef00 46 API calls 82279->82281 82282 f01d10 82280->82282 82281->82280 82283 f01d1c allocator 82282->82283 84240 f01a60 82283->84240 82286 f0e010 82287 ef72a0 73 API calls 82286->82287 82288 f0e024 82287->82288 82289 f0a757 82288->82289 82290 efef00 46 API calls 82288->82290 82291 f07920 73 API calls std::bad_exception::~bad_exception 82289->82291 82290->82289 82291->81435 82305 f49e8a 82292->82305 82296 ee5d2c 82295->82296 82347 ee41c0 82296->82347 82299 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82300 ee5d4a 82299->82300 82301 eff370 82300->82301 82302 eff38c 82301->82302 82352 ee7f10 82302->82352 82311 f757d8 82305->82311 82307 f49e97 82308 eed8dc 82307->82308 82325 f4830a 27 API calls 2 library calls 82307->82325 82308->81941 82312 f757e4 82311->82312 82313 f757f9 82311->82313 82335 f6c962 20 API calls __dosmaperr 82312->82335 82326 f7d235 82313->82326 82316 f757e9 82336 f6c879 26 API calls _memcpy_s 82316->82336 82319 f7581c 82319->82307 82320 f757f4 82320->82307 82322 f7580d 82338 f6c962 20 API calls __dosmaperr 82322->82338 82324 f75818 82324->82307 82339 f7c9cc 82326->82339 82328 f7d25c 82329 f7d286 82328->82329 82330 f7d265 82328->82330 82345 f75820 43 API calls 2 library calls 82329->82345 82333 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82330->82333 82332 f7d28b 82334 f75804 82333->82334 82334->82319 82337 f6c962 20 API calls __dosmaperr 82334->82337 82335->82316 82336->82320 82337->82322 82338->82324 82343 f7c9f8 82339->82343 82344 f7c9fc __crt_fast_encode_pointer 82339->82344 82340 f7ca1c 82342 f7ca28 GetProcAddress 82340->82342 82340->82344 82342->82344 82343->82340 82343->82344 82346 f7ca68 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 82343->82346 82344->82328 82345->82332 82346->82343 82348 ee41d3 ctype 82347->82348 82349 ee41fc 82348->82349 82351 ee5c90 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 82348->82351 82349->82299 82351->82348 82353 ee7f42 std::system_error::system_error numpunct 82352->82353 82356 ef6950 82353->82356 82357 ef6961 Concurrency::details::ContextBase::GetWorkQueueIdentity 82356->82357 82362 ef2800 82357->82362 82359 ef6970 std::runtime_error::runtime_error 82360 ef6a70 std::system_error::system_error 27 API calls 82359->82360 82361 ee7f65 82360->82361 82361->81946 82363 ef2817 82362->82363 82364 ef2812 82362->82364 82363->82359 82366 ef63c0 27 API calls std::_Init_wcerr::_Init_wcerr 82364->82366 82366->82363 82368 f0263f 82367->82368 82371 f02710 82368->82371 82376 f49762 82371->82376 82373 f02728 82381 f0b110 82373->82381 82399 f751c1 43 API calls 2 library calls 82376->82399 82378 f49767 82379 f49770 82378->82379 82380 f49773 AreFileApisANSI 82378->82380 82379->82373 82380->82373 82383 f0b147 std::error_category::equivalent Concurrency::details::TaskStack::IsEmpty 82381->82383 82382 f0b214 82384 eeba40 ~ 26 API calls 82382->82384 82383->82382 82389 f0b175 std::error_category::equivalent 82383->82389 82400 ef63d0 46 API calls 2 library calls 82383->82400 82385 f0b23b 82384->82385 82387 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82385->82387 82388 f00c90 82387->82388 82388->81953 82401 f4977f MultiByteToWideChar GetLastError 82389->82401 82391 f0b1a0 82402 ef27c0 46 API calls 2 library calls 82391->82402 82393 f0b1b3 82403 f0fd70 82393->82403 82395 f0b1c7 std::error_category::equivalent 82407 f4977f MultiByteToWideChar GetLastError 82395->82407 82397 f0b201 82408 ef27c0 46 API calls 2 library calls 82397->82408 82399->82378 82400->82389 82401->82391 82402->82393 82404 f0fd81 std::ios_base::good 82403->82404 82406 f0fd8c 82404->82406 82409 f0de70 27 API calls 3 library calls 82404->82409 82406->82395 82407->82397 82408->82382 82409->82406 82419 eff4e0 82410->82419 82413 f0f610 82437 f10130 82413->82437 82415 f0f627 std::error_category::equivalent 82417 f0f642 82415->82417 82444 f0dfb0 82415->82444 82417->81958 82418->81959 82422 ee3b30 82419->82422 82427 f48cda 82422->82427 82425 ee3b53 82425->82413 82431 f4b2b2 82427->82431 82430 f6f9d6 43 API calls 3 library calls 82430->82425 82432 ee3b47 82431->82432 82433 f4b2dc 82431->82433 82432->82425 82432->82430 82433->82432 82434 f4b334 SetLastError 82433->82434 82435 f4b2f9 SwitchToThread 82433->82435 82436 f4b312 82433->82436 82434->82432 82435->82433 82436->82432 82436->82434 82447 ef39a0 82437->82447 82441 f10182 82442 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82441->82442 82443 f101ad 82442->82443 82443->82415 82445 eff4e0 std::generic_category 45 API calls 82444->82445 82446 f0dfc5 82445->82446 82446->82417 82448 ef39b8 82447->82448 82456 f49a22 82448->82456 82450 ef39d0 82451 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82450->82451 82452 ef3a0a 82451->82452 82453 ef5110 82452->82453 82454 eff4e0 std::generic_category 45 API calls 82453->82454 82455 ef5118 _Smanip 82454->82455 82455->82441 82459 f49a8c 82456->82459 82457 f49a90 82460 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82457->82460 82458 f49af5 82458->82457 82463 f49b44 82458->82463 82459->82457 82459->82458 82461 f49ad9 GetFileAttributesExW 82459->82461 82462 f49d5c 82460->82462 82461->82458 82464 f49aea GetLastError 82461->82464 82462->82450 82477 f49d65 CreateFileW GetLastError 82463->82477 82464->82457 82466 f49b63 82475 f49c98 82466->82475 82478 f495fb GetModuleHandleW GetProcAddress __crt_fast_encode_pointer 82466->82478 82469 f49d43 82469->82457 82470 f49c9f GetFileInformationByHandle 82471 f49cb2 82470->82471 82472 f49bc8 GetLastError 82470->82472 82474 f49cf4 FindFirstFileExW 82471->82474 82471->82475 82472->82475 82473 f49b8c 82473->82470 82473->82472 82473->82475 82474->82472 82476 f49d16 FindClose 82474->82476 82479 f49742 44 API calls pair 82475->82479 82476->82475 82477->82466 82478->82473 82479->82469 82481 efe711 Concurrency::details::ContextBase::GetWorkQueueIdentity 82480->82481 82482 efe71f 82481->82482 82483 efe739 82481->82483 82485 efe766 std::system_error::system_error 82481->82485 82487 eed930 82482->82487 82493 ee4e40 27 API calls 5 library calls 82483->82493 82485->82482 82494 ef2340 26 API calls 4 library calls 82485->82494 82495 ef6640 82487->82495 82490 eed970 82504 ef6720 82490->82504 82493->82482 82494->82482 82496 ef6651 Concurrency::details::ContextBase::GetWorkQueueIdentity std::runtime_error::runtime_error 82495->82496 82499 ef6750 82496->82499 82498 eed943 82498->82490 82500 ef6761 Concurrency::details::ContextBase::GetWorkQueueIdentity 82499->82500 82502 ef677b std::system_error::system_error std::runtime_error::runtime_error 82500->82502 82503 ee4f80 27 API calls 6 library calls 82500->82503 82502->82498 82503->82502 82505 ef6730 allocator char_traits 82504->82505 82506 ef6750 std::system_error::system_error 27 API calls 82505->82506 82507 eed983 82506->82507 82507->81970 82509 f026df 82508->82509 82510 f02710 49 API calls 82509->82510 82511 f019b0 82510->82511 82511->81460 82513 f0dfb0 45 API calls 82512->82513 82514 f0e181 SafeSQueue std::ios_base::good 82513->82514 82533 efe790 82514->82533 82516 f0e1ac std::ios_base::good 82540 ef32b0 82516->82540 82518 f0e1dc 82519 f0e200 std::_Is_slash_oper::operator 82518->82519 82550 ef4fc0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 82518->82550 82543 f049e0 82519->82543 82522 f0e30f 82523 ef5110 std::make_error_code 45 API calls 82522->82523 82524 f0e32e 82523->82524 82525 eeba40 ~ 26 API calls 82524->82525 82527 f0e353 82525->82527 82526 f049e0 27 API calls 82529 f0e243 82526->82529 82528 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82527->82528 82530 f0e36c 82528->82530 82529->82522 82529->82526 82547 f499b9 CreateDirectoryW 82529->82547 82530->81983 82532->81984 82535 efe7a1 Concurrency::details::ContextBase::GetWorkQueueIdentity 82533->82535 82534 efe7af 82534->82516 82535->82534 82536 efe7c9 82535->82536 82537 efe7f6 std::_Winerror_message 82535->82537 82551 ee4bb0 27 API calls 7 library calls 82536->82551 82537->82534 82552 ef23e0 26 API calls 5 library calls 82537->82552 82553 ef32f0 82540->82553 82542 ef32cb 82542->82518 82544 f049f5 82543->82544 82558 f051c0 82544->82558 82548 f499d7 GetLastError 82547->82548 82549 f499cf 82547->82549 82548->82549 82549->82529 82550->82519 82551->82534 82552->82534 82554 ef3308 82553->82554 82556 ef3300 std::_Is_slash_oper::operator 82553->82556 82557 ef4300 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 82554->82557 82556->82542 82557->82556 82559 f051d6 allocator ctype 82558->82559 82562 f04120 82559->82562 82563 f04135 82562->82563 82566 f0fb70 82563->82566 82565 f0416d 82565->82529 82567 f0fb81 Concurrency::details::ContextBase::GetWorkQueueIdentity 82566->82567 82568 ef2800 27 API calls 82567->82568 82569 f0fb90 82568->82569 82571 f0fbab std::_Winerror_message numpunct 82569->82571 82572 f03d20 27 API calls 7 library calls 82569->82572 82571->82565 82572->82571 82575 ee3c38 82573->82575 82574 eeab60 74 API calls 82587 ee3c96 char_traits 82574->82587 82575->82574 82576 efef00 46 API calls 82577 ee3ec7 82576->82577 82578 eec8e0 74 API calls 82577->82578 82579 ee3edc 82578->82579 82580 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82579->82580 82583 ee1cfd 82580->82583 82581 ee3d5a 82588 ee3d9c char_traits 82581->82588 82589 eff1e0 82581->82589 82582 ee3cac std::ios_base::width 82582->82576 82583->81992 82586 eff0b0 70 API calls 82586->82588 82587->82581 82587->82582 82593 eff0b0 82587->82593 82588->82582 82588->82586 82590 eff20f 82589->82590 82597 f005e0 82590->82597 82591 eff215 82591->82588 82594 eff0c1 operator!= 82593->82594 82595 eff0d5 operator!= 82594->82595 82632 efda20 82594->82632 82595->82587 82598 f005f2 82597->82598 82600 f0060b std::system_error::system_error 82597->82600 82598->82591 82600->82598 82601 f6e258 82600->82601 82602 f6e282 82601->82602 82603 f6e266 82601->82603 82602->82598 82603->82602 82604 f6e272 82603->82604 82605 f6e288 82603->82605 82613 f6c962 20 API calls __dosmaperr 82604->82613 82610 f6e071 82605->82610 82608 f6e277 82614 f6c879 26 API calls _memcpy_s 82608->82614 82615 f6e020 82610->82615 82612 f6e095 82612->82602 82613->82608 82614->82602 82616 f6e02c __FrameHandler3::FrameUnwindToState 82615->82616 82623 f6d422 EnterCriticalSection 82616->82623 82618 f6e03a 82624 f6e099 82618->82624 82622 f6e058 __wsopen_s 82622->82612 82623->82618 82625 f7f08e 27 API calls 82624->82625 82626 f6e0ae 82625->82626 82627 f6e0df 67 API calls 82626->82627 82628 f6e0c9 82627->82628 82629 f7f143 67 API calls 82628->82629 82630 f6e047 82629->82630 82631 f6e065 LeaveCriticalSection _Fgetc 82630->82631 82631->82622 82635 efda39 char_traits 82632->82635 82633 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82634 efdc04 82633->82634 82634->82595 82636 efdace operator!= 82635->82636 82638 efdb16 codecvt operator!= 82635->82638 82641 efda53 operator!= char_traits 82635->82641 82644 ee39b0 82636->82644 82639 efdb6f 82638->82639 82640 efdb77 82638->82640 82638->82641 82639->82641 82642 ee39b0 _Fputc 28 API calls 82639->82642 82640->82641 82643 f6e258 70 API calls 82640->82643 82641->82633 82642->82641 82643->82641 82647 f6d8f4 82644->82647 82646 ee39c2 82646->82641 82648 f6d900 __FrameHandler3::FrameUnwindToState 82647->82648 82649 f6d926 82648->82649 82650 f6d90e 82648->82650 82665 f6d422 EnterCriticalSection 82649->82665 82666 f6c962 20 API calls __dosmaperr 82650->82666 82653 f6d930 82656 f6d9c6 _Fputc 82653->82656 82657 f7b5e8 _Fputc 26 API calls 82653->82657 82654 f6d913 82667 f6c879 26 API calls _memcpy_s 82654->82667 82670 f6d9f0 LeaveCriticalSection _Fgetc 82656->82670 82661 f6d949 82657->82661 82659 f6d91e @_EH4_CallFilterFunc@8 __wsopen_s 82659->82646 82660 f6d99e 82668 f6c962 20 API calls __dosmaperr 82660->82668 82661->82656 82661->82660 82663 f6d9a3 82669 f6c879 26 API calls _memcpy_s 82663->82669 82665->82653 82666->82654 82667->82659 82668->82663 82669->82659 82670->82659 82678 effe60 82671->82678 82673 ee5a9c 82682 efe2d0 82673->82682 82676 ef9220 74 API calls 82677 ee5ab0 82676->82677 82677->81518 82679 effe94 std::ios_base::getloc 82678->82679 82680 ee6080 81 API calls 82679->82680 82681 effead std::locale::~locale ctype 82680->82681 82681->82673 82683 eeab60 74 API calls 82682->82683 82684 efe315 82683->82684 82687 eff0b0 70 API calls 82684->82687 82692 efe32b char_traits 82684->82692 82685 efef00 46 API calls 82686 efe3e4 82685->82686 82688 eec8e0 74 API calls 82686->82688 82687->82692 82689 efe3f9 82688->82689 82690 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82689->82690 82691 ee5aa8 82690->82691 82691->82676 82692->82685 82694 f49dbb GetLastError 82693->82694 82696 f49db4 82693->82696 82695 f49dd1 _Yarn 82694->82695 82694->82696 82695->82696 82697 f49e2a GetDiskFreeSpaceExW 82695->82697 82696->81999 82697->82696 82698 f49e52 GetLastError 82697->82698 82698->82696 82699->82000 82701 ee7bf5 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 82700->82701 82715 ef95e0 82701->82715 82704 ee7820 82736 ee7d40 82704->82736 82706 ee784e 82741 ef44c0 82706->82741 82709 f0f8d0 82710 f0f901 82709->82710 82714 f0f91e std::locale::~locale 82709->82714 82711 ef44c0 26 API calls 82710->82711 82710->82714 82712 f0f930 82711->82712 82749 ee5e00 81 API calls 8 library calls 82712->82749 82714->82011 82724 ef4a30 82715->82724 82718 effe60 81 API calls 82719 ef960c 82718->82719 82720 ef9627 82719->82720 82721 efef00 46 API calls 82719->82721 82722 ee7c64 82720->82722 82731 f48dcc 4 API calls 2 library calls 82720->82731 82721->82720 82722->82704 82732 ef7170 82724->82732 82727 f4b796 Mailbox 8 API calls 82729 ef4aa8 std::ios_base::_Init 82727->82729 82728 ef4ac6 82728->82718 82729->82728 82735 eeaa10 50 API calls std::locale::_Init 82729->82735 82731->82722 82733 ef7190 std::ios_base::clear 46 API calls 82732->82733 82734 ef4aa1 82733->82734 82734->82727 82735->82728 82737 f4b796 Mailbox 8 API calls 82736->82737 82738 ee7d59 std::ios_base::_Init 82737->82738 82739 ee7d77 82738->82739 82747 eeaa10 50 API calls std::locale::_Init 82738->82747 82739->82706 82742 ef44d9 82741->82742 82746 ef453a 82742->82746 82748 f6d3dc 26 API calls 2 library calls 82742->82748 82743 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82745 ee786c 82743->82745 82745->82709 82746->82743 82747->82739 82748->82746 82749->82714 82751 ef7251 82750->82751 82752 ef7248 82750->82752 82758 ef2c30 82751->82758 82754 ef44c0 26 API calls 82752->82754 82756 ef728d 82754->82756 82756->82017 82756->82018 82761 ef2c4c codecvt char_traits 82758->82761 82762 ef2c57 82758->82762 82759 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82760 ef2d5b 82759->82760 82764 f6d4c0 82760->82764 82761->82762 82763 f6e258 70 API calls 82761->82763 82762->82759 82763->82762 82765 f6d4cc __FrameHandler3::FrameUnwindToState 82764->82765 82766 f6d4f2 82765->82766 82767 f6d4dd 82765->82767 82776 f6d4ed _Xfiopen __wsopen_s 82766->82776 82777 f6d422 EnterCriticalSection 82766->82777 82794 f6c962 20 API calls __dosmaperr 82767->82794 82769 f6d4e2 82795 f6c879 26 API calls _memcpy_s 82769->82795 82772 f6d50e 82778 f6d44a 82772->82778 82774 f6d519 82796 f6d536 LeaveCriticalSection _Fgetc 82774->82796 82776->82752 82777->82772 82779 f6d457 82778->82779 82780 f6d46c 82778->82780 82816 f6c962 20 API calls __dosmaperr 82779->82816 82783 f6d540 _Xfiopen 67 API calls 82780->82783 82785 f6d467 _Xfiopen 82780->82785 82782 f6d45c 82817 f6c879 26 API calls _memcpy_s 82782->82817 82786 f6d480 82783->82786 82785->82774 82797 f7d426 82786->82797 82789 f7b5e8 _Fputc 26 API calls 82790 f6d48e 82789->82790 82801 f7d50e 82790->82801 82793 f7b207 _free 20 API calls 82793->82785 82794->82769 82795->82776 82796->82776 82798 f6d488 82797->82798 82799 f7d43c 82797->82799 82798->82789 82799->82798 82800 f7b207 _free 20 API calls 82799->82800 82800->82798 82802 f7d532 82801->82802 82803 f7d51d 82801->82803 82805 f7d56d 82802->82805 82808 f7d559 82802->82808 82821 f6c94f 20 API calls __dosmaperr 82803->82821 82823 f6c94f 20 API calls __dosmaperr 82805->82823 82807 f7d522 82822 f6c962 20 API calls __dosmaperr 82807->82822 82818 f7d4e6 82808->82818 82809 f7d572 82824 f6c962 20 API calls __dosmaperr 82809->82824 82813 f7d57a 82825 f6c879 26 API calls _memcpy_s 82813->82825 82814 f6d494 82814->82785 82814->82793 82816->82782 82817->82785 82826 f7d464 82818->82826 82820 f7d50a 82820->82814 82821->82807 82822->82814 82823->82809 82824->82813 82825->82814 82827 f7d470 __FrameHandler3::FrameUnwindToState 82826->82827 82837 f83fa6 EnterCriticalSection 82827->82837 82829 f7d47e 82830 f7d4a5 82829->82830 82831 f7d4b0 82829->82831 82832 f7d58d __wsopen_s 29 API calls 82830->82832 82838 f6c962 20 API calls __dosmaperr 82831->82838 82834 f7d4ab 82832->82834 82839 f7d4da LeaveCriticalSection __wsopen_s 82834->82839 82836 f7d4cd __wsopen_s 82836->82820 82837->82829 82838->82834 82839->82836 82875 f11ea0 82840->82875 82842 f2f327 82843 f4b796 Mailbox 8 API calls 82842->82843 82844 f2f381 82843->82844 82845 f11ea0 Concurrency::details::SchedulerBase::NumaInformation::NumaInformation 27 API calls 82844->82845 82848 f2f3b5 Hash 82844->82848 82846 f2f39b 82845->82846 82898 ef64d0 82846->82898 82848->82021 82850 f335f2 82849->82850 82851 f335ee 82849->82851 82852 f153e0 Concurrency::details::SchedulerBase::HasSearchers 5 API calls 82850->82852 82853 f11ea0 Concurrency::details::SchedulerBase::NumaInformation::NumaInformation 27 API calls 82851->82853 82852->82851 82854 f33611 82853->82854 82920 f32ee0 CryptAcquireContextA 82854->82920 82856 f33620 82937 f334a0 82856->82937 82858 f3362c CryptGenRandom 82859 f33694 82858->82859 82860 f3363a 82858->82860 82862 ee8040 numpunct 27 API calls 82859->82862 82861 f3364c CryptReleaseContext 82860->82861 82866 f33655 82860->82866 82861->82866 82863 f336a1 82862->82863 82951 f33040 29 API calls 4 library calls 82863->82951 82865 f336b1 82867 f63148 __CxxThrowException@8 RaiseException 82865->82867 82869 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82866->82869 82868 f336bf 82867->82868 82952 f62fbc 26 API calls 2 library calls 82868->82952 82871 f3368e 82869->82871 82871->82023 82872 f33707 82873 ee7e90 std::system_error::system_error 27 API calls 82872->82873 82874 f33729 82873->82874 82874->82023 82876 f11ef6 82875->82876 82879 f11ed1 Concurrency::details::SchedulerBase::NumaInformation::NumaInformation 82875->82879 82877 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82876->82877 82878 f11f0e 82877->82878 82878->82842 82879->82876 82880 f11eec Concurrency::details::SchedulerBase::NumaInformation::NumaInformation 82879->82880 82881 f11f14 82879->82881 82880->82876 82882 f11f42 82880->82882 82883 ee8040 numpunct 27 API calls 82881->82883 82884 ee8040 numpunct 27 API calls 82882->82884 82885 f11f21 82883->82885 82886 f11f4f 82884->82886 82906 f12590 27 API calls std::system_error::system_error 82885->82906 82907 f12590 27 API calls std::system_error::system_error 82886->82907 82889 f11f62 82891 f63148 __CxxThrowException@8 RaiseException 82889->82891 82890 f11f34 82892 f63148 __CxxThrowException@8 RaiseException 82890->82892 82893 f11f70 82891->82893 82892->82882 82908 f62fbc 26 API calls 2 library calls 82893->82908 82895 f11fc7 82896 ee7e90 std::system_error::system_error 27 API calls 82895->82896 82897 f11fe9 82896->82897 82897->82842 82909 eef810 82898->82909 82900 ef650d 82902 f153e0 Concurrency::details::SchedulerBase::HasSearchers 5 API calls 82900->82902 82904 ef64e9 82902->82904 82903 ef64fc 82919 f15150 29 API calls 4 library calls 82903->82919 82904->82848 82906->82890 82907->82889 82908->82895 82910 eef884 82909->82910 82911 eef83e 82909->82911 82910->82900 82910->82903 82910->82904 82911->82910 82912 ee8040 numpunct 27 API calls 82911->82912 82913 eef854 82912->82913 82914 ee97f0 Concurrency::details::SchedulerBase::HasSearchers 27 API calls 82913->82914 82915 eef867 82914->82915 82916 f63148 __CxxThrowException@8 RaiseException 82915->82916 82917 eef875 82916->82917 82918 eeb9f0 ThreadProxyFactory 26 API calls 82917->82918 82918->82910 82919->82904 82921 f32f56 82920->82921 82922 f32f2b GetLastError CryptAcquireContextA 82920->82922 82924 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82921->82924 82922->82921 82923 f32f45 CryptAcquireContextA 82922->82923 82923->82921 82925 f32f74 SetLastError 82923->82925 82926 f32f70 82924->82926 82927 ee8040 numpunct 27 API calls 82925->82927 82926->82856 82928 f32f88 82927->82928 82953 f33040 29 API calls 4 library calls 82928->82953 82930 f32f9b 82931 f63148 __CxxThrowException@8 RaiseException 82930->82931 82932 f32fa9 82931->82932 82954 f62fbc 26 API calls 2 library calls 82932->82954 82934 f32ff7 82935 ee7e90 std::system_error::system_error 27 API calls 82934->82935 82936 f33019 82935->82936 82936->82856 82938 f33567 82937->82938 82939 f334e5 82937->82939 82955 f4bc0a 5 API calls __Init_thread_wait 82938->82955 82941 f4b796 Mailbox 8 API calls 82939->82941 82949 f33530 shared_ptr 82939->82949 82943 f334f5 82941->82943 82942 f33571 82942->82939 82956 f4ba41 29 API calls __onexit 82942->82956 82945 f32ee0 34 API calls 82943->82945 82948 f3350d 82943->82948 82945->82948 82946 f33595 82957 f4bbc0 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 82946->82957 82948->82949 82950 f33527 CryptReleaseContext 82948->82950 82949->82858 82950->82949 82951->82865 82952->82872 82953->82930 82954->82934 82955->82942 82956->82946 82957->82939 82959 f06742 82958->82959 82968 f40f50 82959->82968 82962 f1a2e0 82963 f1a2f2 82962->82963 82964 f1a2f7 82962->82964 82975 f2b420 5 API calls Concurrency::task_options::get_cancellation_token 82963->82975 82966 ef64d0 Concurrency::task_options::get_cancellation_token 29 API calls 82964->82966 82967 f0666e 82966->82967 82967->82032 82969 f11ea0 Concurrency::details::SchedulerBase::NumaInformation::NumaInformation 27 API calls 82968->82969 82970 f40f8c 82969->82970 82971 f4b796 Mailbox 8 API calls 82970->82971 82972 f40fd8 82971->82972 82973 f0661a 82972->82973 82974 f153e0 Concurrency::details::SchedulerBase::HasSearchers 5 API calls 82972->82974 82973->82962 82974->82973 82975->82964 82976->82043 83003 f19f80 82977->83003 82980 f217b6 82982 f217bb 82980->82982 82984 f217c5 82980->82984 82981 f217a7 82981->82982 82983 f217af 82981->82983 83010 f21d50 26 API calls Concurrency::task_options::get_cancellation_token 82982->83010 83009 f217f0 29 API calls 2 library calls 82983->83009 83011 f217f0 29 API calls 2 library calls 82984->83011 82988 f217b4 82988->82053 82990 ee2535 std::ios_base::_Init 82989->82990 82991 f4b796 Mailbox 8 API calls 82990->82991 82992 ee253c std::ios_base::_Init std::error_category::equivalent Concurrency::wait __crt_unique_heap_ptr 82991->82992 82993 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 82992->82993 82994 ee2612 82993->82994 82994->82055 82996 f1a051 82995->82996 82998 f1a056 Concurrency::task_options::get_cancellation_token 82995->82998 83013 f2b420 5 API calls Concurrency::task_options::get_cancellation_token 82996->83013 82999 ef64d0 Concurrency::task_options::get_cancellation_token 29 API calls 82998->82999 83000 f1a0ef 82999->83000 83001 f1a113 83000->83001 83014 f15010 26 API calls 4 library calls 83000->83014 83001->82059 83004 f19f92 83003->83004 83008 f19f97 Concurrency::task_options::get_cancellation_token 83003->83008 83012 f2b420 5 API calls Concurrency::task_options::get_cancellation_token 83004->83012 83006 ef64d0 Concurrency::task_options::get_cancellation_token 29 API calls 83007 f1a00b 83006->83007 83007->82980 83007->82981 83008->83006 83009->82988 83010->82988 83011->82988 83012->83008 83013->82998 83014->83001 84213 f03c8c allocator 84212->84213 84218 f0acf0 84213->84218 84215 f03ca1 std::_Container_base12::~_Container_base12 84217 f03cca std::_Container_base12::~_Container_base12 84215->84217 84224 f042e0 27 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 84215->84224 84217->82264 84219 f0ad01 std::_Container_base12::~_Container_base12 84218->84219 84220 f0ad3f Concurrency::details::ContextBase::GetWorkQueueIdentity 84219->84220 84223 f0ad29 std::_Container_base12::~_Container_base12 84219->84223 84229 ef63b0 27 API calls Concurrency::task_continuation_context::task_continuation_context 84219->84229 84225 ef65b0 84220->84225 84223->84215 84224->84217 84226 ef65c0 allocator 84225->84226 84230 ee3060 84226->84230 84229->84220 84231 ee306c 84230->84231 84232 ee307a 84230->84232 84239 ee30a0 27 API calls _Allocate 84231->84239 84234 ee3075 84232->84234 84236 ef2030 84232->84236 84234->84223 84237 f4b796 Mailbox 8 API calls 84236->84237 84238 ef203c 84237->84238 84238->84234 84239->84234 84260 f06c90 84240->84260 84242 f01aa8 std::ios_base::getloc 84243 ee61c0 81 API calls 84242->84243 84244 f01c0b std::ios_base::width 84242->84244 84245 f01af2 std::locale::~locale 84243->84245 84246 efef00 46 API calls 84244->84246 84264 f0f4c0 84245->84264 84247 f01cdb 84246->84247 84249 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84247->84249 84250 f01d0b 84249->84250 84250->82286 84251 f01b54 84256 f01b59 84251->84256 84281 efc2c0 5 API calls 5 library calls 84251->84281 84253 f01b0e 84253->84251 84280 efc2c0 5 API calls 5 library calls 84253->84280 84268 f0fef0 84256->84268 84259 f01ba5 _WChar_traits ctype char_traits 84259->84244 84272 f10020 84259->84272 84276 f0fa50 84259->84276 84261 f06cc4 84260->84261 84282 f0d1b0 84261->84282 84265 f0f4d1 Concurrency::details::ContextBase::GetWorkQueueIdentity 84264->84265 84266 ef2800 27 API calls 84265->84266 84267 f0f4e0 84266->84267 84267->84253 84269 f0ff01 operator!= 84268->84269 84270 f0ff15 operator!= 84269->84270 84298 effca0 84269->84298 84270->84259 84273 f10031 _WChar_traits operator!= char_traits 84272->84273 84274 f0fef0 49 API calls 84273->84274 84275 f10045 _WChar_traits 84273->84275 84274->84275 84275->84259 84277 f0fa61 Concurrency::details::ContextBase::GetWorkQueueIdentity 84276->84277 84279 f0fa78 std::_Winerror_message 84277->84279 84330 f03e80 27 API calls 7 library calls 84277->84330 84279->84259 84280->84251 84281->84256 84286 f0d1f4 std::ios_base::good 84282->84286 84283 efef00 46 API calls 84284 f0d3a5 84283->84284 84285 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84284->84285 84287 f06ce0 84285->84287 84288 ef9220 74 API calls 84286->84288 84289 f0d22c std::ios_base::getloc 84286->84289 84295 f0d32c std::ios_base::good 84286->84295 84287->84242 84288->84289 84290 ee61c0 81 API calls 84289->84290 84289->84295 84291 f0d284 std::locale::~locale 84290->84291 84292 f0fef0 49 API calls 84291->84292 84296 f0d2bd _WChar_traits ctype char_traits 84292->84296 84293 f0d312 84294 efef00 46 API calls 84293->84294 84294->84295 84295->84283 84295->84284 84296->84293 84296->84295 84297 f10020 49 API calls 84296->84297 84297->84296 84299 effcbc operator!= 84298->84299 84300 effcd6 _WChar_traits operator!= char_traits 84299->84300 84304 eff860 84299->84304 84301 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84300->84301 84302 effd65 84301->84302 84302->84270 84306 eff894 operator!= 84304->84306 84305 eff8ae _WChar_traits 84309 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84305->84309 84306->84305 84307 eff8e8 84306->84307 84318 eff926 codecvt std::ios_base::good _Error_objects std::runtime_error::runtime_error 84306->84318 84326 ee3910 48 API calls _Fgetc 84307->84326 84310 effae7 84309->84310 84310->84300 84311 f6d76e _Fgetc 28 API calls 84311->84318 84312 eff94d _WChar_traits 84314 eeb9f0 ThreadProxyFactory 26 API calls 84312->84314 84314->84305 84315 eff9ea _WChar_traits 84319 eeb9f0 ThreadProxyFactory 26 API calls 84315->84319 84316 eff9e0 84316->84315 84317 effa7a 84316->84317 84321 eeb9f0 ThreadProxyFactory 26 API calls 84317->84321 84318->84311 84318->84312 84318->84315 84318->84316 84323 eff9f7 std::ios_base::good std::runtime_error::runtime_error 84318->84323 84327 efe220 27 API calls 4 library calls 84318->84327 84329 ef8f30 27 API calls 3 library calls 84318->84329 84319->84305 84321->84305 84322 effa3b 84325 eeb9f0 ThreadProxyFactory 26 API calls 84322->84325 84323->84322 84328 f6e55b 29 API calls 6 library calls 84323->84328 84325->84305 84326->84305 84327->84318 84328->84323 84329->84318 84330->84279 84332 f025e6 allocator 84331->84332 84333 efe790 27 API calls 84332->84333 84334 f02601 84333->84334 84337 f02530 84334->84337 84338 f02566 84337->84338 84339 f018c2 84338->84339 84340 f0fa50 27 API calls 84338->84340 84339->81227 84340->84338 84342 f05fcb 84341->84342 84343 f0acf0 27 API calls 84342->84343 84344 f05fd7 std::_Container_base12::~_Container_base12 84343->84344 84346 f05ffc std::_Container_base12::~_Container_base12 84344->84346 84352 f0dc60 26 API calls 2 library calls 84344->84352 84346->81808 84347->81817 84348->81817 84349->81817 84350->81812 84351->81812 84352->84346 84354 f0fd70 27 API calls 84353->84354 84358 f0b29a std::ios_base::good 84354->84358 84356 f0fd70 27 API calls 84356->84358 84357 f0b2e5 84357->81839 84359 f0d980 46 API calls 4 library calls 84357->84359 84358->84356 84358->84357 84360 f499f4 GetCurrentDirectoryW 84358->84360 84359->81839 84361 f49a13 GetLastError 84360->84361 84362 f49a0a 84360->84362 84363 f49a0f 84361->84363 84362->84361 84362->84363 84363->84358 84365 ee5d76 84364->84365 84368 ee32f0 84365->84368 84369 f49762 44 API calls 84368->84369 84370 ee330c 84369->84370 84373 ee3330 84370->84373 84375 ee336b std::error_category::equivalent Concurrency::details::TaskStack::IsEmpty 84373->84375 84374 ee3438 std::system_error::system_error 84376 eeb9f0 ThreadProxyFactory 26 API calls 84374->84376 84375->84374 84380 ee3399 std::error_category::equivalent 84375->84380 84391 ef63d0 46 API calls 2 library calls 84375->84391 84377 ee345f 84376->84377 84379 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84377->84379 84381 ee3316 84379->84381 84392 f497b3 WideCharToMultiByte WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 84380->84392 84381->81849 84383 ee33c4 84393 ef27c0 46 API calls 2 library calls 84383->84393 84385 ee33d7 84394 efe880 27 API calls std::ios_base::good 84385->84394 84387 ee33eb std::error_category::equivalent std::runtime_error::runtime_error 84395 f497b3 WideCharToMultiByte WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 84387->84395 84389 ee3425 84396 ef27c0 46 API calls 2 library calls 84389->84396 84391->84380 84392->84383 84393->84385 84394->84387 84395->84389 84396->84374 84406 f06c10 84397->84406 84399 efef00 46 API calls 84401 f024ef 84399->84401 84400 f023f7 std::ios_base::getloc 84405 f02445 std::locale::~locale 84400->84405 84410 f05220 81 API calls 8 library calls 84400->84410 84403 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84401->84403 84404 f0251f 84403->84404 84404->81875 84405->84399 84407 f06c44 84406->84407 84408 f0cf80 111 API calls 84407->84408 84409 f06c60 84408->84409 84409->84400 84410->84405 84425 f48ed3 84427 f48eef _Xfiopen 84425->84427 84426 f48f3b 84427->84426 84429 f48f35 84427->84429 84431 f6e005 69 API calls _Xfiopen 84427->84431 84429->84426 84430 f6d4c0 _Xfiopen 72 API calls 84429->84430 84430->84426 84431->84429 84432 f7b60e 84433 f7b61b 84432->84433 84436 f7b633 84432->84436 84482 f6c962 20 API calls __dosmaperr 84433->84482 84435 f7b620 84483 f6c879 26 API calls _memcpy_s 84435->84483 84438 f7b68e 84436->84438 84446 f7b62b 84436->84446 84484 f7c076 21 API calls 2 library calls 84436->84484 84440 f7b5e8 _Fputc 26 API calls 84438->84440 84441 f7b6a6 84440->84441 84452 f7ea0d 84441->84452 84443 f7b6ad 84444 f7b5e8 _Fputc 26 API calls 84443->84444 84443->84446 84445 f7b6d9 84444->84445 84445->84446 84447 f7b5e8 _Fputc 26 API calls 84445->84447 84448 f7b6e7 84447->84448 84448->84446 84449 f7b5e8 _Fputc 26 API calls 84448->84449 84450 f7b6f7 84449->84450 84451 f7b5e8 _Fputc 26 API calls 84450->84451 84451->84446 84453 f7ea19 __FrameHandler3::FrameUnwindToState 84452->84453 84454 f7ea21 84453->84454 84455 f7ea39 84453->84455 84551 f6c94f 20 API calls __dosmaperr 84454->84551 84456 f7eaff 84455->84456 84461 f7ea72 84455->84461 84558 f6c94f 20 API calls __dosmaperr 84456->84558 84458 f7ea26 84552 f6c962 20 API calls __dosmaperr 84458->84552 84463 f7ea96 84461->84463 84464 f7ea81 84461->84464 84462 f7eb04 84559 f6c962 20 API calls __dosmaperr 84462->84559 84485 f83fa6 EnterCriticalSection 84463->84485 84553 f6c94f 20 API calls __dosmaperr 84464->84553 84468 f7ea8e 84560 f6c879 26 API calls _memcpy_s 84468->84560 84469 f7ea86 84554 f6c962 20 API calls __dosmaperr 84469->84554 84470 f7ea9c 84474 f7eacd 84470->84474 84475 f7eab8 84470->84475 84472 f7ea2e __wsopen_s 84472->84443 84486 f7eb20 84474->84486 84555 f6c962 20 API calls __dosmaperr 84475->84555 84478 f7eabd 84556 f6c94f 20 API calls __dosmaperr 84478->84556 84479 f7eac8 84557 f7eaf7 LeaveCriticalSection __wsopen_s 84479->84557 84482->84435 84483->84446 84484->84438 84485->84470 84487 f7eb32 84486->84487 84488 f7eb4a 84486->84488 84570 f6c94f 20 API calls __dosmaperr 84487->84570 84490 f7eeb4 84488->84490 84495 f7eb8f 84488->84495 84587 f6c94f 20 API calls __dosmaperr 84490->84587 84491 f7eb37 84571 f6c962 20 API calls __dosmaperr 84491->84571 84494 f7eeb9 84588 f6c962 20 API calls __dosmaperr 84494->84588 84497 f7eb9a 84495->84497 84498 f7eb3f 84495->84498 84502 f7ebca 84495->84502 84572 f6c94f 20 API calls __dosmaperr 84497->84572 84498->84479 84499 f7eba7 84589 f6c879 26 API calls _memcpy_s 84499->84589 84501 f7eb9f 84573 f6c962 20 API calls __dosmaperr 84501->84573 84505 f7ebe3 84502->84505 84506 f7ec25 84502->84506 84507 f7ec09 84502->84507 84505->84507 84511 f7ebf0 84505->84511 84509 f7f17c _strftime 21 API calls 84506->84509 84574 f6c94f 20 API calls __dosmaperr 84507->84574 84512 f7ec3c 84509->84512 84510 f7ec0e 84575 f6c962 20 API calls __dosmaperr 84510->84575 84561 f86ef5 84511->84561 84515 f7b207 _free 20 API calls 84512->84515 84518 f7ec45 84515->84518 84516 f7ed8e 84519 f7ee04 84516->84519 84523 f7eda7 GetConsoleMode 84516->84523 84517 f7ec15 84576 f6c879 26 API calls _memcpy_s 84517->84576 84521 f7b207 _free 20 API calls 84518->84521 84522 f7ee08 ReadFile 84519->84522 84524 f7ec4c 84521->84524 84525 f7ee22 84522->84525 84526 f7ee7c GetLastError 84522->84526 84523->84519 84527 f7edb8 84523->84527 84529 f7ec56 84524->84529 84530 f7ec71 84524->84530 84525->84526 84533 f7edf9 84525->84533 84531 f7ede0 84526->84531 84532 f7ee89 84526->84532 84527->84522 84528 f7edbe ReadConsoleW 84527->84528 84528->84533 84534 f7edda GetLastError 84528->84534 84577 f6c962 20 API calls __dosmaperr 84529->84577 84579 f7f073 84530->84579 84535 f7ec20 __fread_nolock 84531->84535 84582 f6c92c 20 API calls 3 library calls 84531->84582 84585 f6c962 20 API calls __dosmaperr 84532->84585 84533->84535 84543 f7ee47 84533->84543 84544 f7ee5e 84533->84544 84534->84531 84536 f7b207 _free 20 API calls 84535->84536 84536->84498 84541 f7ec5b 84578 f6c94f 20 API calls __dosmaperr 84541->84578 84542 f7ee8e 84586 f6c94f 20 API calls __dosmaperr 84542->84586 84583 f7e83c 31 API calls 3 library calls 84543->84583 84544->84535 84548 f7ee75 84544->84548 84584 f7e67c 29 API calls __fread_nolock 84548->84584 84550 f7ee7a 84550->84535 84551->84458 84552->84472 84553->84469 84554->84468 84555->84478 84556->84479 84557->84472 84558->84462 84559->84468 84560->84472 84562 f86f0f 84561->84562 84563 f86f02 84561->84563 84566 f86f1b 84562->84566 84591 f6c962 20 API calls __dosmaperr 84562->84591 84590 f6c962 20 API calls __dosmaperr 84563->84590 84565 f86f07 84565->84516 84566->84516 84568 f86f3c 84592 f6c879 26 API calls _memcpy_s 84568->84592 84570->84491 84571->84498 84572->84501 84573->84499 84574->84510 84575->84517 84576->84535 84577->84541 84578->84535 84593 f7efda 84579->84593 84582->84535 84583->84535 84584->84550 84585->84542 84586->84535 84587->84494 84588->84499 84589->84498 84590->84565 84591->84568 84592->84565 84594 f84223 __wsopen_s 26 API calls 84593->84594 84595 f7efec 84594->84595 84596 f7f005 SetFilePointerEx 84595->84596 84597 f7eff4 84595->84597 84599 f7f01d GetLastError 84596->84599 84600 f7eff9 84596->84600 84602 f6c962 20 API calls __dosmaperr 84597->84602 84603 f6c92c 20 API calls 3 library calls 84599->84603 84600->84511 84602->84600 84603->84600 84604 f7c72b 84609 f7c462 84604->84609 84608 f7c753 84614 f7c493 try_get_first_available_module 84609->84614 84611 f7c692 84628 f6c879 26 API calls _memcpy_s 84611->84628 84613 f7c5e7 84613->84608 84621 f87c67 84613->84621 84617 f7c5dc 84614->84617 84624 f86f4b 45 API calls 2 library calls 84614->84624 84616 f7c630 84616->84617 84625 f86f4b 45 API calls 2 library calls 84616->84625 84617->84613 84627 f6c962 20 API calls __dosmaperr 84617->84627 84619 f7c64f 84619->84617 84626 f86f4b 45 API calls 2 library calls 84619->84626 84629 f872f3 84621->84629 84623 f87c82 84623->84608 84624->84616 84625->84619 84626->84617 84627->84611 84628->84613 84632 f872ff __FrameHandler3::FrameUnwindToState 84629->84632 84630 f8730d 84640 f6c962 20 API calls __dosmaperr 84630->84640 84632->84630 84634 f87346 84632->84634 84633 f87312 84641 f6c879 26 API calls _memcpy_s 84633->84641 84636 f8793e __wsopen_s 93 API calls 84634->84636 84638 f8736a 84636->84638 84637 f8731c __wsopen_s 84637->84623 84642 f87393 LeaveCriticalSection __wsopen_s 84638->84642 84640->84633 84641->84637 84642->84637 84643 f7bc9a 84644 f7b5e8 _Fputc 26 API calls 84643->84644 84645 f7bca8 84644->84645 84646 f7bcb6 84645->84646 84647 f7bcd5 84645->84647 84669 f6c962 20 API calls __dosmaperr 84646->84669 84649 f7bce2 84647->84649 84653 f7bcef 84647->84653 84670 f6c962 20 API calls __dosmaperr 84649->84670 84652 f7bcbb 84653->84652 84654 f86ef5 __fread_nolock 26 API calls 84653->84654 84655 f7bd72 84653->84655 84656 f7bd7f 84653->84656 84654->84655 84655->84656 84671 f7c076 21 API calls 2 library calls 84655->84671 84658 f7bec0 84656->84658 84659 f7b5e8 _Fputc 26 API calls 84658->84659 84660 f7becf 84659->84660 84661 f7bf73 84660->84661 84662 f7bee1 84660->84662 84663 f7dce8 _Xfiopen 67 API calls 84661->84663 84664 f7befe 84662->84664 84667 f7bf24 84662->84667 84666 f7bf0b 84663->84666 84665 f7dce8 _Xfiopen 67 API calls 84664->84665 84665->84666 84666->84652 84667->84666 84672 f7f058 84667->84672 84669->84652 84670->84652 84671->84656 84675 f7eed5 84672->84675 84674 f7f06e 84674->84666 84676 f7eee1 __FrameHandler3::FrameUnwindToState 84675->84676 84677 f7ef01 84676->84677 84678 f7eee9 84676->84678 84680 f7efb5 84677->84680 84685 f7ef39 84677->84685 84701 f6c94f 20 API calls __dosmaperr 84678->84701 84706 f6c94f 20 API calls __dosmaperr 84680->84706 84681 f7eeee 84702 f6c962 20 API calls __dosmaperr 84681->84702 84684 f7efba 84707 f6c962 20 API calls __dosmaperr 84684->84707 84700 f83fa6 EnterCriticalSection 84685->84700 84686 f7eef6 __wsopen_s 84686->84674 84689 f7efc2 84708 f6c879 26 API calls _memcpy_s 84689->84708 84690 f7ef3f 84692 f7ef63 84690->84692 84693 f7ef78 84690->84693 84703 f6c962 20 API calls __dosmaperr 84692->84703 84695 f7efda __fread_nolock 28 API calls 84693->84695 84698 f7ef73 84695->84698 84696 f7ef68 84704 f6c94f 20 API calls __dosmaperr 84696->84704 84705 f7efad LeaveCriticalSection __wsopen_s 84698->84705 84700->84690 84701->84681 84702->84686 84703->84696 84704->84698 84705->84686 84706->84684 84707->84689 84708->84686 84709 ef1260 84710 ef1293 84709->84710 84713 f14ab0 84710->84713 84714 f14ac1 84713->84714 84715 ef12a2 84714->84715 84717 f16cb0 84714->84717 84718 f16ce9 84717->84718 84719 f16d18 84717->84719 84720 f18380 128 API calls 84718->84720 84721 f16cfa 84719->84721 84723 f16d3e 84719->84723 84720->84721 84722 f4bcfe __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 84721->84722 84724 f16d12 84722->84724 84725 ee8040 numpunct 27 API calls 84723->84725 84724->84714 84726 f16d4b 84725->84726 84731 f16210 27 API calls 4 library calls 84726->84731 84728 f16d5f 84729 f63148 __CxxThrowException@8 RaiseException 84728->84729 84730 f16d6d 84729->84730 84730->84714 84731->84728

          Executed Functions

          Function 00F346D0 Relevance: 32.1, APIs: 9, Strings: 9, Instructions: 643COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1088 f346d0-f34708 1089 f3478e-f347b7 call ee8040 call f33750 call f63148 1088->1089 1090 f3470e-f34713 1088->1090 1103 f347bc-f34812 call f33da0 call f63148 1089->1103 1092 f34715-f3471b 1090->1092 1093 f34754-f34758 1090->1093 1097 f34721 1092->1097 1098 f3471d-f3471f 1092->1098 1095 f34762-f3476c 1093->1095 1096 f3475a call ef9220 1093->1096 1102 f3476e-f3478b call f4bcfe 1095->1102 1095->1103 1108 f3475f 1096->1108 1099 f34726-f34730 1097->1099 1098->1099 1104 f34732-f34735 1099->1104 1105 f3473a-f3474c call f000a0 1099->1105 1118 f34814-f34818 1103->1118 1119 f3481a-f34839 call f352c0 1103->1119 1104->1105 1105->1092 1116 f3474e-f34751 1105->1116 1108->1095 1116->1093 1120 f34889-f348a4 call f4bcfe 1118->1120 1125 f34843 1119->1125 1126 f3483b-f3483d 1119->1126 1127 f34848-f3484a 1125->1127 1126->1125 1128 f3483f-f34841 1126->1128 1129 f34859 1127->1129 1130 f3484c 1127->1130 1128->1127 1133 f3485b-f3485d 1129->1133 1131 f34852-f34857 1130->1131 1132 f3484e-f34850 1130->1132 1131->1133 1132->1129 1132->1131 1134 f348a7-f34957 call ee8040 call ee97f0 call f63148 1133->1134 1135 f3485f-f34887 call f35120 call f352c0 1133->1135 1147 f3498b-f349ce call f4b796 1134->1147 1148 f34959-f34972 1134->1148 1135->1120 1154 f349d0-f34a48 call ef95e0 call ee7820 1147->1154 1155 f34a4a 1147->1155 1148->1147 1152 f34974-f34986 1148->1152 1159 f34bf1-f34c0d call f4bcfe 1152->1159 1158 f34a4c-f34a58 1154->1158 1155->1158 1162 f34a67-f34a77 1158->1162 1163 f34a5a-f34a63 1158->1163 1166 f34b30-f34b35 1162->1166 1167 f34a7d-f34a9e call efd850 1162->1167 1163->1162 1169 f34b3b-f34b4e call f0f8d0 1166->1169 1170 f34bee 1166->1170 1175 f34ac3-f34ad3 1167->1175 1176 f34aa0-f34abb 1167->1176 1174 f34b53-f34b5c 1169->1174 1170->1159 1177 f34b8e-f34b9c 1174->1177 1178 f34b5e-f34b79 1174->1178 1181 f34ad5-f34ae9 call efc200 1175->1181 1182 f34aee-f34afb 1175->1182 1179 f34ac1 1176->1179 1180 f34c10-f34c13 1176->1180 1183 f34bb7-f34bc4 1177->1183 1188 f34b9e-f34bb2 call efc200 1177->1188 1178->1183 1184 f34b7b-f34b7e 1178->1184 1179->1182 1185 f34c15-f34c1a 1180->1185 1186 f34c1c-f34c29 1180->1186 1198 f34c3c-f34c49 call eea760 1181->1198 1189 f34b2b 1182->1189 1190 f34afd-f34b26 call f151c0 call f33a90 1182->1190 1183->1170 1196 f34bc6-f34bec call ee8040 call f33a90 1183->1196 1184->1186 1191 f34b84-f34b89 1184->1191 1192 f34c2c-f34c3b call efc200 1185->1192 1186->1192 1188->1198 1189->1166 1209 f34c4c-f34c8e call f63148 1190->1209 1191->1192 1192->1198 1196->1209 1198->1209 1213 f34cb3-f34ccd 1209->1213 1214 f34c90-f34cb0 call f4bcfe 1209->1214 1215 f34d09-f34d0d 1213->1215 1216 f34ccf-f34cf2 1213->1216 1219 f34d13-f34d20 1215->1219 1220 f34dae-f34dbc 1215->1220 1225 f34dd9-f34ded call f4bcfe 1216->1225 1226 f34cf8-f34d06 1216->1226 1219->1220 1222 f34d26-f34d28 1219->1222 1223 f34dc2-f34dd6 call f4bcfe 1220->1223 1224 f34dbe-f34dc0 1220->1224 1227 f34d35 1222->1227 1228 f34d2a 1222->1228 1224->1223 1229 f34df0-f34e08 call f33c40 call f63148 1224->1229 1226->1215 1236 f34d38-f34d44 1227->1236 1234 f34d31-f34d33 1228->1234 1235 f34d2c-f34d2f 1228->1235 1234->1236 1235->1227 1235->1234 1239 f34d46-f34d62 1236->1239 1240 f34d74 1236->1240 1241 f34d77-f34d7e 1239->1241 1247 f34d64-f34d71 call ef0d20 1239->1247 1240->1241 1244 f34d80 1241->1244 1245 f34d86 1241->1245 1248 f34d82-f34d84 1244->1248 1249 f34d88-f34d8f call f2c450 1244->1249 1245->1249 1247->1240 1248->1245 1248->1249 1253 f34d94-f34da9 1249->1253 1253->1216
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F347B7
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F347CD
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F348D0
          • std::make_error_code.LIBCPMTD ref: 00F34ADB
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F34C3F
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F34C4D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw$std::ios_base::failure::failurestd::make_error_code
          • String ID: FileSink: output stream not opened$FileStore: maximum seek offset exceeded$InputBinaryMode$InputFileName$InputFileNameWide$InputStreamPointer$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 2082275273-1625547482
          • Opcode ID: 5c7c31174de6dd63b8d190125ee1e8e3b09a53336ddff290b8f158555292c805
          • Instruction ID: f3d4d08d99dfdd68b963afd98c5ef78f61babce2414cc06ca83ed9b76aaa55ff
          • Opcode Fuzzy Hash: 5c7c31174de6dd63b8d190125ee1e8e3b09a53336ddff290b8f158555292c805
          • Instruction Fuzzy Hash: 1932BC71A002099FDB14DF68C881FAAB7E5FF88720F14852DE8169B392DB75F905DB90
          Function 00F8050E Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370timeCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1799 f8050e-f80536 call f7fed9 call f7ff37 1804 f8053c-f80548 call f7fedf 1799->1804 1805 f806d6-f8070b call f6c8a6 call f7fed9 call f7ff37 1799->1805 1804->1805 1811 f8054e-f80559 1804->1811 1830 f80711-f8071d call f7fedf 1805->1830 1831 f80833-f8088f call f6c8a6 call f898db 1805->1831 1813 f8055b-f8055d 1811->1813 1814 f8058f-f80598 call f7b207 1811->1814 1817 f8055f-f80563 1813->1817 1826 f8059b-f805a0 1814->1826 1818 f8057f-f80581 1817->1818 1819 f80565-f80567 1817->1819 1824 f80584-f80586 1818->1824 1822 f80569-f8056f 1819->1822 1823 f8057b-f8057d 1819->1823 1822->1818 1827 f80571-f80579 1822->1827 1823->1824 1828 f8058c 1824->1828 1829 f806d0-f806d5 1824->1829 1826->1826 1832 f805a2-f805c3 call f7f17c call f7b207 1826->1832 1827->1817 1827->1823 1828->1814 1830->1831 1839 f80723-f8072f call f7ff0b 1830->1839 1850 f80899-f8089c 1831->1850 1851 f80891-f80897 1831->1851 1832->1829 1845 f805c9-f805cc 1832->1845 1839->1831 1849 f80735-f80756 call f7b207 GetTimeZoneInformation 1839->1849 1848 f805cf-f805d4 1845->1848 1848->1848 1852 f805d6-f805e8 call f7a2b2 1848->1852 1862 f8075c-f8077d 1849->1862 1863 f8080f-f80832 call f7fed3 call f7fec7 call f7fecd 1849->1863 1853 f8089e-f808ae call f7f17c 1850->1853 1854 f808df-f808f1 1850->1854 1851->1854 1852->1805 1873 f805ee-f80601 call f89997 1852->1873 1874 f808b8-f808d1 call f898db 1853->1874 1875 f808b0 1853->1875 1858 f80901 1854->1858 1859 f808f3-f808f6 1854->1859 1865 f80906-f8091d call f7b207 call f4bcfe 1858->1865 1866 f80901 call f806e3 1858->1866 1859->1858 1861 f808f8-f808ff call f8050e 1859->1861 1861->1865 1869 f8077f-f80784 1862->1869 1870 f80787-f8078e 1862->1870 1866->1865 1869->1870 1879 f80790-f80797 1870->1879 1880 f807a6-f807a9 1870->1880 1873->1805 1897 f80607-f8060a 1873->1897 1893 f808d3-f808d4 1874->1893 1894 f808d6-f808dc call f7b207 1874->1894 1876 f808b1-f808b6 call f7b207 1875->1876 1898 f808de 1876->1898 1879->1880 1886 f80799-f807a4 1879->1886 1888 f807ac-f807cd call f751c1 WideCharToMultiByte 1880->1888 1886->1888 1906 f807db-f807dd 1888->1906 1907 f807cf-f807d2 1888->1907 1893->1876 1894->1898 1902 f8060c-f80610 1897->1902 1903 f80612-f8061b 1897->1903 1898->1854 1902->1897 1902->1903 1908 f8061d 1903->1908 1909 f8061e-f8062b call f7ac76 1903->1909 1911 f807df-f807fb WideCharToMultiByte 1906->1911 1907->1906 1910 f807d4-f807d9 1907->1910 1908->1909 1917 f8062e-f80632 1909->1917 1910->1911 1913 f8080a-f8080d 1911->1913 1914 f807fd-f80800 1911->1914 1913->1863 1914->1913 1916 f80802-f80808 1914->1916 1916->1863 1918 f8063c-f8063d 1917->1918 1919 f80634-f80636 1917->1919 1918->1917 1920 f80638-f8063a 1919->1920 1921 f8063f-f80642 1919->1921 1920->1918 1920->1921 1922 f80644-f80657 call f7ac76 1921->1922 1923 f80686-f80688 1921->1923 1931 f8065e-f80662 1922->1931 1924 f8068a-f8068c 1923->1924 1925 f8068f-f8069e 1923->1925 1924->1925 1927 f806a0-f806b2 call f89997 1925->1927 1928 f806b6-f806b9 1925->1928 1932 f806bc-f806ce call f7fed3 call f7fec7 1927->1932 1937 f806b4 1927->1937 1928->1932 1934 f80659-f8065b 1931->1934 1935 f80664-f80667 1931->1935 1932->1829 1934->1935 1938 f8065d 1934->1938 1935->1923 1939 f80669-f80679 call f7ac76 1935->1939 1937->1805 1938->1931 1945 f80680-f80684 1939->1945 1945->1923 1946 f8067b-f8067d 1945->1946 1946->1923 1947 f8067f 1946->1947 1947->1945
          APIs
          • _free.LIBCMT ref: 00F80590
          • _free.LIBCMT ref: 00F805B4
          • _free.LIBCMT ref: 00F8073B
          • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00FA721C), ref: 00F8074D
          • WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00F807C5
          • WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00F807F2
          • _free.LIBCMT ref: 00F80907
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ByteCharMultiWide$InformationTimeZone
          • String ID: Eastern Standard Time$Eastern Summer Time
          • API String ID: 314583886-239921721
          • Opcode ID: 364f9c26aa5517607d247cf6841a8ae484170ec6e38e4c5f32b7ed19aadfcde2
          • Instruction ID: 673756c15e3062ee17e1441917f132ca8a25ae54cefc68454bffab36a8579678
          • Opcode Fuzzy Hash: 364f9c26aa5517607d247cf6841a8ae484170ec6e38e4c5f32b7ed19aadfcde2
          • Instruction Fuzzy Hash: F2C12B71D04249AFDB20BF78CC41BEE7BA8EF81320F54416AE44497252EB358D49FB91
          Function 00F32EE0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 123encryptionCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,F58088C3,?,?,00000000), ref: 00F32F25
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00F8FFF8,000000FF,?,00F33620), ref: 00F32F2B
          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 00F32F3F
          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 00F32F50
          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00F8FFF8,000000FF), ref: 00F32F75
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F32FA4
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AcquireContextCrypt$ErrorLast$Exception@8Throw
          • String ID: CryptAcquireContext$Crypto++ RNG
          • API String ID: 297295237-1159690233
          • Opcode ID: f8f85487fcc0ad2780af812290c6acdbe2c7fa1f6dd2718fe5073f21e0c8bb8c
          • Instruction ID: 150ef24a3881c6a59e05949a81f7194b221b6d7cf9b5911873de82f7dfae4210
          • Opcode Fuzzy Hash: f8f85487fcc0ad2780af812290c6acdbe2c7fa1f6dd2718fe5073f21e0c8bb8c
          • Instruction Fuzzy Hash: 1A41B571A44749AFDB10DF65CC41F9AF7FCFB49B20F10462AF515A7280EBB4A9049B60
          Function 00F335B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135encryptionCOMMON
          Download Yara Rule
          APIs
          • CryptGenRandom.ADVAPI32(00000000,?,00000000,00000001), ref: 00F33630
          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00F3364F
            • Part of subcall function 00F33040: GetLastError.KERNEL32(00000010,F58088C3,7508FC30,?), ref: 00F33090
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F336BA
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Crypt$ContextErrorExceptionException@8LastRaiseRandomReleaseThrow
          • String ID: CryptGenRandom
          • API String ID: 1600773198-3616286655
          • Opcode ID: 5253004c21e089a931adc3dc892b7e39f9c9113b27591fef0c148f7887dd1c21
          • Instruction ID: 6113506cd131fa5885f8940aba2af2a1ca6eeaabd9cf1f0e3c0212575a3454c4
          • Opcode Fuzzy Hash: 5253004c21e089a931adc3dc892b7e39f9c9113b27591fef0c148f7887dd1c21
          • Instruction Fuzzy Hash: 46419FB1904249EFDB10DFA5DC45F9EFBB8FF15720F10412AE815A7281EB74AA08DB61
          Function 00F07E90 Relevance: 4.7, APIs: 3, Instructions: 201COMMON
          Download Yara Rule
          APIs
          • GetLogicalDriveStringsW.KERNELBASE(00000068,?,0000000C,F58088C3), ref: 00F07F0F
          • GetDriveTypeW.KERNELBASE(?,?,?), ref: 00F08008
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F081F5
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Drive$Container_base12Container_base12::~_LogicalStringsTypestd::_
          • String ID:
          • API String ID: 537271169-0
          • Opcode ID: 320f0b89c83e755492bdf058d80074bd25267f77157d4f07acdaa40c5c4f86c1
          • Instruction ID: d83bd04d4ab1e4992a9a9a1dc3fed24a13349c1f8777dae4fa7f8ea80cf9a887
          • Opcode Fuzzy Hash: 320f0b89c83e755492bdf058d80074bd25267f77157d4f07acdaa40c5c4f86c1
          • Instruction Fuzzy Hash: B1910771900229DBCB24DB14CD91BEEB7B4BF58304F1081E9E54A67291EB706F99EF80
          Function 00F2E400 Relevance: 2.3, Strings: 1, Instructions: 1005COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 681920d7e99563de1c3174b9181243e0f31066773bf3896a62ea7ca1bf14bee3
          • Instruction ID: f723d8ea7b40c7d74502aec78c94f9910685b9c0e0b7830cd57e9adadab80675
          • Opcode Fuzzy Hash: 681920d7e99563de1c3174b9181243e0f31066773bf3896a62ea7ca1bf14bee3
          • Instruction Fuzzy Hash: 41A23A74A00118DFCB18CF98E5A1ABDB7F1FB48310F25409DE586AB392C635AE55EF50
          Function 00F334A0 Relevance: 1.6, APIs: 1, Instructions: 81encryptionCOMMON
          Download Yara Rule
          APIs
          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00F3352A
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ContextCryptRelease
          • String ID:
          • API String ID: 829835001-0
          • Opcode ID: 1776f49a64aad000831f2909eb4a567ee2288e0b5a97aecc44b7f94cf23a95b7
          • Instruction ID: 043ae608c664f937cd79cf43fc29d207a8d1944540b2b0f7e96a4d48110154a8
          • Opcode Fuzzy Hash: 1776f49a64aad000831f2909eb4a567ee2288e0b5a97aecc44b7f94cf23a95b7
          • Instruction Fuzzy Hash: C8210872E042199BD720DF59ED4BF59B7E8EB44B34F04012AED0583380E775ED00A696
          Function 00F08810 Relevance: 77.0, APIs: 14, Strings: 29, Instructions: 1783COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 f08810-f08911 call f4bd50 call f0aa40 call f074a0 call eeb9f0 call ee8040 call ee8120 call ee82f0 * 2 call f00c70 call f0f5a0 21 f08913-f0891d 0->21 22 f0891f 0->22 23 f08929-f0894d call eec8c0 21->23 22->23 26 f0a443-f0a47c call f00c70 call f0f5a0 23->26 27 f08953-f089d5 call ef6410 call f07e90 call ef6410 call ef6ea0 call ef8d60 call f07700 23->27 37 f0a482-f0a4be call f00c70 call f0f5a0 26->37 38 f0a50a 26->38 76 f08c56-f08cae call ef6410 call ef6ea0 call ef8d60 call f07700 27->76 77 f089db-f08a0f call eed0f0 call ee7e90 call ee20d0 27->77 37->38 58 f0a4c0-f0a4fc call f00c70 call f0f5a0 37->58 39 f0a514-f0a530 38->39 42 f0a532-f0a53f call eec8c0 39->42 43 f0a544-f0a554 39->43 42->43 47 f0a556-f0a563 call eec8c0 43->47 48 f0a568-f0a578 43->48 47->48 53 f0a57a-f0a587 call eec8c0 48->53 54 f0a58c-f0a595 48->54 53->54 59 f0a793-f0a966 call ee69f0 call f0f3d0 call f0df20 call f018e0 call ef6410 call ee69f0 call ee7e90 * 2 call ee83e0 call f06060 call f4bdb3 call f05f00 call f07220 call eeb9f0 call eeba40 * 2 call eeb9f0 * 2 call eeba40 call f4bcfe 54->59 60 f0a59b-f0a5e1 call ef6410 call ee9b90 call ef6410 call f4b796 54->60 58->38 78 f0a4fe-f0a508 58->78 96 f0a5e3-f0a603 call ef6410 call ee8bd0 60->96 97 f0a605 60->97 124 f08cb4-f08ce8 call eed0f0 call ee7e90 call ee20d0 76->124 125 f0901b-f0911d call ef6410 call f05970 call ee1cd0 call ef7310 call ef6410 call ee8b60 call ef6410 call f06580 call f1a120 call f3f4f0 call eec2d0 call ee8120 call ef6410 call f4b796 76->125 105 f08c42-f08c51 call eeb9f0 77->105 106 f08a15-f08a86 call f01e10 call f01990 call f0f5a0 77->106 78->39 103 f0a60f-f0a684 call f063f0 call f3bd90 call ef6410 call f4b796 96->103 97->103 150 f0a686-f0a6a9 call ef6410 call ee74a0 103->150 151 f0a6ab 103->151 105->76 147 f08a94 106->147 148 f08a88-f08a92 106->148 164 f09007-f09016 call eeb9f0 124->164 165 f08cee-f08e81 call f01990 call f100b0 call eec8c0 call f4bec0 call f01e10 call f01990 call f0f5a0 124->165 277 f09146 125->277 278 f0911f-f09144 call ef6410 call ee74a0 125->278 154 f08a9e-f08ad1 call eec8c0 call eeb9f0 147->154 148->154 159 f0a6b5-f0a78e call f060c0 call f3c750 call ef0b30 call ef6410 call f056b0 call f01d10 call f0e010 call f07920 call eec330 call eec1a0 call eeda90 150->159 151->159 182 f08ad3-f08b29 call f01e10 call f01990 call f0e0e0 154->182 183 f08b4f-f08b80 call ee1cd0 call eecb20 154->183 159->59 164->125 250 f08e83-f08e8d 165->250 251 f08e8f 165->251 222 f08b2e-f08b4a call eec8c0 call eeb9f0 182->222 206 f08b85-f08c36 183->206 206->105 222->183 255 f08e99-f08ecc call eec8c0 call eeb9f0 250->255 251->255 273 f08f4a-f08ffb 255->273 274 f08ece-f08f24 call f01e10 call f01990 call f0e0e0 255->274 273->164 293 f08f29-f08f45 call eec8c0 call eeb9f0 274->293 280 f09150-f091f4 call f060c0 call f07e50 call ef0b30 call ef6410 call f067d0 call ef6410 call f4b796 277->280 278->280 308 f091f6-f09219 call ef6410 call ee74a0 280->308 309 f0921b 280->309 293->273 311 f09225-f092a4 call f060c0 call f3c750 call ef0b30 call ef6410 call f4b796 308->311 309->311 325 f092a6-f092cb call ef6410 call f06310 311->325 326 f092cd 311->326 328 f092d7-f0998c call f060c0 call f3c750 call ef0b30 call ee69f0 call ef8c60 call ef6d50 call f01830 call ee69f0 call ef8c60 call ef6d50 call f01830 call ef6410 call f05970 call ee1cd0 call ef7310 call eed9d0 call f11760 call f10260 call f736cb call ee8040 call ef6410 call f05970 call ee69f0 call f0f3d0 call f0df20 call f018e0 call f101c0 call ee2200 call ee21c0 call ee2110 call ee21c0 call f01dd0 call ee21c0 call f01dd0 call ee21c0 call ee1cd0 * 2 call eeb9f0 * 9 call ef7310 call ef6410 call ee8b60 call f13030 * 2 call ef6410 call ee6c90 call f13f80 call ee8040 call ee82f0 call ef6410 call f05a80 call ef6410 call ef6f40 call f05590 call ef6410 call ef6f90 call ee9320 call ef6410 call f4b796 325->328 326->328 466 f09992-f099bd call ef6410 call f4b796 328->466 467 f09a4b 328->467 476 f099f9 466->476 477 f099bf-f099f7 call ef6410 call ef6f90 call ee9320 466->477 469 f09a55-f09bea call ef6f40 call f063f0 call ef7350 call f0dfd0 call ef6410 call ef6f40 call f05ae0 call eecb50 call ef7350 call ee69f0 call ef8c60 call ef6d50 call f01830 call f65010 call ef6f90 call f6d281 call ee8040 467->469 518 f09bfb-f09c02 469->518 481 f09a03-f09a49 call f15c70 476->481 477->481 481->469 519 f09c30-f09c76 call ef6410 call ee9b90 call ef6410 call f4b796 518->519 520 f09c04-f09c2e call eecf10 518->520 532 f09c78-f09c98 call ef6410 call ee8bd0 519->532 533 f09c9a 519->533 520->518 535 f09ca4-f09d55 call ee9da0 call f3bd90 call ef6410 call ee6fc0 call ee8120 call ef6410 call f4b796 532->535 533->535 553 f09dfa 535->553 554 f09d5b-f09d83 call ef6410 call f4b796 535->554 555 f09e04-f09e7e call ee9da0 call ef6410 call ef6f90 call ee79a0 call ef9490 553->555 564 f09d85-f09daa call ef6410 call ee74a0 554->564 565 f09dac 554->565 579 f09e80-f09ee4 call f000a0 call eff060 call ef6f40 call f000a0 call ef7310 555->579 580 f09ee9-f09f41 call ef6410 call ef6ea0 call ef8d60 call f07700 555->580 566 f09db6-f09df8 call ee9a00 564->566 565->566 566->555 579->580 599 f0a213-f0a259 call ef6410 call f056b0 call f01d10 call f0e010 580->599 600 f09f47-f09f7b call eed0f0 call ee7e90 call ee20d0 580->600 616 f0a25e-f0a43e call f07920 call eed9d0 call eec490 call eeb9f0 call eeb170 call eec490 call eeda90 call eeb9f0 call eeba40 call eeda00 call eec1a0 call eec180 call f078f0 call eeda00 call eeba40 call eeb9f0 call eeb060 call eebfa0 call eeb9f0 call eed9d0 call eeb9f0 call eeba40 * 2 call eec330 * 2 call eeda90 call eec330 call eeb9f0 call f079b0 call eebfa0 call eed9d0 call f07220 599->616 614 f09f81-f09f9a call ee20d0 600->614 615 f0a1ff-f0a20e call eeb9f0 600->615 614->615 622 f09fa0-f09fb9 call ee20d0 614->622 615->599 616->59 622->615 628 f09fbf-f0a030 call f01e10 call f01990 call f0f5a0 622->628 642 f0a032-f0a03c 628->642 643 f0a03e 628->643 645 f0a048-f0a07b call eec8c0 call eeb9f0 642->645 643->645 655 f0a081-f0a13d call f01e10 call f01990 call ef6f90 call f01150 call f0e050 call eec8c0 * 2 call eeb9f0 645->655 656 f0a142-f0a1f3 645->656 655->656 656->615
          APIs
            • Part of subcall function 00F0F5A0: Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00F0F5D8
          • operator!=.LIBCPMTD ref: 00F08A02
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedoperator!=
          • String ID: ID:$Data:$Date:$Mail:$ $%d-%m-%Y %H:%M:%S$C:\$C:\RSADecryptKey\ID.DAT$C:\RSADecryptKey\ID.DAT$C:\RSADecryptKey\ID.DAT$C:\RSADecryptKey\ID.dat$C:\RSADecryptKey\KEY.DAT$C:\RSADecryptKey\KEY.DAT$C:\RSADecryptKey\KEY.DAT$C:\RSADecryptKey\KEY.txt$C:\RSADecryptKey\Key.txt$C:\RSADecryptKey\Public.txt$C:\RSADecryptKey\Public.txt$C:\RSADecryptKey\Public.txt$C:\RSADecryptKey\Public.txt$DP8WG91XFS$I:\$MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA0dC+ob8iPEud5bPewH2vl6KgK178dv180rUpshPMI4G1c9eZtGRwrx1OdkiPp7ivSH92nixHBcVkRl6vHEH5xV0HjqazkekQkLiiDIVBKWhBZ2llA7d1Dt2MfAFIe7NQIgRDjMFRJ9Mfxgfr4AhCdkv8Av1DAUbf7Bmb/Mtxr9siyVJUeJITi8SmzXubMh2zkz0F6ppj2sDVzP+uo07MmIiQ$RSADecryptKey$RSADecryptKey$RSADecryptKey$RSADecryptKey\KEY.DAT$RSADecryptKey\KEY.DAT$\RSADecryptKey\KEY.DAT
          • API String ID: 156086389-2131334368
          • Opcode ID: 3de1c372109ae54fee2aac29aae69c03e4fa4833fff4227419316298fb1438cf
          • Instruction ID: 150d1c9fbcf1c8bd2475922811abfb47b488114d9340b1735522d59accc413a3
          • Opcode Fuzzy Hash: 3de1c372109ae54fee2aac29aae69c03e4fa4833fff4227419316298fb1438cf
          • Instruction Fuzzy Hash: F6033971D0429D9ADB25EB64CC51BEEB7B4AF14300F0481E9A24977282DBB46F88EF51
          Function 00F10280 Relevance: 39.4, APIs: 18, Strings: 4, Instructions: 870COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 722 f10280-f1052b call ee82f0 * 2 call ef6410 call ee8200 call f08810 call ee69f0 call f075c0 call ef8c60 call f075c0 call ef6d50 call f01830 call ef6410 call f07e90 call ee8120 call f0e370 call eff330 call f074a0 call eeb9f0 call eec8c0 call ee69f0 call ef8c60 call ef6d50 call f01830 call ef6410 call ee88d0 call ef6410 call ee88d0 call ef6410 call ee88d0 call ee1d10 call f07540 784 f10530-f10546 FreeConsole 722->784 785 f10548-f1054f 784->785 786 f1055a-f105a0 call ef6410 call ef6ea0 call ef8d60 call f07700 784->786 787 f10555 785->787 788 f1112a-f112f0 FreeConsole call f075c0 call f050b0 call f0fb40 call eebda0 call f075c0 call f050b0 call f0fb40 call eebda0 call ef6310 call ef6330 785->788 815 f10843-f10872 call ef6310 call ef6330 786->815 816 f105a6-f105ef call eed0f0 call ee7e90 call ef6f40 GetDriveTypeA call ee20d0 786->816 790 f1167d-f1172f call f071e0 call eebe60 * 2 call eeba40 call eeb9f0 call f07220 call eeba40 call f07220 call eeba40 * 2 call f4bcfe 787->790 892 f11301-f1130d 788->892 835 f10883-f1088f 815->835 857 f105f5-f105fc 816->857 858 f1082f-f1083e call eeb9f0 816->858 839 f10891-f108b4 call ef93d0 call ef9ba0 835->839 840 f108ca-f109d7 call ef6410 call ef6ea0 call ef8d60 call f07700 835->840 865 f108b6-f108c3 call ef93d0 call f0f7b0 839->865 866 f108c8 839->866 902 f10c09-f10c38 call ef6310 call ef6330 840->902 903 f109dd-f10a26 call eed0f0 call ee7e90 call ef6f40 GetDriveTypeA call ee20d0 840->903 857->858 861 f10602-f10609 857->861 858->815 861->858 868 f1060f-f10616 861->868 865->866 866->835 868->858 874 f1061c-f10623 868->874 874->858 880 f10629-f1082a call ee69f0 call ef8c60 call ef6d50 call f01830 call f075c0 call f050b0 call f0fb40 call eebda0 call f075c0 call f050b0 call f0fb40 call eebda0 call eeba40 874->880 880->858 896 f11348-f1155e call f075c0 call f050b0 call f0fb40 call eebda0 call ef6310 call ef6330 892->896 897 f1130f-f11332 call ef93d0 call ef9ba0 892->897 998 f1156f-f1157b 896->998 921 f11334-f11341 call ef93d0 call f0f7b0 897->921 922 f11346 897->922 932 f10c49-f10c55 902->932 952 f10bf5-f10c04 call eeb9f0 903->952 953 f10a2c-f10a33 903->953 921->922 922->892 935 f10c90-f10d9d call ef6410 call ef6ea0 call ef8d60 call f07700 932->935 936 f10c57-f10c7a call ef93d0 call ef9ba0 932->936 1004 f10da3-f10df2 call eed0f0 call ee7e90 call ef6f40 GetDriveTypeA FreeConsole call ee20d0 935->1004 1005 f11125 935->1005 964 f10c7c-f10c89 call ef93d0 call f0f7b0 936->964 965 f10c8e 936->965 952->902 953->952 959 f10a39-f10a40 953->959 959->952 967 f10a46-f10a4d 959->967 964->965 965->932 967->952 974 f10a53-f10a5a 967->974 974->952 975 f10a60-f10bf0 call ee69f0 call ef8c60 call ef6d50 call f01830 call f075c0 call f050b0 call f0fb40 call eebda0 call eeba40 974->975 975->952 1002 f115b6-f11674 998->1002 1003 f1157d-f115a0 call ef93d0 call ef9ba0 998->1003 1002->790 1026 f115a2-f115af call ef93d0 call f0f7b0 1003->1026 1027 f115b4 1003->1027 1039 f11111-f11120 call eeb9f0 1004->1039 1040 f10df8-f10dff 1004->1040 1005->790 1026->1027 1027->998 1039->1005 1040->1039 1043 f10e05-f10e0c 1040->1043 1043->1039 1046 f10e12-f10e19 1043->1046 1046->1039 1049 f10e1f-f10e26 1046->1049 1049->1039 1051 f10e2c-f10ed8 call ee69f0 call ef8c60 call ef6d50 call f01830 call f4b796 1049->1051 1064 f10f17 1051->1064 1065 f10eda-f10f15 call f00d80 1051->1065 1067 f10f21-f1110c call f0faf0 call f051a0 call ef8d60 call ef6ea0 call f04ce0 call eeba40 1064->1067 1065->1067 1067->1039
          APIs
            • Part of subcall function 00F07E90: GetLogicalDriveStringsW.KERNELBASE(00000068,?,0000000C,F58088C3), ref: 00F07F0F
            • Part of subcall function 00F07E90: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F081F5
            • Part of subcall function 00EE1D10: char_traits.LIBCPMTD ref: 00EE1D4D
          • FreeConsole.KERNEL32(?,?,?,?), ref: 00F10530
          • GetDriveTypeA.KERNEL32(00000000,00000000,00000004,?,?), ref: 00F105CA
          • operator!=.LIBCPMTD ref: 00F105E2
          • FreeConsole.KERNEL32(?,?), ref: 00F1112E
          • Concurrency::details::VirtualProcessor::IsAvailable.LIBCMTD ref: 00F11328
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1168E
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1169A
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116A6
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116D0
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116EB
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Container_base12Container_base12::~_std::_$ConsoleDriveFree$AvailableConcurrency::details::LogicalProcessor::StringsTypeVirtualchar_traitsoperator!=
          • String ID: *$1-Com2-dirChoose:$https://t.me/mamondec$mammoncomltd@gmail.com
          • API String ID: 3530596360-177152249
          • Opcode ID: f4743cdf740a05c2cc3b7546541724b964f288a1e4569a80bbae4867db1c944d
          • Instruction ID: cbf3b4c068deff9867ea21803c79c06973fd783bbb430d69865a0696ceda1eaf
          • Opcode Fuzzy Hash: f4743cdf740a05c2cc3b7546541724b964f288a1e4569a80bbae4867db1c944d
          • Instruction Fuzzy Hash: EE923571D0525CDBCB25EB64CC95BEEB7B4AF58300F5041E9A10A67292DB702F88EF91
          Function 00F094A2 Relevance: 21.4, APIs: 1, Strings: 11, Instructions: 441COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1254 f094a2-f094b3 call f11760 1257 f094b8-f094c2 call f10260 1254->1257 1259 f094c7-f0950e call f736cb call ee8040 call ef6410 1257->1259 1265 f09513-f09524 call f05970 1259->1265 1267 f09529-f09827 call ee69f0 call f0f3d0 call f0df20 call f018e0 call f101c0 call ee2200 call ee21c0 call ee2110 call ee21c0 call f01dd0 call ee21c0 call f01dd0 call ee21c0 call ee1cd0 * 2 call eeb9f0 * 9 1265->1267 1315 f0982c-f09832 call ef7310 1267->1315 1317 f09837-f09842 call ef6410 1315->1317 1319 f09847-f09851 call ee8b60 1317->1319 1321 f09856-f098e5 call f13030 * 2 call ef6410 call ee6c90 call f13f80 call ee8040 call ee82f0 call ef6410 1319->1321 1337 f098ea-f098fd call f05a80 1321->1337 1339 f09902-f09922 call ef6410 call ef6f40 1337->1339 1343 f09927-f0992e call f05590 1339->1343 1345 f09933-f0998c call ef6410 call ef6f90 call ee9320 call ef6410 call f4b796 1343->1345 1356 f09992-f099bd call ef6410 call f4b796 1345->1356 1357 f09a4b 1345->1357 1366 f099f9 1356->1366 1367 f099bf-f099f7 call ef6410 call ef6f90 call ee9320 1356->1367 1359 f09a55-f09a9a call ef6f40 call f063f0 1357->1359 1368 f09a9f-f09aa9 call ef7350 1359->1368 1371 f09a03-f09a49 call f15c70 1366->1371 1367->1371 1373 f09aae-f09ad5 call f0dfd0 call ef6410 call ef6f40 1368->1373 1371->1359 1385 f09ada-f09afd call f05ae0 call eecb50 call ef7350 1373->1385 1391 f09b02-f09b99 call ee69f0 call ef8c60 call ef6d50 call f01830 call f65010 call ef6f90 1385->1391 1403 f09b9e-f09b9f call f6d281 1391->1403 1405 f09ba4-f09bea call ee8040 1403->1405 1408 f09bfb-f09c02 1405->1408 1409 f09c30-f09c76 call ef6410 call ee9b90 call ef6410 call f4b796 1408->1409 1410 f09c04-f09c2e call eecf10 1408->1410 1422 f09c78-f09c98 call ef6410 call ee8bd0 1409->1422 1423 f09c9a 1409->1423 1410->1408 1425 f09ca4-f09d55 call ee9da0 call f3bd90 call ef6410 call ee6fc0 call ee8120 call ef6410 call f4b796 1422->1425 1423->1425 1443 f09dfa 1425->1443 1444 f09d5b-f09d83 call ef6410 call f4b796 1425->1444 1445 f09e04-f09e4f call ee9da0 call ef6410 call ef6f90 1443->1445 1454 f09d85-f09daa call ef6410 call ee74a0 1444->1454 1455 f09dac 1444->1455 1460 f09e54-f09e5b call ee79a0 1445->1460 1456 f09db6-f09df8 call ee9a00 1454->1456 1455->1456 1456->1445 1466 f09e60-f09e7e call ef9490 1460->1466 1469 f09e80-f09e8f call f000a0 1466->1469 1470 f09ee9-f09f41 call ef6410 call ef6ea0 call ef8d60 call f07700 1466->1470 1473 f09e94-f09ed9 call eff060 call ef6f40 call f000a0 1469->1473 1489 f0a213-f0a21e call ef6410 1470->1489 1490 f09f47-f09f7b call eed0f0 call ee7e90 call ee20d0 1470->1490 1486 f09ede-f09ee4 call ef7310 1473->1486 1486->1470 1494 f0a223-f0a259 call f056b0 call f01d10 call f0e010 1489->1494 1504 f09f81-f09f9a call ee20d0 1490->1504 1505 f0a1ff-f0a20e call eeb9f0 1490->1505 1506 f0a25e-f0a966 call f07920 call eed9d0 call eec490 call eeb9f0 call eeb170 call eec490 call eeda90 call eeb9f0 call eeba40 call eeda00 call eec1a0 call eec180 call f078f0 call eeda00 call eeba40 call eeb9f0 call eeb060 call eebfa0 call eeb9f0 call eed9d0 call eeb9f0 call eeba40 * 2 call eec330 * 2 call eeda90 call eec330 call eeb9f0 call f079b0 call eebfa0 call eed9d0 call f07220 call ee69f0 call f0f3d0 call f0df20 call f018e0 call ef6410 call ee69f0 call ee7e90 * 2 call ee83e0 call f06060 call f4bdb3 call f05f00 call f07220 call eeb9f0 call eeba40 * 2 call eeb9f0 * 2 call eeba40 call f4bcfe 1494->1506 1504->1505 1512 f09fa0-f09fb9 call ee20d0 1504->1512 1505->1489 1512->1505 1518 f09fbf-f0a030 call f01e10 call f01990 call f0f5a0 1512->1518 1532 f0a032-f0a03c 1518->1532 1533 f0a03e 1518->1533 1535 f0a048-f0a07b call eec8c0 call eeb9f0 1532->1535 1533->1535 1545 f0a081-f0a13d call f01e10 call f01990 call ef6f90 call f01150 call f0e050 call eec8c0 * 2 call eeb9f0 1535->1545 1546 f0a142-f0a1f3 1535->1546 1545->1546 1546->1505
          APIs
          • _strftime.LIBCMT ref: 00F094E5
            • Part of subcall function 00F05970: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F059B4
            • Part of subcall function 00EE2200: char_traits.LIBCPMTD ref: 00EE2243
            • Part of subcall function 00F05590: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F055DE
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::$_strftimechar_traits
          • String ID: ID:$Data:$Date:$Mail:$ $#$%d-%m-%Y %H:%M:%S$C:\RSADecryptKey\KEY.DAT$C:\RSADecryptKey\KEY.txt$C:\RSADecryptKey\Key.txt$DP8WG91XFS
          • API String ID: 2150282084-927231896
          • Opcode ID: d4d792bb511986a6d21f6b7d33ece4c961def5d72b9a4ae20fcc40cab4eaa796
          • Instruction ID: 669a02d0df1021865f1fe25fee9b131de7da424464db9ee066241ac063fa72e1
          • Opcode Fuzzy Hash: d4d792bb511986a6d21f6b7d33ece4c961def5d72b9a4ae20fcc40cab4eaa796
          • Instruction Fuzzy Hash: 33222871D0429C9ADB25EB54CC95BEDB7B4AF54300F0081E9E24977292DBB06F88DF51
          Function 00F342F0 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 316COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1653 f342f0-f34363 1655 f34397-f343da call f4b796 1653->1655 1656 f34365-f3437e 1653->1656 1663 f34448 1655->1663 1664 f343dc-f34446 call ef95e0 call ee7820 1655->1664 1656->1655 1659 f34380-f34392 1656->1659 1666 f345eb-f34607 call f4bcfe 1659->1666 1665 f3444a-f34456 1663->1665 1664->1665 1668 f34465-f34478 1665->1668 1669 f34458-f34461 1665->1669 1672 f3452f-f34534 1668->1672 1673 f3447e-f3448c call efd850 1668->1673 1669->1668 1676 f3453a-f34548 call f0f8d0 1672->1676 1677 f345e8 1672->1677 1681 f34491-f3449a 1673->1681 1682 f3454d-f34556 1676->1682 1677->1666 1683 f344bf-f344cf 1681->1683 1684 f3449c-f344b7 1681->1684 1685 f34588-f34596 1682->1685 1686 f34558-f34573 1682->1686 1689 f344d1-f344e5 call efc200 1683->1689 1690 f344ea-f344f7 1683->1690 1687 f3460a-f3460d 1684->1687 1688 f344bd 1684->1688 1691 f345b1-f345be 1685->1691 1696 f34598-f345ac call efc200 1685->1696 1686->1691 1692 f34575-f34578 1686->1692 1693 f34616-f34623 1687->1693 1694 f3460f-f34614 1687->1694 1688->1690 1708 f34636-f34643 call eea760 1689->1708 1697 f34527-f3452c 1690->1697 1698 f344f9-f34522 call f151c0 call f338e0 1690->1698 1691->1677 1700 f345c0-f345e6 call ee8040 call f338e0 1691->1700 1692->1693 1701 f3457e-f34583 1692->1701 1702 f34626-f34635 call efc200 1693->1702 1694->1702 1696->1708 1697->1672 1717 f34646-f3465b call f63148 1698->1717 1700->1717 1701->1702 1702->1708 1708->1717 1721 f34666-f346ce call f352c0 call f35120 call f352c0 call f34f80 1717->1721 1722 f3465d-f34665 1717->1722
          APIs
          • std::make_error_code.LIBCPMTD ref: 00F344D7
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F34639
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F34647
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::ios_base::failure::failurestd::make_error_code
          • String ID: OutputBinaryMode$OutputFileName$OutputFileNameWide$OutputStreamPointer$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 1223328998-481334218
          • Opcode ID: 72bcaa844a583c5c80d0a0515ae0acadb31ea00e9d8ab439453f2a3164e21fe8
          • Instruction ID: 86af6e75c6b6c527d56d10c2243dbe245dac827a437ce1bd161da5fdd215dba1
          • Opcode Fuzzy Hash: 72bcaa844a583c5c80d0a0515ae0acadb31ea00e9d8ab439453f2a3164e21fe8
          • Instruction Fuzzy Hash: 18C1FF71A003099FDB14CF68C981FAAB7E4FF44314F14856DE819AB292EB75FA05DB81
          Function 00F8793E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1731 f8793e-f8796e call f876a1 1734 f87989-f87995 call f84080 1731->1734 1735 f87970-f8797b call f6c94f 1731->1735 1741 f879ae-f879f7 call f8760c 1734->1741 1742 f87997-f879ac call f6c94f call f6c962 1734->1742 1740 f8797d-f87984 call f6c962 1735->1740 1749 f87c60-f87c66 1740->1749 1751 f879f9-f87a02 1741->1751 1752 f87a64-f87a6d GetFileType 1741->1752 1742->1740 1753 f87a39-f87a5f GetLastError call f6c92c 1751->1753 1754 f87a04-f87a08 1751->1754 1755 f87a6f-f87aa0 GetLastError call f6c92c CloseHandle 1752->1755 1756 f87ab6-f87ab9 1752->1756 1753->1740 1754->1753 1758 f87a0a-f87a37 call f8760c 1754->1758 1755->1740 1770 f87aa6-f87ab1 call f6c962 1755->1770 1761 f87abb-f87ac0 1756->1761 1762 f87ac2-f87ac8 1756->1762 1758->1752 1758->1753 1764 f87acc-f87b1a call f83fc9 1761->1764 1763 f87aca 1762->1763 1762->1764 1763->1764 1773 f87b2a-f87b4e call f873bf 1764->1773 1774 f87b1c-f87b28 call f8781d 1764->1774 1770->1740 1781 f87b50 1773->1781 1782 f87b61-f87ba4 1773->1782 1774->1773 1780 f87b52-f87b5c call f7d58d 1774->1780 1780->1749 1781->1780 1783 f87bc5-f87bd3 1782->1783 1784 f87ba6-f87baa 1782->1784 1787 f87bd9-f87bdd 1783->1787 1788 f87c5e 1783->1788 1784->1783 1786 f87bac-f87bc0 1784->1786 1786->1783 1787->1788 1790 f87bdf-f87c12 CloseHandle call f8760c 1787->1790 1788->1749 1793 f87c14-f87c40 GetLastError call f6c92c call f84192 1790->1793 1794 f87c46-f87c5a 1790->1794 1793->1794 1794->1788
          APIs
            • Part of subcall function 00F8760C: CreateFileW.KERNELBASE(00000000,00000000,?,00F879E7,?,?,00000000,?,00F879E7,00000000,0000000C), ref: 00F87629
          • GetLastError.KERNEL32 ref: 00F87A52
          • __dosmaperr.LIBCMT ref: 00F87A59
          • GetFileType.KERNELBASE(00000000), ref: 00F87A65
          • GetLastError.KERNEL32 ref: 00F87A6F
          • __dosmaperr.LIBCMT ref: 00F87A78
          • CloseHandle.KERNEL32(00000000), ref: 00F87A98
          • CloseHandle.KERNEL32(?), ref: 00F87BE2
          • GetLastError.KERNEL32 ref: 00F87C14
          • __dosmaperr.LIBCMT ref: 00F87C1B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
          • String ID: H
          • API String ID: 4237864984-2852464175
          • Opcode ID: d5f67637dde11c2aa4b82f2b070e2332a1aca39ef4e2cfcd77eb95b9336b2002
          • Instruction ID: 9b960ca663a815e0175a703ca36124569090923e4107271e684e0721f626eb4f
          • Opcode Fuzzy Hash: d5f67637dde11c2aa4b82f2b070e2332a1aca39ef4e2cfcd77eb95b9336b2002
          • Instruction Fuzzy Hash: 5EA10832A082099FDF19BF78DC52BEE7BA1AB06320F240159F8519B3E1D735D912EB51
          Function 00F7EB20 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1965 f7eb20-f7eb30 1966 f7eb32-f7eb45 call f6c94f call f6c962 1965->1966 1967 f7eb4a-f7eb4c 1965->1967 1983 f7eecc 1966->1983 1969 f7eeb4-f7eec1 call f6c94f call f6c962 1967->1969 1970 f7eb52-f7eb58 1967->1970 1988 f7eec7 call f6c879 1969->1988 1970->1969 1973 f7eb5e-f7eb89 1970->1973 1973->1969 1976 f7eb8f-f7eb98 1973->1976 1979 f7ebb2-f7ebb4 1976->1979 1980 f7eb9a-f7ebad call f6c94f call f6c962 1976->1980 1981 f7eeb0-f7eeb2 1979->1981 1982 f7ebba-f7ebbe 1979->1982 1980->1988 1987 f7eecf-f7eed4 1981->1987 1982->1981 1986 f7ebc4-f7ebc8 1982->1986 1983->1987 1986->1980 1990 f7ebca-f7ebe1 1986->1990 1988->1983 1993 f7ebe3-f7ebe6 1990->1993 1994 f7ebfe-f7ec07 1990->1994 1996 f7ebf0-f7ebf9 1993->1996 1997 f7ebe8-f7ebee 1993->1997 1998 f7ec25-f7ec2f 1994->1998 1999 f7ec09-f7ec20 call f6c94f call f6c962 call f6c879 1994->1999 2002 f7ec9a-f7ecb4 1996->2002 1997->1996 1997->1999 2000 f7ec36-f7ec54 call f7f17c call f7b207 * 2 1998->2000 2001 f7ec31-f7ec33 1998->2001 2031 f7ede7 1999->2031 2035 f7ec56-f7ec6c call f6c962 call f6c94f 2000->2035 2036 f7ec71-f7ec97 call f7f073 2000->2036 2001->2000 2004 f7ecba-f7ecca 2002->2004 2005 f7ed88-f7ed91 call f86ef5 2002->2005 2004->2005 2008 f7ecd0-f7ecd2 2004->2008 2018 f7ee04 2005->2018 2019 f7ed93-f7eda5 2005->2019 2008->2005 2012 f7ecd8-f7ecfe 2008->2012 2012->2005 2016 f7ed04-f7ed17 2012->2016 2016->2005 2021 f7ed19-f7ed1b 2016->2021 2023 f7ee08-f7ee20 ReadFile 2018->2023 2019->2018 2024 f7eda7-f7edb6 GetConsoleMode 2019->2024 2021->2005 2026 f7ed1d-f7ed48 2021->2026 2028 f7ee22-f7ee28 2023->2028 2029 f7ee7c-f7ee87 GetLastError 2023->2029 2024->2018 2030 f7edb8-f7edbc 2024->2030 2026->2005 2034 f7ed4a-f7ed5d 2026->2034 2028->2029 2039 f7ee2a 2028->2039 2037 f7eea0-f7eea3 2029->2037 2038 f7ee89-f7ee9b call f6c962 call f6c94f 2029->2038 2030->2023 2032 f7edbe-f7edd8 ReadConsoleW 2030->2032 2033 f7edea-f7edf4 call f7b207 2031->2033 2040 f7edda GetLastError 2032->2040 2041 f7edf9-f7ee02 2032->2041 2033->1987 2034->2005 2045 f7ed5f-f7ed61 2034->2045 2035->2031 2036->2002 2042 f7ede0-f7ede6 call f6c92c 2037->2042 2043 f7eea9-f7eeab 2037->2043 2038->2031 2049 f7ee2d-f7ee3f 2039->2049 2040->2042 2041->2049 2042->2031 2043->2033 2045->2005 2052 f7ed63-f7ed83 2045->2052 2049->2033 2056 f7ee41-f7ee45 2049->2056 2052->2005 2057 f7ee47-f7ee57 call f7e83c 2056->2057 2058 f7ee5e-f7ee69 2056->2058 2070 f7ee5a-f7ee5c 2057->2070 2064 f7ee75-f7ee7a call f7e67c 2058->2064 2065 f7ee6b call f7e98c 2058->2065 2071 f7ee70-f7ee73 2064->2071 2065->2071 2070->2033 2071->2070
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea2446f680a635e25af1af8a24e0f159b84eae9d7235c16d4ee0705d5dd8303f
          • Instruction ID: 1d48eef5b47cfacdf24a2bfe1a5b678695586899162beffd824b148bb001922a
          • Opcode Fuzzy Hash: ea2446f680a635e25af1af8a24e0f159b84eae9d7235c16d4ee0705d5dd8303f
          • Instruction Fuzzy Hash: 26C1C775D04249AFDB11DFA8CC45BAD7FB4AF0E320F14848BE498A7392C7749941EB62
          Function 00F33FE0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 254COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2073 f33fe0-f34015 2074 f34104-f34117 2073->2074 2075 f3401b-f34023 2073->2075 2076 f34025-f34029 2075->2076 2077 f3407d-f340e4 call f352c0 call f35120 call f352c0 2075->2077 2076->2077 2078 f3402b-f3402e 2076->2078 2090 f340e6 2077->2090 2091 f3411a-f34170 call f34f80 2077->2091 2078->2077 2080 f34030 call f34e10 2078->2080 2084 f34035-f34038 2080->2084 2084->2074 2086 f3403e-f3407a 2084->2086 2093 f340f0-f340fa 2090->2093 2094 f340e8-f340ee 2090->2094 2099 f34172-f34187 2091->2099 2100 f3418a-f341ae 2091->2100 2095 f340ff call f34f80 2093->2095 2094->2091 2094->2093 2095->2074 2101 f341b0-f341c9 2100->2101 2102 f3420b-f34270 call efc200 call eea760 call f63148 2100->2102 2101->2095 2101->2102 2109 f34272-f34284 call ef9220 2102->2109 2110 f342a4-f342cd call ee8040 call f33750 call f63148 2102->2110 2115 f342d2-f342e8 call f33da0 call f63148 2109->2115 2116 f34286-f342a1 call f4bcfe 2109->2116 2110->2115
          Strings
          • ios_base::badbit set, xrefs: 00F3421D
          • FileSink: output stream not opened, xrefs: 00F342A4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: FileSink: output stream not opened$ios_base::badbit set
          • API String ID: 0-2369792863
          • Opcode ID: 2bf68932ff65b23880cc610b7960e0340a2258eda387996ccc8ab434e3fd6e3a
          • Instruction ID: 7ce37ca84748ba75f8c155d9876c38c341d45bc1b763a9471562a26b354d456c
          • Opcode Fuzzy Hash: 2bf68932ff65b23880cc610b7960e0340a2258eda387996ccc8ab434e3fd6e3a
          • Instruction Fuzzy Hash: A9918C71E047099FDB18DFA8C941BAEB7B4FF58720F00862EE815A7681DB35B950DB90
          Function 00F755DE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 200COMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2126 f755de-f755e8 2127 f755ea-f755ef call f78f6a 2126->2127 2128 f755f8-f75614 call f74632 2126->2128 2132 f755f4-f755f6 2127->2132 2133 f75616-f75619 2128->2133 2134 f75620-f75630 call f7b1aa 2128->2134 2135 f7566c-f7566f 2132->2135 2136 f75670-f7568e call f6c8a6 call f4cbb0 call f755de 2133->2136 2137 f7561b-f7561e 2133->2137 2142 f75632-f75646 call f74632 2134->2142 2143 f75661-f7566b call f7b207 2134->2143 2156 f75693-f75699 2136->2156 2137->2134 2137->2136 2151 f75654-f7565f call f78f6a 2142->2151 2152 f75648-f7564b 2142->2152 2143->2135 2151->2143 2152->2136 2154 f7564d-f75650 2152->2154 2154->2143 2157 f75652 2154->2157 2159 f756a2-f756d1 call f7b055 call f748d3 2156->2159 2160 f7569b-f7569d 2156->2160 2157->2136 2168 f756d3-f756d6 2159->2168 2169 f756eb-f756fc call f7f17c 2159->2169 2161 f757c6-f757cb call f4cbf6 2160->2161 2170 f756dd 2168->2170 2171 f756d8-f756db 2168->2171 2169->2160 2177 f756fe-f7571c call f748d3 2169->2177 2174 f756e2 call f6c8a6 2170->2174 2171->2170 2173 f756e7-f756e9 2171->2173 2173->2160 2173->2169 2174->2173 2180 f7573f-f75759 call f750c1 2177->2180 2181 f7571e-f75721 2177->2181 2188 f75775-f7577f 2180->2188 2189 f7575b-f75761 2180->2189 2183 f75723-f75726 2181->2183 2184 f75728-f7572d 2181->2184 2183->2184 2185 f7572f-f75731 2183->2185 2184->2174 2185->2180 2187 f75733-f7573a call f7b207 2185->2187 2187->2160 2192 f75781-f75788 2188->2192 2193 f757a8-f757c4 call f757cf 2188->2193 2189->2188 2191 f75763-f75772 call f7b207 2189->2191 2191->2188 2192->2193 2197 f7578a-f75790 2192->2197 2193->2161 2197->2193 2200 f75792-f75797 2197->2200 2200->2193 2201 f75799-f757a3 call f7b207 2200->2201 2201->2193
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __cftoe
          • String ID: #=
          • API String ID: 4189289331-909207662
          • Opcode ID: 0ffc713ea65da4d72a33a16d85e0702763480409b2e953d9f9af18421d7367dd
          • Instruction ID: d0060f244cc7d5df56f0cdbefbe964d5831a2423c7b12f70e692c16615f9a8bb
          • Opcode Fuzzy Hash: 0ffc713ea65da4d72a33a16d85e0702763480409b2e953d9f9af18421d7367dd
          • Instruction Fuzzy Hash: F6513B32C00605ABDB249B68CC41FAE77A9EF49B30F54C21BF81DD2192DB75D901BA66
          Function 00F806E3 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171timeCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2204 f806e3-f8070b call f7fed9 call f7ff37 2209 f80711-f8071d call f7fedf 2204->2209 2210 f80833-f8088f call f6c8a6 call f898db 2204->2210 2209->2210 2215 f80723-f8072f call f7ff0b 2209->2215 2222 f80899-f8089c 2210->2222 2223 f80891-f80897 2210->2223 2215->2210 2221 f80735-f80756 call f7b207 GetTimeZoneInformation 2215->2221 2232 f8075c-f8077d 2221->2232 2233 f8080f-f80832 call f7fed3 call f7fec7 call f7fecd 2221->2233 2224 f8089e-f808ae call f7f17c 2222->2224 2225 f808df-f808f1 2222->2225 2223->2225 2242 f808b8-f808d1 call f898db 2224->2242 2243 f808b0 2224->2243 2228 f80901 2225->2228 2229 f808f3-f808f6 2225->2229 2234 f80906-f8091d call f7b207 call f4bcfe 2228->2234 2235 f80901 call f806e3 2228->2235 2229->2228 2231 f808f8-f808ff call f8050e 2229->2231 2231->2234 2238 f8077f-f80784 2232->2238 2239 f80787-f8078e 2232->2239 2235->2234 2238->2239 2247 f80790-f80797 2239->2247 2248 f807a6-f807a9 2239->2248 2259 f808d3-f808d4 2242->2259 2260 f808d6-f808dc call f7b207 2242->2260 2244 f808b1-f808b6 call f7b207 2243->2244 2263 f808de 2244->2263 2247->2248 2253 f80799-f807a4 2247->2253 2255 f807ac-f807cd call f751c1 WideCharToMultiByte 2248->2255 2253->2255 2269 f807db-f807dd 2255->2269 2270 f807cf-f807d2 2255->2270 2259->2244 2260->2263 2263->2225 2272 f807df-f807fb WideCharToMultiByte 2269->2272 2270->2269 2271 f807d4-f807d9 2270->2271 2271->2272 2273 f8080a-f8080d 2272->2273 2274 f807fd-f80800 2272->2274 2273->2233 2274->2273 2275 f80802-f80808 2274->2275 2275->2233
          APIs
          • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00FA721C), ref: 00F8074D
          • WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00F807C5
          • WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00F807F2
          • _free.LIBCMT ref: 00F8073B
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F80907
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
          • String ID: Eastern Standard Time$Eastern Summer Time
          • API String ID: 1286116820-239921721
          • Opcode ID: 3f1c184faf0c79958ad89fc276c5645e57319c8319c2254148ae0e96caa1cadb
          • Instruction ID: be8bdeaa0b140887750241d82f57d009e8ed593f7f4f5a121e98a168bd7b0a9d
          • Opcode Fuzzy Hash: 3f1c184faf0c79958ad89fc276c5645e57319c8319c2254148ae0e96caa1cadb
          • Instruction Fuzzy Hash: FF51D671D00209EBDB10EFA9DD42DEE77B8EF41320B50426AE455971A1EB349E45FB90
          Function 00EFDA20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 167COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2276 efda20-efda51 call ef8de0 call ef8e60 2281 efda64-efda6e call efe1b0 2276->2281 2282 efda53-efda5f call efd800 2276->2282 2287 efdaaa-efdab1 2281->2287 2288 efda70-efda84 call efe1b0 call ef8df0 2281->2288 2289 efdbf9-efdc07 call f4bcfe 2282->2289 2292 efdabd-efdacc call ef5b70 2287->2292 2293 efdab3-efdab8 call ef8de0 2287->2293 2288->2287 2305 efda86-efdaa5 call eff550 call ef5560 2288->2305 2301 efdace-efdaef call eff550 call ee39b0 2292->2301 2302 efdb16-efdb63 call eff550 call efd9d0 2292->2302 2293->2289 2313 efdaf4-efdafc 2301->2313 2316 efdb69-efdb6d 2302->2316 2317 efdbf4 call ef8de0 2302->2317 2305->2289 2318 efdafe-efdb04 2313->2318 2319 efdb06-efdb0b call ef8de0 2313->2319 2321 efdb6f-efdb73 2316->2321 2322 efdb77-efdb82 2316->2322 2317->2289 2323 efdb0e-efdb11 2318->2323 2319->2323 2326 efdb75 2321->2326 2327 efdbc4-efdbdd call ee39b0 2321->2327 2328 efdba9-efdbb6 2322->2328 2329 efdb84-efdba0 call f6e258 2322->2329 2323->2289 2326->2317 2338 efdbdf-efdbe5 2327->2338 2339 efdbe7-efdbec call ef8de0 2327->2339 2333 efdbbd-efdbc2 call ef8de0 2328->2333 2334 efdbb8-efdbbb 2328->2334 2329->2328 2340 efdba2-efdba7 call ef8de0 2329->2340 2333->2289 2334->2289 2342 efdbef-efdbf2 2338->2342 2339->2342 2340->2289 2342->2289
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-3916222277
          • Opcode ID: 3506bf007627c0e697926483926f393d0e712733adb279870159a9c0692338d6
          • Instruction ID: 3090c08ff83036afd7708d103c2073be1a3f9f6947d9198d026a72ff7ddc3420
          • Opcode Fuzzy Hash: 3506bf007627c0e697926483926f393d0e712733adb279870159a9c0692338d6
          • Instruction Fuzzy Hash: 5551487190814CEFCF14EFE4D8819FDBBB6AF54304F04512AE602BB246EB31A945CB91
          Function 00F2C450 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 129COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2347 f2c450-f2c499 2348 f2c4a0-f2c4bc call f0cf80 2347->2348 2349 f2c49b 2347->2349 2352 f2c536-f2c55a 2348->2352 2353 f2c4be-f2c4c3 2348->2353 2349->2348 2354 f2c594-f2c596 2352->2354 2355 f2c55c-f2c56e 2352->2355 2353->2352 2356 f2c4c5-f2c4c8 2353->2356 2361 f2c598-f2c59d 2354->2361 2362 f2c59f-f2c5ab 2354->2362 2359 f2c570 2355->2359 2360 f2c575-f2c588 2355->2360 2357 f2c4ca-f2c4cc 2356->2357 2358 f2c4ce-f2c4e5 call f00200 2356->2358 2357->2352 2357->2358 2365 f2c4e7-f2c4ef 2358->2365 2359->2360 2360->2354 2363 f2c5ae-f2c5d4 call efc200 call eea760 call f63148 2361->2363 2362->2363 2367 f2c4f1-f2c4f4 2365->2367 2368 f2c4f6-f2c4fb 2365->2368 2367->2368 2370 f2c52f 2367->2370 2368->2370 2370->2352
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 0-1866435925
          • Opcode ID: 77a113fde9bc4411c0f37a5e8d0c504b41ce82ade4051164416a8dad759a3717
          • Instruction ID: 155b43beed3476c68db5dfc43a7386c8718084151b10a10625d0ab7c567d79bb
          • Opcode Fuzzy Hash: 77a113fde9bc4411c0f37a5e8d0c504b41ce82ade4051164416a8dad759a3717
          • Instruction Fuzzy Hash: A1418872A002189FDB10DF59D981BAAB7F4FF48324F18806EE9069B761C775ED40DB90
          Function 00F34E10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2375 f34e10-f34e59 2376 f34e60-f34e7c call f0cf80 2375->2376 2377 f34e5b 2375->2377 2380 f34e83-f34e97 2376->2380 2381 f34e7e-f34e81 2376->2381 2377->2376 2383 f34e99-f34e9f 2380->2383 2384 f34eae-f34eb0 call effbd0 2380->2384 2382 f34ee7-f34f0b 2381->2382 2385 f34f3a-f34f3c 2382->2385 2386 f34f0d-f34f1f 2382->2386 2383->2384 2387 f34ea1-f34eac 2383->2387 2389 f34eb3-f34ebd 2384->2389 2390 f34f45-f34f51 2385->2390 2391 f34f3e-f34f43 2385->2391 2392 f34f21 2386->2392 2393 f34f26-f34f39 2386->2393 2388 f34ee0 2387->2388 2388->2382 2389->2388 2394 f34f54-f34f7a call efc200 call eea760 call f63148 2390->2394 2391->2394 2392->2393
          APIs
          • std::make_error_code.LIBCPMTD ref: 00F34F5A
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F34F67
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F34F75
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::ios_base::failure::failurestd::make_error_code
          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 1223328998-1866435925
          • Opcode ID: 33f3361c5b42c9867b0ae3f24bbd61e7bf4cd0883b2a5b5098a935049eb3c7d3
          • Instruction ID: 1db970f5e3a259394dfca2bebdd15ec00e784572bfef04e56efd53c554cd07cb
          • Opcode Fuzzy Hash: 33f3361c5b42c9867b0ae3f24bbd61e7bf4cd0883b2a5b5098a935049eb3c7d3
          • Instruction Fuzzy Hash: 7941BD76A002049FDB10CF69C581B99B7F4FF48328F2882ADE4169B791C771ED44DB90
          Function 00F732EB Relevance: 9.3, APIs: 6, Instructions: 284COMMON
          Download Yara Rule
          APIs
          • __allrem.LIBCMT ref: 00F73478
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F73494
          • __allrem.LIBCMT ref: 00F734AB
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F734C9
          • __allrem.LIBCMT ref: 00F734E0
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F734FE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
          • String ID:
          • API String ID: 1992179935-0
          • Opcode ID: a77e04eae13f337b5024c1669fd718388e8668834d07a787b6af0674abc8c966
          • Instruction ID: 41e1dfaa950d512af23662f20a7b7c10457fc931ad98f9bf5989731c8480cf2e
          • Opcode Fuzzy Hash: a77e04eae13f337b5024c1669fd718388e8668834d07a787b6af0674abc8c966
          • Instruction Fuzzy Hash: C481DA72A00716BBE724AE79CC41B6A73A9AF41730F14C12BF459D7281EB74DB00B752
          Function 00F0CF80 Relevance: 9.2, APIs: 6, Instructions: 170COMMON
          Download Yara Rule
          APIs
          • std::ios_base::good.LIBCPMTD ref: 00F0CFBF
          • std::ios_base::getloc.LIBCPMTD ref: 00F0D036
          • std::locale::~locale.LIBCPMTD ref: 00F0D064
          • char_traits.LIBCPMTD ref: 00F0D0CC
          • std::ios_base::good.LIBCPMTD ref: 00F0D162
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::ios_base::good$char_traitsstd::ios_base::getlocstd::locale::~locale
          • String ID:
          • API String ID: 2604327947-0
          • Opcode ID: 876922d1c7ecb1d4bff2e5b3379ec2d179d936b6cba8994b28358a965320f262
          • Instruction ID: 2888a532ceb5c758d755861307f20af4d12f333d2556de45c3d4fea2688cc9d6
          • Opcode Fuzzy Hash: 876922d1c7ecb1d4bff2e5b3379ec2d179d936b6cba8994b28358a965320f262
          • Instruction Fuzzy Hash: 0C613CB5E00109DFDB04DFA4C891ABEF7B1BF48304F148259E915AB396DB35AD06EB90
          Function 00F0D1B0 Relevance: 9.2, APIs: 6, Instructions: 170COMMON
          Download Yara Rule
          APIs
          • std::ios_base::good.LIBCPMTD ref: 00F0D1EF
          • std::ios_base::getloc.LIBCPMTD ref: 00F0D266
          • std::locale::~locale.LIBCPMTD ref: 00F0D294
          • char_traits.LIBCPMTD ref: 00F0D303
          • std::ios_base::good.LIBCPMTD ref: 00F0D399
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::ios_base::good$char_traitsstd::ios_base::getlocstd::locale::~locale
          • String ID:
          • API String ID: 2604327947-0
          • Opcode ID: 2036ed6e9a28bf745a522c83c9fc605b65e2ae1998a0b6b1cfc9771ca10d527f
          • Instruction ID: 2359c6119f23f7231458f6b4aa1f3996057dfb4e6b46d9e2204bbab6ec4586f2
          • Opcode Fuzzy Hash: 2036ed6e9a28bf745a522c83c9fc605b65e2ae1998a0b6b1cfc9771ca10d527f
          • Instruction Fuzzy Hash: 8A614DB4E002099FCB04DFA4D891ABEF7B1FF88304F148159E9116B396DB35AD06EB91
          Function 00EE6300 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE632D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE6355
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE6390
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE639E
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE641D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: c7632c942ae6ccfae2f7a41212ad578bb2deedac1707dd5d559537141122c1d8
          • Instruction ID: fd1f5b86e8fb9234202b607b3691f38dace7edb5b2ff849b4374e933e0149927
          • Opcode Fuzzy Hash: c7632c942ae6ccfae2f7a41212ad578bb2deedac1707dd5d559537141122c1d8
          • Instruction Fuzzy Hash: FA41E874D0024DDFCB04EFA5D991AEEB7B0BF58710F108169E92277291DB346A05DFA1
          Function 00F01A60 Relevance: 7.7, APIs: 5, Instructions: 209COMMON
          Download Yara Rule
          APIs
          • std::ios_base::getloc.LIBCPMTD ref: 00F01AD7
            • Part of subcall function 00EF9450: std::locale::locale.LIBCPMTD ref: 00EF946A
            • Part of subcall function 00EE61C0: std::_Lockit::_Lockit.LIBCPMT ref: 00EE61ED
            • Part of subcall function 00EE61C0: std::locale::_Getfacet.LIBCPMTD ref: 00EE6215
            • Part of subcall function 00EE61C0: std::_Lockit::~_Lockit.LIBCPMT ref: 00EE62DD
          • std::locale::~locale.LIBCPMTD ref: 00F01AFF
          • char_traits.LIBCPMTD ref: 00F01BFC
          • std::ios_base::width.LIBCPMTD ref: 00F01CA9
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$GetfacetLockit::_Lockit::~_char_traitsstd::ios_base::getlocstd::ios_base::widthstd::locale::_std::locale::localestd::locale::~locale
          • String ID:
          • API String ID: 2839838247-0
          • Opcode ID: fd46ae5afabf73ca28f0c8a49c65dc7db940ff20f9c8ebf989ce919f703941c7
          • Instruction ID: 2d5a092971d35d8b1a2ade0e7a746cef43666a81cfc67beec9544784b21ec6f3
          • Opcode Fuzzy Hash: fd46ae5afabf73ca28f0c8a49c65dc7db940ff20f9c8ebf989ce919f703941c7
          • Instruction Fuzzy Hash: 5F911C74D01248DFDB04DF94C891BEEBBB1FF48314F248119E90AAB391DB34AA45EB90
          Function 00F78FEA Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7F17C: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          • _free.LIBCMT ref: 00F790F5
          • _free.LIBCMT ref: 00F7910C
          • _free.LIBCMT ref: 00F7912B
          • _free.LIBCMT ref: 00F79146
          • _free.LIBCMT ref: 00F7915D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$AllocateHeap
          • String ID:
          • API String ID: 3033488037-0
          • Opcode ID: 3adb6bd148579c87042e0715205506368875762f6034f6c1fbeb6d9331a3d16a
          • Instruction ID: 00b7c5db02d515843b9fd44cd0812a3e8ee6969c5cdcd150389bc9be4a9eb20f
          • Opcode Fuzzy Hash: 3adb6bd148579c87042e0715205506368875762f6034f6c1fbeb6d9331a3d16a
          • Instruction Fuzzy Hash: F7510272A04305AFDB20DF29CC41B6A77F5EF49720B14856AE80DD72A0E7B5D901EB42
          Function 00F08C77 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 165COMMON
          Download Yara Rule
          APIs
          • operator!=.LIBCPMTD ref: 00F08CDB
            • Part of subcall function 00F100B0: ___std_fs_space@16.LIBCPMT ref: 00F100D5
          • __aulldiv.LIBCMT ref: 00F08E03
            • Part of subcall function 00F01E10: char_traits.LIBCPMTD ref: 00F01E5D
            • Part of subcall function 00F0F5A0: Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00F0F5D8
          • Concurrency::details::SchedulerBase::HasSearchers.LIBCONCRTD ref: 00F09193
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Base::Concurrency::details::$ChoresGroupScheduleSchedulerSearchersSegmentUnrealized___std_fs_space@16__aulldivchar_traitsoperator!=
          • String ID: RSADecryptKey$RSADecryptKey\KEY.DAT
          • API String ID: 714118446-1337536221
          • Opcode ID: 6fdddc168724b9c0b37e582b4d8d833a2b04c1b3e4fc2b1f2e6d152a17e5768e
          • Instruction ID: 51545aa200b045fe565ba454ab31db7e9a3ce25a06b4a30c96d2f4b9a8212c1d
          • Opcode Fuzzy Hash: 6fdddc168724b9c0b37e582b4d8d833a2b04c1b3e4fc2b1f2e6d152a17e5768e
          • Instruction Fuzzy Hash: 0A812975C0426C9ADB28DB24CC90BEDBBB4AF48300F1480E9E24DA7282DB715F85EF51
          Function 00F7D58D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • CloseHandle.KERNELBASE(00000000,00000000,00F48FDB,?,00F7D4AB,00F48FDB,00FC17B8,0000000C), ref: 00F7D5E3
          • GetLastError.KERNEL32(?,00F7D4AB,00F48FDB,00FC17B8,0000000C), ref: 00F7D5ED
          • __dosmaperr.LIBCMT ref: 00F7D618
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CloseErrorHandleLast__dosmaperr
          • String ID: ~z
          • API String ID: 2583163307-3328201640
          • Opcode ID: afc37d59269b2b862d08ca6a6d72f75ac402de9340aa6063025987a33122d427
          • Instruction ID: 66e517f8acd28b7ddff31513d6734919a5c714cefbc54c3c1d3ab214755616de
          • Opcode Fuzzy Hash: afc37d59269b2b862d08ca6a6d72f75ac402de9340aa6063025987a33122d427
          • Instruction Fuzzy Hash: F9012B33E041341BD6293774AC46B7E7B6A8F82738F69411BF91C8B1D1DE649D81B292
          Function 00EE1D10 Relevance: 6.3, APIs: 4, Instructions: 269COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits$std::ios_base::width
          • String ID:
          • API String ID: 735177774-0
          • Opcode ID: fdf8da1dcd0518893f9a9998f691a096d413b456fe7557565a3e7e810fd489ad
          • Instruction ID: 219b3134d77ba9544ec57d17a205d583266ef4f1cb57cbd0d36b3248cfcf7e91
          • Opcode Fuzzy Hash: fdf8da1dcd0518893f9a9998f691a096d413b456fe7557565a3e7e810fd489ad
          • Instruction Fuzzy Hash: 1CC1E374A0025C9FDB14DFA9C891BEDBBB2BF48304F149159E909BB351CB34A981CF94
          Function 00F12A60 Relevance: 6.2, APIs: 4, Instructions: 214COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F12AD7
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: bcfcfd16b5384de912fb38de9f24c6db6719e8f344608ad7f7488c3f14d1d10b
          • Instruction ID: f1493d5375ae1af445cea07b084f00dfae439ffbd17ba9d1352065fac00eeb8b
          • Opcode Fuzzy Hash: bcfcfd16b5384de912fb38de9f24c6db6719e8f344608ad7f7488c3f14d1d10b
          • Instruction Fuzzy Hash: C4714B72904248EFCB04DF94D945FDEBBB8FB08710F004A6AF911A7681DB38EA54DB91
          Function 00EF3E30 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3E8F
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3E98
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00EF3EC2
            • Part of subcall function 00EE8700: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00EE872D
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3EFE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_Topology$Concurrency::details::Core::Exception@8GlobalLocinfo::~_Locinfo_ctorLockitLockit::_ObjectObject::Throwctypestd::bad_exception::bad_exceptionstd::locale::c_str
          • String ID:
          • API String ID: 1157453502-0
          • Opcode ID: b59892f9bfae61d2e73b14e01e0d70202461122276936b43abf443b302eeb8ce
          • Instruction ID: 93692177556eb7c08a6a73fa7a64bc7755c4bb51c0bcc3bf69d5ba76d63f6fea
          • Opcode Fuzzy Hash: b59892f9bfae61d2e73b14e01e0d70202461122276936b43abf443b302eeb8ce
          • Instruction Fuzzy Hash: AA31D5B1D0420DDBDB04DF98C941BEEBBB1FB48314F208269E525BB390D7756A44CB91
          Function 00F0899E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117COMMON
          Download Yara Rule
          APIs
          • operator!=.LIBCPMTD ref: 00F08A02
            • Part of subcall function 00F01E10: char_traits.LIBCPMTD ref: 00F01E5D
            • Part of subcall function 00F0F5A0: Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00F0F5D8
          • operator!=.LIBCPMTD ref: 00F08CDB
          • __aulldiv.LIBCMT ref: 00F08E03
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: operator!=$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealized__aulldivchar_traits
          • String ID: RSADecryptKey$RSADecryptKey
          • API String ID: 645171590-2986990275
          • Opcode ID: cd46b80e3aa98599e346f919a78b3465bd2598a38dee5dc8f83953ada2f910ed
          • Instruction ID: e44ac909212baa519adc2e8e975714bcd65e1d03e26ad10c07c522c4998623b1
          • Opcode Fuzzy Hash: cd46b80e3aa98599e346f919a78b3465bd2598a38dee5dc8f83953ada2f910ed
          • Instruction Fuzzy Hash: 9B517271C042AC9ADB25DB24CC41BEEB7B46F14340F1485E9A189B71C2EBB45F88EF61
          Function 00F16CB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F16D68
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrow
          • String ID: AAD$AuthenticatedEncryptionFilter
          • API String ID: 3976011213-396231977
          • Opcode ID: b8ddd2a2b59425d835f9288ebf1f602eca971be0add5b30c6f3e9f427e118e02
          • Instruction ID: 35301806d0ac288f8b001220f6394784b306ea7ecebcbea770007ea8ef88143f
          • Opcode Fuzzy Hash: b8ddd2a2b59425d835f9288ebf1f602eca971be0add5b30c6f3e9f427e118e02
          • Instruction Fuzzy Hash: 61319F72504209AFCB14DF90DC41FDEBBB8FF58710F000529F912A72A2DB75A954DBA1
          Function 00EE3BF0 Relevance: 4.7, APIs: 3, Instructions: 241COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits$std::ios_base::width
          • String ID:
          • API String ID: 735177774-0
          • Opcode ID: 8b47971cf328909219cdf6944f558336e35e45655cc75a334b8eb950f30f6464
          • Instruction ID: 43538204e42916a2a68b7b405b6920b0d8d2861aa8c08ddce697714cd3fcf187
          • Opcode Fuzzy Hash: 8b47971cf328909219cdf6944f558336e35e45655cc75a334b8eb950f30f6464
          • Instruction Fuzzy Hash: 11B1E474A0024CDFCB04DFA5C895AEDBBB1FF48304F249159E956BB391DB34AA41CB90
          Function 00F7DDD3 Relevance: 4.7, APIs: 3, Instructions: 186COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b70b12341573b59405140b340c36b0163756bea3eaacbd6143568752065971b5
          • Instruction ID: 7baf0e38be060da262a921042945c262f9c0bcde131038b4841bcbdd71d06e65
          • Opcode Fuzzy Hash: b70b12341573b59405140b340c36b0163756bea3eaacbd6143568752065971b5
          • Instruction Fuzzy Hash: 6351C471D0020AABDB119FA8CC45FEE7BB4AF55320F94805AF44DAB291D7359901FB62
          Function 00F0E150 Relevance: 4.7, APIs: 3, Instructions: 175COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F0DFB0: std::generic_category.LIBCPMTD ref: 00F0DFC0
          • std::_Is_slash_oper::operator.LIBCPMTD ref: 00F0E21E
          • ___std_fs_create_directory@4.LIBCPMT ref: 00F0E2BC
          • std::make_error_code.LIBCPMTD ref: 00F0E329
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Is_slash_oper::operator___std_fs_create_directory@4std::_std::generic_categorystd::make_error_code
          • String ID:
          • API String ID: 2349977466-0
          • Opcode ID: 63bf26d8c3be850a7a35aa802dd50524256f64990677839b0fcff54f228bb8ea
          • Instruction ID: 8d2655b17997159016ebd63324c8330c4d9811ecc6254d4664411a2f724406f9
          • Opcode Fuzzy Hash: 63bf26d8c3be850a7a35aa802dd50524256f64990677839b0fcff54f228bb8ea
          • Instruction Fuzzy Hash: 8B7116B1D0025CAFCB04EFE9E891AEEBBF5BF48310F144529E505A7391DB34A905DB90
          Function 00F8083E Relevance: 4.6, APIs: 3, Instructions: 80COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • _free.LIBCMT ref: 00F808B1
          • _free.LIBCMT ref: 00F80907
            • Part of subcall function 00F806E3: _free.LIBCMT ref: 00F8073B
            • Part of subcall function 00F806E3: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00FA721C), ref: 00F8074D
            • Part of subcall function 00F806E3: WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00F807C5
            • Part of subcall function 00F806E3: WideCharToMultiByte.KERNEL32(00000000,00000000,Eastern Summer Time,000000FF,?,0000003F,00000000,?), ref: 00F807F2
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ByteCharMultiWide$InformationTimeZone
          • String ID:
          • API String ID: 314583886-0
          • Opcode ID: 360501cd528859bdf62f896dbada0d8a39e3032cb1ae0c32b444ea2c1587069e
          • Instruction ID: 808028ef4cc94df5bfb407c4ff6d57011868685ec581613f9ecfd3a87b663c56
          • Opcode Fuzzy Hash: 360501cd528859bdf62f896dbada0d8a39e3032cb1ae0c32b444ea2c1587069e
          • Instruction Fuzzy Hash: B521FC72C042195BDB7176249C41FEE77689B82370F540396E854A3152EF748EC9BBD1
          Function 00F7EFDA Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • SetFilePointerEx.KERNELBASE(00000000,00000000,00F49005,00000000,00000002,00F49005,00000000,?,?,?,00F7F089,00000000,00000000,00F49005,00000002), ref: 00F7F013
          • GetLastError.KERNEL32(?,00F7F089,00000000,00000000,00F49005,00000002,?,00F6DEA1,?,00000000,00000000,00000001,?,00F49005,?,00F6DF56), ref: 00F7F01D
          • __dosmaperr.LIBCMT ref: 00F7F024
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorFileLastPointer__dosmaperr
          • String ID:
          • API String ID: 2336955059-0
          • Opcode ID: 76d059984a3f44d5bf81aa67c2983e7dd24a3aa79052b2b5ddef83f82380a539
          • Instruction ID: 316dc5656f7cfcecd1201410ecc47374a9f014ed6363cadded324c7af09f45d8
          • Opcode Fuzzy Hash: 76d059984a3f44d5bf81aa67c2983e7dd24a3aa79052b2b5ddef83f82380a539
          • Instruction Fuzzy Hash: D7019C33A10519ABCB059FA9DC05CBE7B2AEB85330B24424BF854C72D0EA70DC10B790
          Function 00F6D281 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
          Download Yara Rule
          APIs
          • DeleteFileW.KERNELBASE(00EFA17E,?,00EFA17E,00000000), ref: 00F6D289
          • GetLastError.KERNEL32(?,00EFA17E,00000000), ref: 00F6D293
          • __dosmaperr.LIBCMT ref: 00F6D29A
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: DeleteErrorFileLast__dosmaperr
          • String ID:
          • API String ID: 1545401867-0
          • Opcode ID: 94ea89c09e2cb9b2d375027f4a51e0320c6ca1af3d9e00ecd0edfc03f903b89e
          • Instruction ID: f14779ae3a37f0038a7c8cf142c48783ec57bd32915702e8e00801f7ce33c107
          • Opcode Fuzzy Hash: 94ea89c09e2cb9b2d375027f4a51e0320c6ca1af3d9e00ecd0edfc03f903b89e
          • Instruction Fuzzy Hash: 24D0123251460D67AB013BF6BC0892B3F5DFA857743540616F57CC51B0DE35C850A691
          Function 00F18380 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 387COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F18789
          Strings
          • FilterWithBufferedInput, xrefs: 00F18760
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: FilterWithBufferedInput
          • API String ID: 2005118841-4021797063
          • Opcode ID: 4ffdc28b79a82af2d19f0a926f52867dd6260d3685fca2b3fd928a532db51feb
          • Instruction ID: 9ed9a37993575674971fc78cadf4c8207006f149c5212eed9ecb039a46a8bfbd
          • Opcode Fuzzy Hash: 4ffdc28b79a82af2d19f0a926f52867dd6260d3685fca2b3fd928a532db51feb
          • Instruction Fuzzy Hash: FBF16D71A007099FCB24CFA8C984A9EBBF6FF88350F14462DE4469B644DB31F985DB90
          Function 00F100B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
          Download Yara Rule
          APIs
          • ___std_fs_space@16.LIBCPMT ref: 00F100D5
            • Part of subcall function 00F49D99: GetDiskFreeSpaceExW.KERNELBASE(?,?,00000000,00F100DA,?,?,00F100DA,00000000,?,?,?), ref: 00F49DAA
            • Part of subcall function 00EF5CB0: std::make_error_code.LIBCPMTD ref: 00EF5CF4
            • Part of subcall function 00EF5CB0: __CxxThrowException@8.LIBVCRUNTIME ref: 00EF5D41
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: DiskException@8FreeSpaceThrow___std_fs_space@16std::make_error_code
          • String ID: space
          • API String ID: 3930776848-695386426
          • Opcode ID: b73da4f31409775cf9d46a83f46d6e7458de57ff2141c1ced0b2d4f9fa609357
          • Instruction ID: ec7fbba1a9b18deac04d143c37cc9d154c1c8e0913f2481b69f5da79879b8f4d
          • Opcode Fuzzy Hash: b73da4f31409775cf9d46a83f46d6e7458de57ff2141c1ced0b2d4f9fa609357
          • Instruction Fuzzy Hash: B511ACB5D04209EFCB08DF98D5819AEFBB4FF4C310B108659E919A7341DB34AA44CBA5
          Function 00F0E0E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F06A40: std::generic_category.LIBCPMTD ref: 00F06A50
            • Part of subcall function 00F0E150: std::_Is_slash_oper::operator.LIBCPMTD ref: 00F0E21E
          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00F0E118
            • Part of subcall function 00F0D8D0: __CxxThrowException@8.LIBVCRUNTIME ref: 00F0D954
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Base::ChoresConcurrency::details::Exception@8GroupIs_slash_oper::operatorScheduleSegmentThrowUnrealizedstd::_std::generic_category
          • String ID: create_directories
          • API String ID: 3602585422-560696156
          • Opcode ID: 80b8120a91023a063805cd8792b334b73d5c0ec4502c33b17874d69a9ab44f81
          • Instruction ID: 440c300337f7dbfcf09eaaf814d0a4d55e8079363ed8052b1f078c49acad2eb4
          • Opcode Fuzzy Hash: 80b8120a91023a063805cd8792b334b73d5c0ec4502c33b17874d69a9ab44f81
          • Instruction Fuzzy Hash: 37F04F35D0010CBBCB14EBA4DD529EEB778AF14700F448598A9165B2C2EE34AB08E7A1
          Function 00F7D235 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _abort
          • String ID: SystemFunction036
          • API String ID: 1888311480-2669272182
          • Opcode ID: 3ec2a8234036e9e81abcace3c16ef6c8715c5be2dcf4ad78a82f0b3d183cabeb
          • Instruction ID: 7120c801ea000a821566fa49d7864bc318437c08785eaee00310ac0d4e59d282
          • Opcode Fuzzy Hash: 3ec2a8234036e9e81abcace3c16ef6c8715c5be2dcf4ad78a82f0b3d183cabeb
          • Instruction Fuzzy Hash: 63F05530B0120CB78B206F258D03DAEBFA0CF00B60B0480A6FD1A97251CE708E00B2D7
          Function 00EFF5E0 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Fgetc
          • String ID:
          • API String ID: 1720979605-0
          • Opcode ID: 455fbf2e91e5aabf911afc1980dc267423061206b7bdbe8389de4da8cadfb738
          • Instruction ID: 71f3af495f4844be4ab6c1599fe2590916e5a966076b5e494af946f3b93c5a4c
          • Opcode Fuzzy Hash: 455fbf2e91e5aabf911afc1980dc267423061206b7bdbe8389de4da8cadfb738
          • Instruction Fuzzy Hash: 5A710B72D0014CDFCB14EFA8E891AFEB7B4AF54314F109229E616B7295EB30AD45CB90
          Function 00EFF860 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Fgetc
          • String ID:
          • API String ID: 1720979605-0
          • Opcode ID: db0b0fb12cdc7c7bbe48fdf9aa4a3ffabc4dc87bff4cd52d8856f7a6b407dc22
          • Instruction ID: 3c6840a54e2715ec09b740c08c3ff7ad249010d981a51d1b9bceb06ba7f84fcb
          • Opcode Fuzzy Hash: db0b0fb12cdc7c7bbe48fdf9aa4a3ffabc4dc87bff4cd52d8856f7a6b407dc22
          • Instruction Fuzzy Hash: F9714871D1015CABCB18EFE4E991AFEB7B4AF54314F105229E616B7292EB306E05CB50
          Function 00EECB50 Relevance: 3.2, APIs: 2, Instructions: 164COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EEAB60: std::ios_base::good.LIBCPMTD ref: 00EEABA4
            • Part of subcall function 00EEAB60: std::ios_base::good.LIBCPMTD ref: 00EEAC01
          • std::ios_base::getloc.LIBCPMTD ref: 00EECBD8
            • Part of subcall function 00EF9450: std::locale::locale.LIBCPMTD ref: 00EF946A
            • Part of subcall function 00EE6300: std::_Lockit::_Lockit.LIBCPMT ref: 00EE632D
            • Part of subcall function 00EE6300: std::locale::_Getfacet.LIBCPMTD ref: 00EE6355
            • Part of subcall function 00EE6300: std::_Lockit::~_Lockit.LIBCPMT ref: 00EE641D
          • std::locale::~locale.LIBCPMTD ref: 00EECC00
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_std::ios_base::good$GetfacetLockit::_Lockit::~_std::ios_base::getlocstd::locale::_std::locale::localestd::locale::~locale
          • String ID:
          • API String ID: 581387798-0
          • Opcode ID: c7a9450dd54446368a394f74fc0bfa98526bd8cb71dd9913a25f46090ae8d722
          • Instruction ID: d1d2bf2d4b2c2ad1589e5459ee35e96aa847f74a3202cb9ab50bcdfacd60ebc6
          • Opcode Fuzzy Hash: c7a9450dd54446368a394f74fc0bfa98526bd8cb71dd9913a25f46090ae8d722
          • Instruction Fuzzy Hash: 5171F1B4D002489FCB08DF99D991AEEFBB1BF48314F249269E515BB391DB30A941CF60
          Function 00F023B0 Relevance: 3.1, APIs: 2, Instructions: 111COMMON
          Download Yara Rule
          APIs
          • std::ios_base::getloc.LIBCPMTD ref: 00F0242A
            • Part of subcall function 00EF9450: std::locale::locale.LIBCPMTD ref: 00EF946A
            • Part of subcall function 00F05220: std::_Lockit::_Lockit.LIBCPMT ref: 00F0524D
            • Part of subcall function 00F05220: std::locale::_Getfacet.LIBCPMTD ref: 00F05275
            • Part of subcall function 00F05220: std::_Lockit::~_Lockit.LIBCPMT ref: 00F0533D
          • std::locale::~locale.LIBCPMTD ref: 00F0249C
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$GetfacetLockit::_Lockit::~_std::ios_base::getlocstd::locale::_std::locale::localestd::locale::~locale
          • String ID:
          • API String ID: 1936111737-0
          • Opcode ID: 9df260e4933eefc416e871fc2edaafaccce45dc11e5cc525ade01a3cc754c483
          • Instruction ID: 49f96a5e392d3bb82572216844ce850d2a3d8072528b39a907dc3f044a2685fb
          • Opcode Fuzzy Hash: 9df260e4933eefc416e871fc2edaafaccce45dc11e5cc525ade01a3cc754c483
          • Instruction Fuzzy Hash: F54102B5E00208AFCB04DF98D995AEEBBF5EF48300F208159E505BB391DB356E04DBA1
          Function 00F01C3F Relevance: 3.1, APIs: 2, Instructions: 80COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traitsctypestd::ios_base::width
          • String ID:
          • API String ID: 2148534577-0
          • Opcode ID: 1c5c1fa949507642637a5ac55fffc6af5f0820b55b3ef04ff3aea8e780bee766
          • Instruction ID: 2494dbde35451d709f066c7cfac404ef3e873c93b3a4f3948c38b777dae44b99
          • Opcode Fuzzy Hash: 1c5c1fa949507642637a5ac55fffc6af5f0820b55b3ef04ff3aea8e780bee766
          • Instruction Fuzzy Hash: 42312B75E00208DFDB04DF94C991BEDBBB2FF88314F109159E9066B395DB31A941EB90
          Function 00F01C16 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traitsctypestd::ios_base::width
          • String ID:
          • API String ID: 2148534577-0
          • Opcode ID: 891854510b1d68451f8be6d3565d6715344ace5948491dfb4dd7a23fb0fbec08
          • Instruction ID: 2494dbde35451d709f066c7cfac404ef3e873c93b3a4f3948c38b777dae44b99
          • Opcode Fuzzy Hash: 891854510b1d68451f8be6d3565d6715344ace5948491dfb4dd7a23fb0fbec08
          • Instruction Fuzzy Hash: 42312B75E00208DFDB04DF94C991BEDBBB2FF88314F109159E9066B395DB31A941EB90
          Function 00F7D9EE Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • WriteFile.KERNELBASE(7408458B,?,?,?,00000000,?,00F6DF7D,E0830C40,?,00F7DF2A,00F49005,00F6DF7D,?,00F6DF7D,00F6DF7D,00F49005), ref: 00F7DA89
          • GetLastError.KERNEL32(?,00F7DF2A,00F49005,00F6DF7D,?,00F6DF7D,00F6DF7D,00F49005,00F6DF7D,?,00FC17F8,00000014,00F6D57F,00000000,8304488B,00F49005), ref: 00F7DAB2
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorFileLastWrite
          • String ID:
          • API String ID: 442123175-0
          • Opcode ID: 9fcc6f65ff0428f90b8fa7a6661c5c98418f7f5ce486e5c4a5fb4d2600d77009
          • Instruction ID: 8d1ba798c2c6d3e5dd7aa6795d19ce7514effd1e8bf2bd493bd51020dccd9aea
          • Opcode Fuzzy Hash: 9fcc6f65ff0428f90b8fa7a6661c5c98418f7f5ce486e5c4a5fb4d2600d77009
          • Instruction Fuzzy Hash: 7D21CE35A002199FDB15CF19CD80BE9B3F9FF48301F1044AAE94AD3252D774AE82DB60
          Function 00F4901C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Xfsopenstd::_
          • String ID:
          • API String ID: 2914972069-0
          • Opcode ID: 5fd760711497ba18b6ff248288de4e74c8fc52d0b3a92772dec83effb7234553
          • Instruction ID: 07e9316bb1d976826cf5c346be309bd34cdbb8840addd07dff87923219d8d46f
          • Opcode Fuzzy Hash: 5fd760711497ba18b6ff248288de4e74c8fc52d0b3a92772dec83effb7234553
          • Instruction Fuzzy Hash: C711A032F4421527DB2505689C02BBF3E879B417F0F184034FE4695199EEB9DC57B6D1
          Function 00F7BA17 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • GetStdHandle.KERNEL32(000000F6), ref: 00F7BA63
          • GetFileType.KERNELBASE(00000000), ref: 00F7BA75
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: FileHandleType
          • String ID:
          • API String ID: 3000768030-0
          • Opcode ID: 0d248f498102d9bbfa90d7f714cc4eb3b3c7e57bbbce549e6f0d7a70c9aac6cd
          • Instruction ID: b473377b102450ee084e7f513f43ec48fb1b758ab695c89513669c489dbbdf11
          • Opcode Fuzzy Hash: 0d248f498102d9bbfa90d7f714cc4eb3b3c7e57bbbce549e6f0d7a70c9aac6cd
          • Instruction Fuzzy Hash: C811937290874246E730AE3D8C887227A959B57330B38471BD9BA865F1C739DD81B242
          Function 00F7C9CC Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetProcAddress.KERNELBASE(00000000,?), ref: 00F7CA2C
          • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F7CA39
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AddressProc__crt_fast_encode_pointer
          • String ID:
          • API String ID: 2279764990-0
          • Opcode ID: 913328ef1baf631b3d2110c04c14df7b07eb4ec17e942c55045747a743b310a7
          • Instruction ID: 267a45618ab94f3522fb2167c11c3f2d1b016647587e86385d3ad3c584eec383
          • Opcode Fuzzy Hash: 913328ef1baf631b3d2110c04c14df7b07eb4ec17e942c55045747a743b310a7
          • Instruction Fuzzy Hash: 2E113A33E0012D9FAB21CE1DEC6199A77A5AB80B70716C226FD1DAB244DA34DD01B7D2
          Function 00EE2FA0 Relevance: 3.1, APIs: 2, Instructions: 61COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Min_value_memcpy_s
          • String ID:
          • API String ID: 987025274-0
          • Opcode ID: ee4d29d71be83b1b8f24faf267757a4d65b499c4ac26a4c53aebad6b7f5895f7
          • Instruction ID: eda4f2e8993fe8eeb72f081a7fc20d62d02c4f55a486bf93fc8db7c855cdccfb
          • Opcode Fuzzy Hash: ee4d29d71be83b1b8f24faf267757a4d65b499c4ac26a4c53aebad6b7f5895f7
          • Instruction Fuzzy Hash: 5A210A7160014DABCB04DFA9D895EEF77B9BF48304F109158FA19AB291D730EE51DBA0
          Function 00F00200 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
          Download Yara Rule
          APIs
          • __fread_nolock.LIBCMT ref: 00F002EF
            • Part of subcall function 00F00350: char_traits.LIBCPMTD ref: 00F0042E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __fread_nolockchar_traits
          • String ID:
          • API String ID: 2781282191-0
          • Opcode ID: c548c18eadb1d477cc35eaeee2e954bb5f0b3f15899cd15cc27e2c56b382713d
          • Instruction ID: 16b01b11c67e16ff89643d4ee62e30c17bd5f17ad8ee3897ce3f9869d0b0764c
          • Opcode Fuzzy Hash: c548c18eadb1d477cc35eaeee2e954bb5f0b3f15899cd15cc27e2c56b382713d
          • Instruction Fuzzy Hash: D341A475D0024CEFCB04DF98C995BAEB7B1FB88310F10C569E92997291DB74AA54EF40
          Function 00F07F4A Relevance: 1.6, APIs: 1, Instructions: 98COMMON
          Download Yara Rule
          APIs
          • GetDriveTypeW.KERNELBASE(?,?,?), ref: 00F08008
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F081F5
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Container_base12Container_base12::~_DriveTypestd::_
          • String ID:
          • API String ID: 563330359-0
          • Opcode ID: c2b7ccf106d7622343306ec6b4809d1c9d4a4aad675ecaf5f55c60e119ae79a1
          • Instruction ID: 9c128315566ec47d45514952f449ae14a3de42e1a9775333c66e711f44415f3d
          • Opcode Fuzzy Hash: c2b7ccf106d7622343306ec6b4809d1c9d4a4aad675ecaf5f55c60e119ae79a1
          • Instruction Fuzzy Hash: D241D271800269CBCB68DB54CD90BEEB7B1AF99304F1081D9D18A6B291DA706FD5EF80
          Function 00EFE2D0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EEAB60: std::ios_base::good.LIBCPMTD ref: 00EEABA4
            • Part of subcall function 00EEAB60: std::ios_base::good.LIBCPMTD ref: 00EEAC01
          • char_traits.LIBCPMTD ref: 00EFE37E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::ios_base::good$char_traits
          • String ID:
          • API String ID: 1812610724-0
          • Opcode ID: f3eb6433d42e521276c584a08309900caf4f192572293c57bc32ee7c1f1d586d
          • Instruction ID: ada3f53e3dc139a9520b8ed3576314bd216ad24ee916f9f1f97d1da640f503e0
          • Opcode Fuzzy Hash: f3eb6433d42e521276c584a08309900caf4f192572293c57bc32ee7c1f1d586d
          • Instruction Fuzzy Hash: 1741F5B1D0121C9FDB04DF95D991AEEBBF5FB48300F209269E502B7391DB35AA01CBA0
          Function 00F05590 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F055DE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: 08d05784ceb3b23bd1a61bf72286d87c1392d94c1bbc9f21029e0a3822a96a64
          • Instruction ID: 2b4c2aab31583ed398e2bc19328795664ca00cdfb343eab1b15f7c843bf59b00
          • Opcode Fuzzy Hash: 08d05784ceb3b23bd1a61bf72286d87c1392d94c1bbc9f21029e0a3822a96a64
          • Instruction Fuzzy Hash: 3631F6B4A0021ADFDB04DF88CD95BAEB7B1FF88704F148A58E5216B396C775AD01DB90
          Function 00F056B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F056F4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: d453129fd425a8e92367856d37deff3c8f4a743dd05a3e1a13a0754bc5ff0f6b
          • Instruction ID: 72dd6115b3351e8bafbd41bfd7f6d7a8073d33bc1aa6dea6a2e7126a1ea0c3b8
          • Opcode Fuzzy Hash: d453129fd425a8e92367856d37deff3c8f4a743dd05a3e1a13a0754bc5ff0f6b
          • Instruction Fuzzy Hash: EC31E7B4A0021ADFDB04DF98CD91BAFB7B1FF88704F148559E525AB391C771A900DB90
          Function 00F05970 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F059B4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: f2292f6e31471d4c6d6d52ca0efe2f048c2a314670a543129edffebbc10a5953
          • Instruction ID: 8b22310d5c9852cbd354bd7224d0c526d6e18b20b6827d4fc4e271c89972f3a7
          • Opcode Fuzzy Hash: f2292f6e31471d4c6d6d52ca0efe2f048c2a314670a543129edffebbc10a5953
          • Instruction Fuzzy Hash: D331E6B4A0425ADFDB04CF98C991BAEB7B1FF48704F108659E522AB391C775A900DB91
          Function 00F05AE0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F05B24
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: eecf306fa865de4da4df31ad09da268a3ac90aca9cb0aa2c46ef8c853dc6c691
          • Instruction ID: 2bae5733ed4b30e825149f06951fe16561d6b26c9a1cc93892061051c96fbbb2
          • Opcode Fuzzy Hash: eecf306fa865de4da4df31ad09da268a3ac90aca9cb0aa2c46ef8c853dc6c691
          • Instruction Fuzzy Hash: EA3105B4A0425ADFDB04CF98C991BAEB7B1FF89704F108658E522AB391C775AD00CB90
          Function 00EE79A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EE79E4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: 286afe6bae9fa1a64e2a07159080f233a531b997fa63c5d28e10c5ab41356731
          • Instruction ID: 623e07e6cb65a29eb4b2e6e3434da9e0e48d37f7ceef6d2ed52209b0c3c99007
          • Opcode Fuzzy Hash: 286afe6bae9fa1a64e2a07159080f233a531b997fa63c5d28e10c5ab41356731
          • Instruction Fuzzy Hash: 4631E6B4A0425ADFDB04CF98D991BAEB7B1FF48704F108659E526AB391D771AD00CB90
          Function 00EE7AB0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EE7AF4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtual$Concurrency::RootRoot::
          • String ID:
          • API String ID: 3936482309-0
          • Opcode ID: 5426760d41f6dab3e0efbe81cb3b5de03a3b5559b222b6e086f165260522d00c
          • Instruction ID: 548dffc0aec77405da4c1d0618ffded5c59e4f24f5c68487f66d887c5544c01e
          • Opcode Fuzzy Hash: 5426760d41f6dab3e0efbe81cb3b5de03a3b5559b222b6e086f165260522d00c
          • Instruction Fuzzy Hash: 4131E6B4A0425ADFDB04DF98C991BAEBBB1FF89704F108659E516AB391C771AD00CB90
          Function 00F6D8F4 Relevance: 1.6, APIs: 1, Instructions: 75COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • @_EH4_CallFilterFunc@8.LIBCMT ref: 00F6D9B9
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CallFilterFunc@8
          • String ID:
          • API String ID: 4062629308-0
          • Opcode ID: 6b6c3dd501d43349d3a758951c68625936c4f95125eafbf5b43f4d37b090cb2b
          • Instruction ID: 0ae2ef18f6c7d5f2dc3b27bd95d6dfbebdb7bb574c4e85b6873407deb71bbb27
          • Opcode Fuzzy Hash: 6b6c3dd501d43349d3a758951c68625936c4f95125eafbf5b43f4d37b090cb2b
          • Instruction Fuzzy Hash: F121D471F106059AD718AB388D0777E3751AF86374F288359F4A59B2E2DB78C902F781
          Function 00F6D76E Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • @_EH4_CallFilterFunc@8.LIBCMT ref: 00F6D836
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CallFilterFunc@8
          • String ID:
          • API String ID: 4062629308-0
          • Opcode ID: 5b49b79dd61ebd4c82c903d238b71c3526815858e468983ab3cac2e68a352d8f
          • Instruction ID: c218435d1a233b881bf393c89de1f59b9c395805abca4c7532a2bc5e396027eb
          • Opcode Fuzzy Hash: 5b49b79dd61ebd4c82c903d238b71c3526815858e468983ab3cac2e68a352d8f
          • Instruction Fuzzy Hash: 74212675F106155ACB18AB788D0777D3650AF86334F288359F8A19B2D2DB78CA02B792
          Function 00EFFBD0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-0
          • Opcode ID: 791e7840058cbb655d30c5a680b0f1b1641291c2911fee6aee051276001582e7
          • Instruction ID: 9e2e6be3dbfd1b1d110308dad2602342cae8431e666859e584280b1347f29b68
          • Opcode Fuzzy Hash: 791e7840058cbb655d30c5a680b0f1b1641291c2911fee6aee051276001582e7
          • Instruction Fuzzy Hash: 6921C474E0011DAFCF08EFA4D9958FEB7B5AF48300B1095AAE916B7351DB30AE01CB94
          Function 00EFFCA0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-0
          • Opcode ID: e8853f2f9be3cb7f789acd596697ab06f23a3572b91211c81f3cc70e2faad13f
          • Instruction ID: 8dd85b69785fff69dc7ad0895c4ddff2df9650f7fa6977a9e3d28d702b7d8831
          • Opcode Fuzzy Hash: e8853f2f9be3cb7f789acd596697ab06f23a3572b91211c81f3cc70e2faad13f
          • Instruction Fuzzy Hash: BF21DC78E0010DABCF08EFA4D5919FDB7B5EF58301B1091AAE91677351DB319E01CB95
          Function 00F13EE0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13F77
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: 92e5f830bcf4c7756c48e0f767022c886ca6d80e1a096abf2727218b6f3527aa
          • Instruction ID: f65745c5a321f1cf2034aafb5b84f67c13ab5efc9b97f481b013c0b00cbc3e5f
          • Opcode Fuzzy Hash: 92e5f830bcf4c7756c48e0f767022c886ca6d80e1a096abf2727218b6f3527aa
          • Instruction Fuzzy Hash: F2117C75A00208AFCB14DF98C845E9EBBB8FB49710F10456AF906A7341DB34A904CBA0
          Function 00EFD850 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F4901C: std::_Xfsopen.LIBCPMT ref: 00F48FC9
          • std::locale::~locale.LIBCPMTD ref: 00EFD8EB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Xfsopenstd::_std::locale::~locale
          • String ID:
          • API String ID: 1657636250-0
          • Opcode ID: 2efcf3ed75753e3f42e36769a88f49cdeb16a4e80dcd51905bb9827184caf261
          • Instruction ID: beca762a37638f4abf92d46a12491d95fd72534bf5c05be5cd60d384b0b4e407
          • Opcode Fuzzy Hash: 2efcf3ed75753e3f42e36769a88f49cdeb16a4e80dcd51905bb9827184caf261
          • Instruction Fuzzy Hash: C02108B1D1420D9FCB04DF98D941BAFB7B5BB48714F104629E525B7280E735AA00CBA1
          Function 00EFD910 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F4901C: std::_Xfsopen.LIBCPMT ref: 00F48FC9
          • std::locale::~locale.LIBCPMTD ref: 00EFD9AB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Xfsopenstd::_std::locale::~locale
          • String ID:
          • API String ID: 1657636250-0
          • Opcode ID: e984de941d785fd0c86cf863ee2a5132cf71f0a07ff6fd6c42452b5d1b0f80f3
          • Instruction ID: e12a84b71764c0f5341658e56a2e469a4293416527613120439a2be3c0e1960c
          • Opcode Fuzzy Hash: e984de941d785fd0c86cf863ee2a5132cf71f0a07ff6fd6c42452b5d1b0f80f3
          • Instruction Fuzzy Hash: E72108B1E1420DDFCB04DF98DD41BAEB7B5AB48710F104629E525B7281D775AA00CB90
          Function 00F0F8D0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
          • std::locale::~locale.LIBCPMTD ref: 00F0F96B
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::locale::~locale
          • String ID:
          • API String ID: 1329985212-0
          • Opcode ID: c071af6d5c10f2538563bdd0ef2d12997f92b6f5ba8f27d72128bac7ae7e305d
          • Instruction ID: eac086eb2689beef1c2daa4b97e5e7748287d57f97f326a32329501d3764f344
          • Opcode Fuzzy Hash: c071af6d5c10f2538563bdd0ef2d12997f92b6f5ba8f27d72128bac7ae7e305d
          • Instruction Fuzzy Hash: 352108B1D14209AFCB14DFA8D941BAFB7B5BB48310F104629E525A72C0D7356A04DBA0
          Function 00F0F990 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
          • std::locale::~locale.LIBCPMTD ref: 00F0FA2B
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::locale::~locale
          • String ID:
          • API String ID: 1329985212-0
          • Opcode ID: e3b59eee1b151ea4747ae2eaee18d1295e46528ac616c551d51bdf0bda4efc61
          • Instruction ID: 0d836caa4230b79e6266a421a18f979666914edb859578265121ca11edf498e5
          • Opcode Fuzzy Hash: e3b59eee1b151ea4747ae2eaee18d1295e46528ac616c551d51bdf0bda4efc61
          • Instruction Fuzzy Hash: A02108B1E1420DAFCB14DF98D942BAEB7B4AB48710F104629E525A72C1D735AA04DB90
          Function 00F0ACF0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator
          • String ID:
          • API String ID: 3447690668-0
          • Opcode ID: bdedc7a03f6aa9fd2ea7f277986d854aa55750aeaf7996623d4788d2c3880a23
          • Instruction ID: 3a5ac73c4ff339e925a324d97e9e22de997b9d5af21443d4a7a511893f8b078b
          • Opcode Fuzzy Hash: bdedc7a03f6aa9fd2ea7f277986d854aa55750aeaf7996623d4788d2c3880a23
          • Instruction Fuzzy Hash: 8621887190560CEFDB44EFE4C9926BEBBB1AF95301F5051A9E6066B3A1DB301F00EB91
          Function 00F7C6A6 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __wsopen_s
          • String ID:
          • API String ID: 3347428461-0
          • Opcode ID: bfcf1beaa17ab89eadf90d9f98ad2bea5d4924be735fe77187ff1fe896bcc592
          • Instruction ID: f710c7825faa7cc8f28a0cc70eb97deb1b62acd75bc4b0d059c5f96f446f2df3
          • Opcode Fuzzy Hash: bfcf1beaa17ab89eadf90d9f98ad2bea5d4924be735fe77187ff1fe896bcc592
          • Instruction Fuzzy Hash: 9411187590420AAFCF15DF58E98199A7BF5EF48310F1044AAF809AB311DB31EA21DBA5
          Function 00F7C72B Relevance: 1.6, APIs: 1, Instructions: 54COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __wsopen_s
          • String ID:
          • API String ID: 3347428461-0
          • Opcode ID: 98a2cafe1d67aed3213309e77201c0f6fe9edc897f67dd2364a519c555c5e9f0
          • Instruction ID: c6fe6f2fe385e65b7ae408cf73c2e548bcef007ee62ebe8fd1e17cbfec560ee4
          • Opcode Fuzzy Hash: 98a2cafe1d67aed3213309e77201c0f6fe9edc897f67dd2364a519c555c5e9f0
          • Instruction Fuzzy Hash: 9D111C75904109AFCB09DF58E94199B7BF5EF48310F10806AF808AB311DB31D9119BA5
          Function 00EFF3C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-0
          • Opcode ID: 89ae3686365d83640b3fc87629e3e6f98c3a2ebe1a696571d6a959fd5c1ad3da
          • Instruction ID: 0e9daae737f7011eec2913a3d8d4f27447ecf6a55df09f5e60e63abb116585d8
          • Opcode Fuzzy Hash: 89ae3686365d83640b3fc87629e3e6f98c3a2ebe1a696571d6a959fd5c1ad3da
          • Instruction Fuzzy Hash: 6911D674E0020DDBCB04DFA4D9459AEB7B5BF44304F5082A9EA15B7391EB359E01DF91
          Function 00F10020 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-0
          • Opcode ID: 4bf88aa826dd00032cfcdf182ddfb84d632b1ef8ad059fcd0dd39ec09bd42dea
          • Instruction ID: bf197dfb97c80591b1762669312b93f551cc50520f5e7b4f2b80ae8afb7a14de
          • Opcode Fuzzy Hash: 4bf88aa826dd00032cfcdf182ddfb84d632b1ef8ad059fcd0dd39ec09bd42dea
          • Instruction Fuzzy Hash: 4F015B69D0024CEACF04EFE0D8126EEB375AF54300F1091A9D51577252EF754F84EB95
          Function 00F6D44A Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dd4fb9f68159f36943d4daaf80d09b15bef42becb401c056c05956bd2abed4ac
          • Instruction ID: 908c4c450a86a7175183f322e731c05c5b1ca30504b5cffa5e8c1ff458cfea6b
          • Opcode Fuzzy Hash: dd4fb9f68159f36943d4daaf80d09b15bef42becb401c056c05956bd2abed4ac
          • Instruction Fuzzy Hash: 3EF0F932E01A1457C6217A2ADC0576A36589F93334F248316F465931D1DF7CFD01B6A2
          Function 00F153E0 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F4A986: std::_Lockit::_Lockit.LIBCPMT ref: 00F4A9AF
            • Part of subcall function 00F4A986: std::_Lockit::~_Lockit.LIBCPMT ref: 00F4A9D7
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F15434
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Exception@8Lockit::_Lockit::~_Throw
          • String ID:
          • API String ID: 2653793986-0
          • Opcode ID: 72f68937252f40c7ebd1a453524ec6b979ced88eb409cdbec0a52b8c6736f43b
          • Instruction ID: 14b69989c2262bd6635ef2df737f9c62f4b65ff77e49a78fb7d25a74b1ccda8f
          • Opcode Fuzzy Hash: 72f68937252f40c7ebd1a453524ec6b979ced88eb409cdbec0a52b8c6736f43b
          • Instruction Fuzzy Hash: 36E06556D0052163C510B2A57C53BDF7A984ED1B61F498439FD0C96123FB29E689B1E3
          Function 00F7875B Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B1AA: HeapAlloc.KERNEL32(00000008,?,00000000,?,00F7B10A,00000001,00000364,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7B1EB
          • _free.LIBCMT ref: 00F7877B
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Heap$AllocErrorFreeLast_free
          • String ID:
          • API String ID: 3091179305-0
          • Opcode ID: 86f03641f06ac30353d5a4458b9ad7f368cb759560191a10060ef70fb7166eb2
          • Instruction ID: 1fdc2141dec83aced0467d2a9bfb07c699f989bae8e5e5b324c2a5f14d8b1652
          • Opcode Fuzzy Hash: 86f03641f06ac30353d5a4458b9ad7f368cb759560191a10060ef70fb7166eb2
          • Instruction Fuzzy Hash: 96F03CB5A41205AFD310EF68D842B5ABBF4EB48710F208167ED18D7341EB71AA118BD2
          Function 00F878CD Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free
          • String ID:
          • API String ID: 269201875-0
          • Opcode ID: 329ce3df4eef0b7397df4490b4f7364728a949e4a35911c298a13bba901cbc2b
          • Instruction ID: e6f3e24ba57bf5525fe9a3ec271a26af992bf92286979a7aee0dafdededf8697
          • Opcode Fuzzy Hash: 329ce3df4eef0b7397df4490b4f7364728a949e4a35911c298a13bba901cbc2b
          • Instruction Fuzzy Hash: 4DF03A33514109BBDF116E95DC02EDE3B6AEF89330F240156F92892060EB36CA21B7E1
          Function 00F7F17C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 657f7081dc8dccbf7173a3e83ed247978d2d1ae45cdb6d6702557270e0495559
          • Instruction ID: 0b89305f377d5741fa37f97d2139a77f4fadcfebc01cba7c5f2151a4633a41a8
          • Opcode Fuzzy Hash: 657f7081dc8dccbf7173a3e83ed247978d2d1ae45cdb6d6702557270e0495559
          • Instruction Fuzzy Hash: 43E0E532605611DAF7222761DC04B5B3649AB017B1FD58137EC8D960C0CBE8CC04B2E3
          Function 00F4B796 Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4C9DA
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: 421d11b6fe5e127ff4f078b065c8b3d3bff1f6e79ac00e43c8cb3501e8cb17a4
          • Instruction ID: f029903800137a0ea7546ccb1eb200b59255ed0bc34afcc0f83b63382270b4a9
          • Opcode Fuzzy Hash: 421d11b6fe5e127ff4f078b065c8b3d3bff1f6e79ac00e43c8cb3501e8cb17a4
          • Instruction Fuzzy Hash: 64E0D83580070EBA8B40BA65EC45DAC3F6C5F00770B204231FD18950E2EF74D655B5C1
          Function 00F8760C Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • CreateFileW.KERNELBASE(00000000,00000000,?,00F879E7,?,?,00000000,?,00F879E7,00000000,0000000C), ref: 00F87629
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 6c6741ba590a78029bfbcbfcd1101a43e8ea764bb8ae1712dfc1bc6fbb7754c3
          • Instruction ID: 5516451f0329301657c3328f0c5bf98cc8840078582244f37eaebfa7cbc7e54f
          • Opcode Fuzzy Hash: 6c6741ba590a78029bfbcbfcd1101a43e8ea764bb8ae1712dfc1bc6fbb7754c3
          • Instruction Fuzzy Hash: 44D06C3200010DBBDF028F84EC06EDA3BAAFB48714F014000BA1856020C732E861AB90

          Non-executed Functions

          Function 00F379C0 Relevance: 30.2, APIs: 4, Strings: 13, Instructions: 441COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F37A82
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: : missing required parameter '$BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Log2Base$Pad$PaddingByte$Separator$Terminator
          • API String ID: 2005118841-807858313
          • Opcode ID: c18279175b8f3cb82dc9146f8c6e4c8bee0225d7ca896aef5de9516ab17811ae
          • Instruction ID: c52c5dd84241baef999ece06697b240b41c05b4800d726d9eafd5f95d8e66d91
          • Opcode Fuzzy Hash: c18279175b8f3cb82dc9146f8c6e4c8bee0225d7ca896aef5de9516ab17811ae
          • Instruction Fuzzy Hash: CEE1D5B1A04209ABDF24EFA4CC45FDEBBF8FF44720F144159E415A7281DB74AA08DB91
          Function 00EF9C50 Relevance: 28.4, APIs: 8, Strings: 8, Instructions: 428fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EE2400: _WChar_traits.LIBCPMTD ref: 00EE244D
          • FindFirstFileW.KERNEL32(00000000,?), ref: 00EF9CD2
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EF9E02
          • FindNextFileW.KERNEL32(000000FF,?), ref: 00EFA3C3
          • FindClose.KERNEL32(000000FF), ref: 00EFA3D8
            • Part of subcall function 00EE1D10: char_traits.LIBCPMTD ref: 00EE1D4D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$File$Char_traitsCloseContainer_base12Container_base12::~_FirstNextchar_traitsstd::_
          • String ID: .mammn$C:\Documents and Settings$C:\System Volume Information$C:\Windows$Failed to find first file in directory: $READ.txt$RSADecryptKey$r+b
          • API String ID: 3440245238-3649217578
          • Opcode ID: b05f73e464d1b31203c54656ba68a1949808c1804ce55e029f19cc3745d61563
          • Instruction ID: 21b65dc85a40bc4424486495ad74faf5ad06dd0563e9819acf97e84b4fd01b7c
          • Opcode Fuzzy Hash: b05f73e464d1b31203c54656ba68a1949808c1804ce55e029f19cc3745d61563
          • Instruction Fuzzy Hash: DE1257B1D0525C9BCB25EB64CC45BEDBBB8AB04300F5091E9E109B7292EB705F84DF52
          Function 00F3A080 Relevance: 27.0, APIs: 6, Strings: 9, Instructions: 738COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F3A316
          Strings
          • doesn't match the required length of , xrefs: 00F3A2C2
          • TF_SignerBase: this algorithm does not support message recovery or the key is too short, xrefs: 00F3A739
          • : this key is too short to encrypt any messages, xrefs: 00F3A50D
          • : ciphertext length of , xrefs: 00F3A2A0
          • exceeds the maximum of , xrefs: 00F3A5B2
          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 00F3A767
          • for this public key, xrefs: 00F3A5D4
          • : message length of , xrefs: 00F3A590
          • for this key, xrefs: 00F3A2E4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: doesn't match the required length of $ exceeds the maximum of $ for this key$ for this public key$: ciphertext length of $: message length of $: this key is too short to encrypt any messages$TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support message recovery or the key is too short
          • API String ID: 2005118841-3686900216
          • Opcode ID: 71a054193343a098ec2b8e65b2b673034c6056787304345bc4418d099d3d36bc
          • Instruction ID: c45a44d41f5b44937396f4924bd5a0c38d401d6269cd06969909a02c60978ec2
          • Opcode Fuzzy Hash: 71a054193343a098ec2b8e65b2b673034c6056787304345bc4418d099d3d36bc
          • Instruction Fuzzy Hash: 8B529E75A00249EFDF14DFA4C885BEEBBB9FF48310F148169F905A7251DB34AA04DBA1
          Function 00EFC5B0 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 432filestringCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EE2400: _WChar_traits.LIBCPMTD ref: 00EE244D
          • FindFirstFileW.KERNEL32(00000000,?), ref: 00EFC63C
          • lstrcmpW.KERNEL32(?,00F97CB8), ref: 00EFCC3D
          • lstrcmpW.KERNEL32(?,00F97CBC), ref: 00EFCC53
          • FindNextFileW.KERNEL32(000000FF,?), ref: 00EFCC77
          • FindClose.KERNEL32(000000FF), ref: 00EFCC8C
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EFCD63
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$Filelstrcmp$Char_traitsCloseContainer_base12Container_base12::~_FirstNextstd::_
          • String ID: .mammn$.v2$C:\Documents and Settings$C:\System Volume Information$C:\Windows$C:\Windows$r+b
          • API String ID: 1709313857-3543874439
          • Opcode ID: ca046b36ff62ef8c442c08a3adb9220e0590e269105e8b6ae87295526d746a91
          • Instruction ID: 9ad8d5687c00b5ad073873d2f7264e32509a1a4e0dface395192b84a883d4b89
          • Opcode Fuzzy Hash: ca046b36ff62ef8c442c08a3adb9220e0590e269105e8b6ae87295526d746a91
          • Instruction Fuzzy Hash: EB125871D0429C9BCB25EB64CD95BEDBBB8AB45300F2091D9E109B7282DB705F84DF52
          Function 00EFCE60 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 437fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EE2400: _WChar_traits.LIBCPMTD ref: 00EE244D
          • FindFirstFileW.KERNEL32(00000000,?), ref: 00EFCEEC
          • operator!=.LIBCPMTD ref: 00EFD245
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EFD451
          • FindNextFileW.KERNEL32(000000FF,?), ref: 00EFD511
          • FindClose.KERNEL32(000000FF), ref: 00EFD526
          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00EFD569
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EFD618
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$Container_base12Container_base12::~_Filestd::_$Affinity::operator!=Char_traitsCloseConcurrency::details::FirstHardwareNextoperator!=
          • String ID: .mammn$.v2$C:\Windows$C:\Windows$r+b
          • API String ID: 3122537284-2568219276
          • Opcode ID: ff17a5436ca172e9afcfe8dfb0b39e4b308630e3f74c4c1560fe453bf51677c5
          • Instruction ID: 0cec2002deed4b2e5c4461e8459e7fab7b624859f2fda299a9b7ce07bcd4f77b
          • Opcode Fuzzy Hash: ff17a5436ca172e9afcfe8dfb0b39e4b308630e3f74c4c1560fe453bf51677c5
          • Instruction Fuzzy Hash: 93126670C0525C9BDB25EBA4CD55BEEBBB9AB44304F1081E9E109B7282DB705F88DF91
          Function 00F08240 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 326fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F01EE0: _WChar_traits.LIBCPMTD ref: 00F01F23
            • Part of subcall function 00EE2400: _WChar_traits.LIBCPMTD ref: 00EE244D
          • FindFirstFileW.KERNEL32(00000000,?,?,?,0000000C), ref: 00F083D5
          • FindNextFileW.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,0000000C), ref: 00F08637
          • FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?,?,0000000C), ref: 00F0864C
          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00F0868F
          Strings
          • \READ.txt, xrefs: 00F0854D
          • your Case id:, xrefs: 00F08308
          • Greetings,Your files have been encrypted, and your sensitive data has been exfiltrated. To unlock your files and prevent the rel, xrefs: 00F0827D
          • our Telegram. try to contact telegram for faster response:, xrefs: 00F082A7
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$Char_traitsFile$Affinity::operator!=CloseConcurrency::details::FirstHardwareNext
          • String ID: our Telegram. try to contact telegram for faster response:$your Case id:$Greetings,Your files have been encrypted, and your sensitive data has been exfiltrated. To unlock your files and prevent the rel$\READ.txt
          • API String ID: 2876803620-2489481340
          • Opcode ID: 0078befce5125850950598566ac18290c887d1e26307130d29aaa4dd0eab99a4
          • Instruction ID: 7aa8a8f39c4faa4f1a64a30dafa8d87f80c76ef36b83e78f404c1c8aa663df60
          • Opcode Fuzzy Hash: 0078befce5125850950598566ac18290c887d1e26307130d29aaa4dd0eab99a4
          • Instruction Fuzzy Hash: 47E14A71C0425CDBDB25DBA4CD41BEEBBB8AB54304F1081E9E149B7282EB745B48EF91
          Function 00F46970 Relevance: 15.3, Strings: 12, Instructions: 257COMMONLIBRARYCODE
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: Auth$Cent$Genu$Hygo$auls$aurH$cAMD$enti$ineI$nGen$ntel$uine
          • API String ID: 0-2607262942
          • Opcode ID: 8b5adfa9de69f1c4df547c032743b1a73503e2c50c8c5c747556120f27effa0f
          • Instruction ID: 2439f1ef6d17c9a594ac4a0082730f45ba443e191e2f79cda57cdde915ba1279
          • Opcode Fuzzy Hash: 8b5adfa9de69f1c4df547c032743b1a73503e2c50c8c5c747556120f27effa0f
          • Instruction Fuzzy Hash: 5491F676A087858BDB29CF1885827A6BFE0EB66314F04C91EDCD6D3351C329D944EB43
          Function 00F87F44 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __floor_pentium4
          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
          • API String ID: 4168288129-2761157908
          • Opcode ID: 8fdd2d2399ab21083bb4b991eb4444a4f7327e11924d44347b95104bc55641f3
          • Instruction ID: da3c4c4c164926c76c69886d5e8f022ba066b931035b157e3740a2edb27e3ed2
          • Opcode Fuzzy Hash: 8fdd2d2399ab21083bb4b991eb4444a4f7327e11924d44347b95104bc55641f3
          • Instruction Fuzzy Hash: 44C27F72E086298FDF25DE28DD447EAB3B5EB44354F5441EAD40DE7240EB78AE829F40
          Function 00F860A9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,00F863C8,?,00000000), ref: 00F86142
          • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,00F863C8,?,00000000), ref: 00F8616B
          • GetACP.KERNEL32(?,?,00F863C8,?,00000000), ref: 00F86180
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: InfoLocale
          • String ID: ACP$OCP
          • API String ID: 2299586839-711371036
          • Opcode ID: 8691fd70eaac40e07c525def6cf4afa8a99d444311ed3826be420e909e8321af
          • Instruction ID: a191b1393bc878f024f777e7d4da30e3d4f8807fd22fde359cee949d93e29b1f
          • Opcode Fuzzy Hash: 8691fd70eaac40e07c525def6cf4afa8a99d444311ed3826be420e909e8321af
          • Instruction Fuzzy Hash: 2F21CF62F04505A6DB35AF54CD08BD7B3A6EB40F74B568424E90ADB223EB32DD41E390
          Function 00F8627D Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B0B4
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0C1
          • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00F86389
          • IsValidCodePage.KERNEL32(00000000), ref: 00F863E4
          • IsValidLocale.KERNEL32(?,00000001), ref: 00F863F3
          • GetLocaleInfoW.KERNEL32(?,00001001,00F78D5B,00000040,?,00F78E7B,00000055,00000000,?,?,00000055,00000000), ref: 00F8643B
          • GetLocaleInfoW.KERNEL32(?,00001002,00F78DDB,00000040), ref: 00F8645A
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
          • String ID:
          • API String ID: 745075371-0
          • Opcode ID: 8bdd80adb4513dc22738cd3a7837271b8b04771ba2985a15b8208a4e8e6c1f75
          • Instruction ID: 723c09e01ca1c33640d41b67a521ae5eb8bebdeed9aaf6e9717c3242b546fa10
          • Opcode Fuzzy Hash: 8bdd80adb4513dc22738cd3a7837271b8b04771ba2985a15b8208a4e8e6c1f75
          • Instruction Fuzzy Hash: 72517072E00609ABEF10FFA5CC45BFE77B8AF05710F044469E915EB291EB749940AB61
          Function 00F33040 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 263encryptionCOMMON
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(00000010,F58088C3,7508FC30,?), ref: 00F33090
          • CryptReleaseContext.ADVAPI32(00000001,00000000,?,00000000,?,00F9DB08,00000002, operation failed with error ,0000001D,?,?,OS_Rng: ,00000008,?), ref: 00F333C0
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ContextCryptErrorLastRelease
          • String ID: operation failed with error $OS_Rng:
          • API String ID: 3299239745-700108173
          • Opcode ID: 8e8ca72311eb558d9c8d9669a5ee85b082f4bfdffc354229c52f078bb9a2e6c2
          • Instruction ID: 66c6abdc0517eff73c41955c37172d6fc530ff219fda69a74f43c99d0638fe00
          • Opcode Fuzzy Hash: 8e8ca72311eb558d9c8d9669a5ee85b082f4bfdffc354229c52f078bb9a2e6c2
          • Instruction Fuzzy Hash: 4CA1B471D00248CFEB14DF68CC89BADBBB1FF45314F148299E408AB292DB75AA84DB51
          Function 00F85932 Relevance: 6.3, APIs: 4, Instructions: 251COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F78D62,?,?,?,?,00F787AF,?,00000000), ref: 00F85A14
          • _wcschr.LIBVCRUNTIME ref: 00F85AA4
          • _wcschr.LIBVCRUNTIME ref: 00F85AB2
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00F78D62,00000000,00F78E82), ref: 00F85B64
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
          • String ID:
          • API String ID: 4212172061-0
          • Opcode ID: f8752e4a1fe18d9da9327b35c4e8a2754fd2eda3918bf30ec01bbf918563e2c7
          • Instruction ID: 5786d1e7d1304b0b38666d89ce28b0c6644a15ba336f462ae57427b0a9be0515
          • Opcode Fuzzy Hash: f8752e4a1fe18d9da9327b35c4e8a2754fd2eda3918bf30ec01bbf918563e2c7
          • Instruction Fuzzy Hash: 1A61DC71A00B06ABD724BB74CC86FE773A8EF04B20F14456AF909D7181EB78D941A761
          Function 00F396F0 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 628COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F39E2D
          Strings
          • : block size of underlying block cipher is not 16, xrefs: 00F39DFE
          • TableSize, xrefs: 00F39788
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: : block size of underlying block cipher is not 16$TableSize
          • API String ID: 2005118841-2295039505
          • Opcode ID: 647b9418ea18c7b2cc57989be6bd4310baf1ea6292f1aaaea5ac2f1c21146270
          • Instruction ID: be21457857db294bec1e37a75b1a424aeb38caad89a2661cd15459fa1e06ebfe
          • Opcode Fuzzy Hash: 647b9418ea18c7b2cc57989be6bd4310baf1ea6292f1aaaea5ac2f1c21146270
          • Instruction Fuzzy Hash: 504234B1D042198FDB24CF69C845B9DFBB5BF88314F25826ED419A7352DBB0A981DF80
          Function 00F33410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47encryptionCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F334A0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00F3352A
          • CryptGenRandom.ADVAPI32(00000000,?,?,F58088C3), ref: 00F3344A
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F33499
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Crypt$ContextException@8RandomReleaseThrow
          • String ID: CryptGenRandom
          • API String ID: 1047471967-3616286655
          • Opcode ID: 8054fba83e896d1ad70dd60e8f087df1f7dd1c688c156e0329baa988e6861542
          • Instruction ID: 18ff83564ca869cc13272fa6171c7fff60e476bd2bdb87f5a717ce33bfbd9ad8
          • Opcode Fuzzy Hash: 8054fba83e896d1ad70dd60e8f087df1f7dd1c688c156e0329baa988e6861542
          • Instruction Fuzzy Hash: A101407190424CEFCB15EF95CC42FDEBBB8FB04720F40456AA811B7691DB78AA08DB91
          Function 00F3AC00 Relevance: 4.9, APIs: 3, Instructions: 427COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F3ACCD
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: cfe6f8930eafb3074f738d5156c2b7f5242ca599021f0430d215063adc571712
          • Instruction ID: a14d7bccd3e0edf447fe016a89051c6df85c014544eb5b3fa070e790c020be79
          • Opcode Fuzzy Hash: cfe6f8930eafb3074f738d5156c2b7f5242ca599021f0430d215063adc571712
          • Instruction Fuzzy Hash: 38F16675A00209AFCB04DF69C885AAEBBF5FF88310F044569F919A7351DB35ED04DBA2
          Function 00F85D30 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B0B4
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0C1
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F85D84
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F85DD5
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F85E95
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorInfoLastLocale$_free$_abort
          • String ID:
          • API String ID: 2829624132-0
          • Opcode ID: ac65748a48e215f1dee1b48bccdac6c821f0201ca7ed36e9fd28ddbb063dade9
          • Instruction ID: 9ecfc4aea93a22b9a2de3407ef1c3b36cc801edbfd9d2b7d380e98ccd411077f
          • Opcode Fuzzy Hash: ac65748a48e215f1dee1b48bccdac6c821f0201ca7ed36e9fd28ddbb063dade9
          • Instruction Fuzzy Hash: 6761A171914A079BDB28AF24CC86BFA77E8FF04B10F1440A9ED06C6585F778EA51EB50
          Function 00F6C6AF Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F6C7A7
          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F6C7B1
          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F6C7BE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionFilterUnhandled$DebuggerPresent
          • String ID:
          • API String ID: 3906539128-0
          • Opcode ID: a0032180fe6b305f8acf3531a129a81a872a9abcac67def340b94ad5778fed5e
          • Instruction ID: b70b60a5d04ffaaa0bf2d6646ec1f7878e33fea9775a12083f03d2f0bd825501
          • Opcode Fuzzy Hash: a0032180fe6b305f8acf3531a129a81a872a9abcac67def340b94ad5778fed5e
          • Instruction Fuzzy Hash: 4231C47490121CABCB21DF64DC89B9CBBB4AF18710F5042DAE84CA7250E7349B859F85
          Function 00F77781 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetCurrentProcess.KERNEL32(00000000,?,00F77757,00000000,00FC15D0,0000000C,00F778AE,00000000,00000002,00000000), ref: 00F777A2
          • TerminateProcess.KERNEL32(00000000,?,00F77757,00000000,00FC15D0,0000000C,00F778AE,00000000,00000002,00000000), ref: 00F777A9
          • ExitProcess.KERNEL32 ref: 00F777BB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Process$CurrentExitTerminate
          • String ID:
          • API String ID: 1703294689-0
          • Opcode ID: d1ecd2197be65e62bf62ae69212694003aad530267a889b8733c95f12c7b2889
          • Instruction ID: ce45e4a7b10220145666fa8fa9b24bf191ead0f7f0bb3f1fc08bbf17f7503969
          • Opcode Fuzzy Hash: d1ecd2197be65e62bf62ae69212694003aad530267a889b8733c95f12c7b2889
          • Instruction Fuzzy Hash: B4E0B631524608AFDF127F64DD49E483B6AEF40791F518027F9098A132CB39ED82EB82
          Function 00F36B50 Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 717COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F372B1
          Strings
          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 00F37288
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: PK_MessageAccumulator: TruncatedFinal() should not be called
          • API String ID: 2005118841-4199916868
          • Opcode ID: 6384b068f37f06eef49df42916394cd2df7b7202a1bff20c2cee9134a8ae9a53
          • Instruction ID: d7cd5aef82d8b35bfa7afe593664a6ffafdaa655e500cb35abc22a4bacd8299b
          • Opcode Fuzzy Hash: 6384b068f37f06eef49df42916394cd2df7b7202a1bff20c2cee9134a8ae9a53
          • Instruction Fuzzy Hash: 2042BD71A002489FCB14DF68C984BAEBBF5BF98320F154159F846AB352DB34ED44DB91
          Function 00F35EA0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 529COMMON
          Download Yara Rule
          Strings
          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 00F36418
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: PK_MessageAccumulator: DigestSize() should not be called
          • API String ID: 0-977735494
          • Opcode ID: 08c94ae76799c4865a620fbd180d8f4d9289b913d75968f585464a4e7d7c521e
          • Instruction ID: ce1492cdd41b8d11779fa9c03dc5c65db5196f63614ba1cdc6aec1a719753bd4
          • Opcode Fuzzy Hash: 08c94ae76799c4865a620fbd180d8f4d9289b913d75968f585464a4e7d7c521e
          • Instruction Fuzzy Hash: 91123871E00219DFCF14DF98C990AEEBBB5FF98320F158129E806AB355DB34A945DB90
          Function 00F82D68 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: .
          • API String ID: 0-248832578
          • Opcode ID: 3c07cabdf53b9a53cedcf33111756d910bafef0ca6ef1670b9780434c2b3ffdc
          • Instruction ID: cf0fba64fc547d22ebbbf64ff143e3ca190bba0cb1139bf4a36070215a9b64a7
          • Opcode Fuzzy Hash: 3c07cabdf53b9a53cedcf33111756d910bafef0ca6ef1670b9780434c2b3ffdc
          • Instruction Fuzzy Hash: FF310572D002096FCB64AE78CC84EFB7BBDEB85314F0401A8F859D7251E630AE45EB50
          Function 00F7CDEF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00F787AF,?,00000000), ref: 00F7CE42
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: InfoLocale
          • String ID: GetLocaleInfoEx
          • API String ID: 2299586839-2904428671
          • Opcode ID: e065740ba3336c622deca3732929b95e57bc45e9c3e4951b7f4c25e2dd8b0df6
          • Instruction ID: 98f94d6bd8e82e2814ae1c57e2b0a8d5de01a96fae35eeaeb11aab831be4c122
          • Opcode Fuzzy Hash: e065740ba3336c622deca3732929b95e57bc45e9c3e4951b7f4c25e2dd8b0df6
          • Instruction Fuzzy Hash: BFF0F631A4021CBBCB115F61DC02F6E7F21EF44B50F04405AFC099A190CB71DA10B7D2
          Function 00F7CE59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30timeCOMMON
          Download Yara Rule
          APIs
          • GetSystemTimeAsFileTime.KERNEL32(00000000,00F73786), ref: 00F7CE98
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Time$FileSystem
          • String ID: GetSystemTimePreciseAsFileTime
          • API String ID: 2086374402-595813830
          • Opcode ID: 284e4499a353a518ea52dd39c9b269b2dfdbf7e216f5c331710c56da6a96eadb
          • Instruction ID: 0a8be752fb19cf6a9cfb9787b469341df81f7e437377531e4dbcca89d08eea0d
          • Opcode Fuzzy Hash: 284e4499a353a518ea52dd39c9b269b2dfdbf7e216f5c331710c56da6a96eadb
          • Instruction Fuzzy Hash: 9DE0E572A05218AB86216B259C07E7EBF60DB45F90B44409BFD0997291DE30DE10B7E7
          Function 00F72B60 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 847b9a98673826b77d559fe2e21b56f8e461c893bb1a179e5809b0ec17b5c86b
          • Instruction ID: b96ae493be11d6cd288c8e3bf66677c2a5cbdb4b95565d04927a875c8481141c
          • Opcode Fuzzy Hash: 847b9a98673826b77d559fe2e21b56f8e461c893bb1a179e5809b0ec17b5c86b
          • Instruction Fuzzy Hash: 23023D71E001199BDF54CFA9C8806ADF7F1FF88324F25816AD919E7384D731AA41DB91
          Function 00F79C63 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F79C5E,?,?,00000008,?,?,00F89CE1,00000000), ref: 00F79E90
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionRaise
          • String ID:
          • API String ID: 3997070919-0
          • Opcode ID: 1355cfc438b5ecbcb1ea34a518fa0f9674fb391102504b9994b790ddcf702fc9
          • Instruction ID: b1c187de064c134d3400f145167a471f015da069ce05cd44b35933aaf001717d
          • Opcode Fuzzy Hash: 1355cfc438b5ecbcb1ea34a518fa0f9674fb391102504b9994b790ddcf702fc9
          • Instruction Fuzzy Hash: 81B138325146098FDB25CF28C48ABA47BA0FF45364F25C65AE899CF2A1C375D982DB41
          Function 00F85F80 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B0B4
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0C1
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F85FD4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$_free$InfoLocale_abort
          • String ID:
          • API String ID: 1663032902-0
          • Opcode ID: 3f46fbd8a72b7e0d2ac4f1425a0e53842bd301bf4919bed6a1792770e9550daf
          • Instruction ID: f40be8785f9c155051085fbe4f03b1fa0e31b1a8d78f742b3f173ac7caaba128
          • Opcode Fuzzy Hash: 3f46fbd8a72b7e0d2ac4f1425a0e53842bd301bf4919bed6a1792770e9550daf
          • Instruction Fuzzy Hash: 3F21BE3290020AABDB29AB24DD46BFA77ACEF14325F10406AFD05D6181EB38ED40EB55
          Function 00F85C04 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • EnumSystemLocalesW.KERNEL32(00F85D30,00000001,00000000,?,00F78D5B,?,00F8635D,00000000,?,?,?), ref: 00F85C76
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$EnumLocalesSystem_abort_free
          • String ID:
          • API String ID: 1084509184-0
          • Opcode ID: f355b18530d88c9f029558fcee5f7a3433f1f7ae490f41fd4798ac1dad49e7dc
          • Instruction ID: e30cee1f783f2fafed1659bf7f361260df84f552c61ed77ba92abbb215aae55d
          • Opcode Fuzzy Hash: f355b18530d88c9f029558fcee5f7a3433f1f7ae490f41fd4798ac1dad49e7dc
          • Instruction Fuzzy Hash: 03114C37604B055FDB18AF38C8916FABB91FF80768B54442DE94787A40D371B943DB40
          Function 00F861B0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F85F4E,00000000,00000000,?), ref: 00F861DC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$InfoLocale_abort_free
          • String ID:
          • API String ID: 2692324296-0
          • Opcode ID: 2a90c3586abc0b6b4494553f4dd8ecf88bc29b5751000c002cc2869e083409d2
          • Instruction ID: c16a38d285d8f964f45e5445621ca39f9399e8ba7edac4e18a302d37f4142b1b
          • Opcode Fuzzy Hash: 2a90c3586abc0b6b4494553f4dd8ecf88bc29b5751000c002cc2869e083409d2
          • Instruction Fuzzy Hash: 4DF0F432A48516BBDF286A658C09BFB7768EB40B28F154469ED09E3141EA74FE01E7D0
          Function 00F85C9F Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • EnumSystemLocalesW.KERNEL32(00F85F80,00000001,00000000,?,00F78D5B,?,00F86321,00F78D5B,?,?,?,?,?,00F78D5B,?,?), ref: 00F85CEB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$EnumLocalesSystem_abort_free
          • String ID:
          • API String ID: 1084509184-0
          • Opcode ID: 556b262ef174dab7135aa4c89103feec7009f52ba4461c4831b1082cdedb25e1
          • Instruction ID: 4cbb5b2efd5e778a2ec92826637a75e7457589532897f02739a8956c2b68bbb8
          • Opcode Fuzzy Hash: 556b262ef174dab7135aa4c89103feec7009f52ba4461c4831b1082cdedb25e1
          • Instruction Fuzzy Hash: 8FF02236300B041FDB146F39CC81BAA7B95EF81B68B44802DF9068B640D6B1DC02AB40
          Function 00F7C906 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F750C1: EnterCriticalSection.KERNEL32(?,?,00F77EFA,?,00FC15F8,0000000C), ref: 00F750D0
          • EnumSystemLocalesW.KERNEL32(00F7C8C0,00000001,00FC1778,0000000C), ref: 00F7C93E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CriticalEnterEnumLocalesSectionSystem
          • String ID:
          • API String ID: 1272433827-0
          • Opcode ID: e3db1095337f9b82afb54991d86cb4146f41f0ed03f7322f0fc8400029c0798b
          • Instruction ID: 288792b8a1bfd02507be2eae0509a142dd7456d4f31dde49fc1d248291e35272
          • Opcode Fuzzy Hash: e3db1095337f9b82afb54991d86cb4146f41f0ed03f7322f0fc8400029c0798b
          • Instruction Fuzzy Hash: 2AF03C72A106049FD710EF68DD47F997BF0BB05750F00815AF814DB2A2CB788A45BB82
          Function 00F85BB9 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • EnumSystemLocalesW.KERNEL32(00F85B10,00000001,00000000,?,?,00F8637F,00F78D5B,?,?,?,?,?,00F78D5B,?,?,?), ref: 00F85BF0
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$EnumLocalesSystem_abort_free
          • String ID:
          • API String ID: 1084509184-0
          • Opcode ID: 68b72e6fcf78e50873bde6b70b662c8d06f73e821a86c69743cb3a0933a22511
          • Instruction ID: 6ca1c2025e1bacf91e517d35c020983f398ea0b3eca885ec29442437f9e707bf
          • Opcode Fuzzy Hash: 68b72e6fcf78e50873bde6b70b662c8d06f73e821a86c69743cb3a0933a22511
          • Instruction Fuzzy Hash: 00F0553630030857CB05AF35C805BAB7F90EFC2B60B864059EA098B250C6319842E790
          Function 00F333D0 Relevance: 1.5, APIs: 1, Instructions: 18encryptionCOMMON
          Download Yara Rule
          APIs
          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00F333E3
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ContextCryptRelease
          • String ID:
          • API String ID: 829835001-0
          • Opcode ID: fb856cebe6d47eaae91c3f7558475d61bec1d3bcc1c3b35378aaffdbc928762e
          • Instruction ID: b6d15d4721ffeefbe0bf8f89b2c256d4b38b1766a23896e528a23c64286d20b6
          • Opcode Fuzzy Hash: fb856cebe6d47eaae91c3f7558475d61bec1d3bcc1c3b35378aaffdbc928762e
          • Instruction Fuzzy Hash: 92D02E72B0831113D3208B28AC89B4A7AC89F01B21F44881DB884E3281CBB8C844D3A0
          Function 00F948A0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
          Download Yara Rule
          APIs
          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00F948B4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ContextCryptRelease
          • String ID:
          • API String ID: 829835001-0
          • Opcode ID: 226d059cb8efef63a18a7b29223cf0c502a8f1560c171d42e6bb96f7bdc41e62
          • Instruction ID: 0a080ab6d62b61840e228da3abe89f1e9504f19fb1bd48dd86ee2ae34c2309a8
          • Opcode Fuzzy Hash: 226d059cb8efef63a18a7b29223cf0c502a8f1560c171d42e6bb96f7bdc41e62
          • Instruction Fuzzy Hash: A7D05E72E0122457EB305F14BD4AF4637986F10B15F040408E900AB190C7B8AC05ABD9
          Function 00F4CB52 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
          Download Yara Rule
          APIs
          • SetUnhandledExceptionFilter.KERNEL32(Function_0006CB60,00F4C075), ref: 00F4CB57
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionFilterUnhandled
          • String ID:
          • API String ID: 3192549508-0
          • Opcode ID: c26076bfba89063a80a8da36d16c14a24647c946c3f9715c2cacfa084b947d32
          • Instruction ID: 659eb9a94a7a675063a3be88901b3eff89630976c568de38ce6750a42ad8fd70
          • Opcode Fuzzy Hash: c26076bfba89063a80a8da36d16c14a24647c946c3f9715c2cacfa084b947d32
          • Instruction Fuzzy Hash:
          Function 00F6F041 Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODE
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 449ce9ef20334d625e26d90c78c87a4c5f2a974813b8bd9257bc816e2bcf5013
          • Instruction ID: bf00011dfa4a3c2fa073365e8ae287ecaaac61176fa7108bb88556280b5ba2c1
          • Opcode Fuzzy Hash: 449ce9ef20334d625e26d90c78c87a4c5f2a974813b8bd9257bc816e2bcf5013
          • Instruction Fuzzy Hash: 7B517962E04645A7DF388A78F9567BF33D59B173A0F18043AD882C7283D609DD4DB392
          Function 00F46D00 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: daa1f35d984bcc30538ff2f04cd7e1155a5a41c40c4272343451ae44f8527725
          • Instruction ID: 6e9a7910d28b8df4b3d75ee404c6e8ddc63a6785d19aa45bc19b4306d27008b4
          • Opcode Fuzzy Hash: daa1f35d984bcc30538ff2f04cd7e1155a5a41c40c4272343451ae44f8527725
          • Instruction Fuzzy Hash: 5191753190C7858BE716CF2CC5017EAB7E1AFD9318F189718FDC866251F731AA859742
          Function 00F83CF0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: HeapProcess
          • String ID:
          • API String ID: 54951025-0
          • Opcode ID: 68c85ec3ed84e8b58e246e0b0a7caf10e8f9641c64a98ef3349f9817e7fc51bf
          • Instruction ID: d67bb06b887adfca2771cf7f93057dd477d56e1b1dfce40a3c9208269f250ad2
          • Opcode Fuzzy Hash: 68c85ec3ed84e8b58e246e0b0a7caf10e8f9641c64a98ef3349f9817e7fc51bf
          • Instruction Fuzzy Hash: E8A012302001058F43004F307B0560935D866045803404015A009C6020D7244010A740
          Function 00F2D440 Relevance: .7, Instructions: 747COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4514b6f59003d5f28bdb49d91739c27234b8c4444f88b811c9251ad225875717
          • Instruction ID: 4132e42d902c597504c048133d787d977ba3fa2594828267cb4eb46f8b0ed3b4
          • Opcode Fuzzy Hash: 4514b6f59003d5f28bdb49d91739c27234b8c4444f88b811c9251ad225875717
          • Instruction Fuzzy Hash: 0372E474D1425C9FCB08CFA8E5A2AEDBBF1EB4D310F14405AE552BB391CA35A941DF60
          Function 00F737B0 Relevance: .7, Instructions: 651COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 89f48a2ecc37a1a55422dd6b2cf74bfa73202a51e44869468a06e3d6de9433ff
          • Instruction ID: 8553ca3dbad714c2ff93c59f6c4a9854798c99d21d22bfc26c4c0d13fde2b6a6
          • Opcode Fuzzy Hash: 89f48a2ecc37a1a55422dd6b2cf74bfa73202a51e44869468a06e3d6de9433ff
          • Instruction Fuzzy Hash: 72323762D68F054DD7239638CC22335A299AFB33D4F54D737F81AB4AA6EB29C5C36101
          Function 00F817B9 Relevance: .6, Instructions: 637COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6435e2ef1567dce011b3346103f189082fb5e07727ee6ac46861fffda721387e
          • Instruction ID: ab69a87b2e2412298f1b7250941497d550c5f391c881c998d062ebba9937da52
          • Opcode Fuzzy Hash: 6435e2ef1567dce011b3346103f189082fb5e07727ee6ac46861fffda721387e
          • Instruction Fuzzy Hash: 9C323762E29F054DD723A634CC22376A68CBFB73D4F15C727F815B59A6EB28C4836200
          Function 00F38525 Relevance: .5, Instructions: 541COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 54d582474d3703aa2b9cb095a5ffb3f188a50b9b9ae1b9387da8497778bac5be
          • Instruction ID: 88fb55ea986fc835fcd9723d9f618bf0c8d444ed2d064697bbd09a8f916d39c2
          • Opcode Fuzzy Hash: 54d582474d3703aa2b9cb095a5ffb3f188a50b9b9ae1b9387da8497778bac5be
          • Instruction Fuzzy Hash: 8252BF76D106199FDB14CFA8C981AAEB7F1FF4C314F5681A9D919AB302C634BA41CF90
          Function 00F1C740 Relevance: .5, Instructions: 529COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 600ffe6a644816df3f5b02fd1a0af55f0563e47301b2f226d4218cd1730eeb6c
          • Instruction ID: 6bf68527db4d92c953d1dbb3a6e8a6d636313c7f27d7ad77dc6105d470db131a
          • Opcode Fuzzy Hash: 600ffe6a644816df3f5b02fd1a0af55f0563e47301b2f226d4218cd1730eeb6c
          • Instruction Fuzzy Hash: 6E12FA717042118FDB48CF1DDCA574AB7E2EFC4318F0E8178A8498BB62D639DC958B86
          Function 00F1D860 Relevance: .5, Instructions: 525COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 08110c0e09ea0961ead174aee1735f221b7c8e19c526074062730efb4543f886
          • Instruction ID: d417ab0b73d6ef2c1b0c551f4cbd6317121ea9b5ab46a7bcefbc90127a067a95
          • Opcode Fuzzy Hash: 08110c0e09ea0961ead174aee1735f221b7c8e19c526074062730efb4543f886
          • Instruction Fuzzy Hash: 7F1249727083158BC708CE5DDC91759B7E2BBC8314F09453DA84ADB791EBB8ED498B82
          Function 00F2DD89 Relevance: .4, Instructions: 401COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fd5f119977bc71ebcdbc08e75bbf4eb60e19b83601550ccc189e511a475c391f
          • Instruction ID: 15d7da2b6b9ec63f29151b96fb9ed27d02ea80b57cbdc093ee319b527e9e705c
          • Opcode Fuzzy Hash: fd5f119977bc71ebcdbc08e75bbf4eb60e19b83601550ccc189e511a475c391f
          • Instruction Fuzzy Hash: C202A03280A2B49FDB92EF5EE8405AB73F4FF90355F43892ADD8163241D335EA099794
          Function 00F2E85B Relevance: .3, Instructions: 266COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be9403ea74edeab3d3633ed4694c560389695e4a38bf7a31a15e2d782f7856f0
          • Instruction ID: 4f2c54557ebe139612735deb9588496453a958627bc88da7294efa82c395de22
          • Opcode Fuzzy Hash: be9403ea74edeab3d3633ed4694c560389695e4a38bf7a31a15e2d782f7856f0
          • Instruction Fuzzy Hash: 95E11378A100588BC708CF58E5F49BDB7F1FB48315B25418DD486AB392C239AEA5FF60
          Function 00F46690 Relevance: .3, Instructions: 262COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e7aac278608e2e620d68b5247990a14ae7ca2f535a2a58af7a3a15ef63a66d3e
          • Instruction ID: f1dabbd71dc0d0ae5d86071c02076db3316227c9ec95f8c863aaf5a8a935be4f
          • Opcode Fuzzy Hash: e7aac278608e2e620d68b5247990a14ae7ca2f535a2a58af7a3a15ef63a66d3e
          • Instruction Fuzzy Hash: 2581E476B0421A8BD714CF1CC88066A7BA1EFC6354F59863DED46CB345EA30ED09E792
          Function 00F63E43 Relevance: .3, Instructions: 254COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
          • Instruction ID: aad3b8e0a7d56c0c60adde2f33ccae75f2b8f55ecb01bc18cc40f642e230f4e3
          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
          • Instruction Fuzzy Hash: F7918473A090A349DB2D423A853413EFFF15A523B171A079EE4F2CB1D5EE25D668F620
          Function 00F640FE Relevance: .2, Instructions: 244COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
          • Instruction ID: e4421f11b6e74527a3b94ba061655ee112911b427ec61b0747a9d849ab67cc1b
          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
          • Instruction Fuzzy Hash: 449184735080E34ADB2A567A847403EFFE15A533B131A079DE4F2CB1D1EE14AA64F620
          Function 00F63B7C Relevance: .2, Instructions: 240COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
          • Instruction ID: 08aec583f301ce9b92f9e45177d4c84cc50a0c4941153065c85b8ab4acff6605
          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
          • Instruction Fuzzy Hash: F09152736080E34ADB2D4639857443EFFE19A923B131A079EE4F2CA1D5EE249764F620
          Function 00F638D2 Relevance: .2, Instructions: 232COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
          • Instruction ID: 3ce7f0ff0dd60df282e6833a995e5e6c73ff8ed720eaa21a529de9874b98e5ae
          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
          • Instruction Fuzzy Hash: A58163736090A309DB29867A857503EFFE25A923B131A079DD4F3CB1D5EE24D754FA20
          Function 00F2DFAD Relevance: .2, Instructions: 225COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
          • Instruction ID: 65e0106c358f0fe72088e6905481dff473ae2c7cac02e9d042c383b0edcc75d8
          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
          • Instruction Fuzzy Hash: 38A153324192B49FDB52EF6ED8400AB73A5EF94355F43892FDCC167281C235EA08A795
          Function 00F38C9F Relevance: .2, Instructions: 221COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b712166386aa8c67017c73479d5a6b6bd2e7c504b4333dc3fcd8a0828dd31965
          • Instruction ID: f963d90c2d01f3837f7b9967cfc3b0f82d8591d085be97a5fcf86d3093c39faa
          • Opcode Fuzzy Hash: b712166386aa8c67017c73479d5a6b6bd2e7c504b4333dc3fcd8a0828dd31965
          • Instruction Fuzzy Hash: 1CC17375900215DFDB28CF98C494ABAB7B1FF4C318F5A81BED90A6F746CA306941CB90
          Function 00F15650 Relevance: .2, Instructions: 205COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9334b3e7bc1a736629855850d90b8811e2b7170aef3660bb0d10393c6ae5cfae
          • Instruction ID: efaae857548368c49e952a58454d4f58fbbca2cece5ee0ff0290b14e4daeba63
          • Opcode Fuzzy Hash: 9334b3e7bc1a736629855850d90b8811e2b7170aef3660bb0d10393c6ae5cfae
          • Instruction Fuzzy Hash: 28918B31908789CBD710CF3CC5815AAF7E1BFD8358F549B1DE884A7252EB30AA899B41
          Function 00F15450 Relevance: .2, Instructions: 163COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 38f41b8eaa5fc1b97b17ffe434c3eafa812a18ee46505a336580da0a0c627981
          • Instruction ID: 2a4ff29d6bc1d242c62d98faea9f36e8494305f35a600e59f68ddca902463725
          • Opcode Fuzzy Hash: 38f41b8eaa5fc1b97b17ffe434c3eafa812a18ee46505a336580da0a0c627981
          • Instruction Fuzzy Hash: 63511932C197598BCB01DF3D9541189F7D2BFE5618F498B1AEC9437212E730B9C89791
          Function 00F2D097 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29b2fe6933637f894a9258c1e7d9c3dbcfb3fa006b45260a8c74cd50eb0c7182
          • Instruction ID: f69c1158c007cdcd592879000eecb2b6f90c18c8efd000f32a2451045a9991fb
          • Opcode Fuzzy Hash: 29b2fe6933637f894a9258c1e7d9c3dbcfb3fa006b45260a8c74cd50eb0c7182
          • Instruction Fuzzy Hash: 8B517372D1C4B810EB5D817E48723FDBEF29B85202F0E81FAD9A3A67D9C53953069B50
          Function 00F47B50 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f97c9e1be1921e5ccc1fc23a4ce16eea01a05cc2b30bcfb4e6ea31390b1c6659
          • Instruction ID: 055eeb0b32f89d0864e65b83ce306bf403a89500dcb110ce50e8fc99f195a978
          • Opcode Fuzzy Hash: f97c9e1be1921e5ccc1fc23a4ce16eea01a05cc2b30bcfb4e6ea31390b1c6659
          • Instruction Fuzzy Hash: A3619D55C18FDC46E6039B3D88422E6B7A0BFFA259F18D706FDA476132EB21B6C56310
          Function 00F2D0A4 Relevance: .1, Instructions: 147COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb5b0090faaf4947b7bf5da367f95305e7e9d47dca1f7b2460481acaa68c0d1f
          • Instruction ID: 5c37e21078391bf43ac1061e147e8722c9bf15fd75fedc64ad3d133bb365dea6
          • Opcode Fuzzy Hash: eb5b0090faaf4947b7bf5da367f95305e7e9d47dca1f7b2460481acaa68c0d1f
          • Instruction Fuzzy Hash: 47513171D1C4B814EB5D817E48B22FDBEF29B85202F0E81FAD9A3A67D9C53943069B50
          Function 00F39026 Relevance: .1, Instructions: 141COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 556c10a076d04ae1265a22236cff2f674a38ef0859a82f9873e5f24db588611f
          • Instruction ID: 4f92de6e4bbfb57fabf37fe4a2bd740e3ebce401ac3ad2d27988933abbe69d03
          • Opcode Fuzzy Hash: 556c10a076d04ae1265a22236cff2f674a38ef0859a82f9873e5f24db588611f
          • Instruction Fuzzy Hash: 18513552648F6991D72A0B3DD4912F3E3D1AFD530AF01C70EEDE565647E732E208B690
          Function 00F158F0 Relevance: .1, Instructions: 140COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 429268e0d945208024015d5d37289875e398da387f10c2fe598760821bc4320b
          • Instruction ID: cb94ce453dbb4afbab741eba02b6f1b3263b2d0645edfaca3841f49ea79f35b4
          • Opcode Fuzzy Hash: 429268e0d945208024015d5d37289875e398da387f10c2fe598760821bc4320b
          • Instruction Fuzzy Hash: A951F132D08B99CBD711CF3CC5866A9B7A1BFE9348F198759D8842B117EB30B6C99340
          Function 00F471A0 Relevance: .1, Instructions: 117COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00422a93a3115c3ec3753f81e67c82a40054737c9f29c4022a5a2a21f98ad80d
          • Instruction ID: dad72559a9ef46594af336634f41f58eebfb5cbaa8adb0418660f2b9bd012942
          • Opcode Fuzzy Hash: 00422a93a3115c3ec3753f81e67c82a40054737c9f29c4022a5a2a21f98ad80d
          • Instruction Fuzzy Hash: C1511375A087018FD365CF28D491A56B7F0BF9D314B148A2EE89AD7610E730F645CF91
          Function 00F47DF0 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b58a1f775608062c41c78c3328d8d818cf102bd1145a8f44475bb82ac7e761cb
          • Instruction ID: 2f20d28d705a66922cd6bd2ebe6a8450287d13d23aeccc2f23db321a3084f3ab
          • Opcode Fuzzy Hash: b58a1f775608062c41c78c3328d8d818cf102bd1145a8f44475bb82ac7e761cb
          • Instruction Fuzzy Hash: D54160CAC39F9D06E513A73548821C1E690AFFB4AD224E387FC7475672E712B5E52320
          Function 00F392B7 Relevance: .1, Instructions: 80COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29c9d7e43dfe805d176ee8a0da5108ee633dbb35ea7e4490e5854e383a146dea
          • Instruction ID: 5c559c23c3daccfcdd06f2303e277c52c94befd362a98d621b121a56d09ff10b
          • Opcode Fuzzy Hash: 29c9d7e43dfe805d176ee8a0da5108ee633dbb35ea7e4490e5854e383a146dea
          • Instruction Fuzzy Hash: F6314D67806F5991C717AB3D84072B3E3E2EFD4216F26C74DE9D662306FB35A348A210
          Function 00F65170 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
          • Instruction ID: e20eeb6b8d53f66c7ca2eb0bbcd8b7356e16fe3c4f6cc14936708ffccdf6b773
          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
          • Instruction Fuzzy Hash: E7112BB7A4198243D614863DC8B47BBA395EBC7B31F3D437AD052AB758D223A945B900
          Function 00EE15F0 Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __onexit
          • String ID:
          • API String ID: 1448380652-0
          • Opcode ID: 13f965cdc0bcbac755765876b480f2934b218d23c421f9c938d66ec82ded27b5
          • Instruction ID: fc69a7baad2797581c9d7e40e17a040e4d47e1c42ccab14cd7efa1a1a68b4608
          • Opcode Fuzzy Hash: 13f965cdc0bcbac755765876b480f2934b218d23c421f9c938d66ec82ded27b5
          • Instruction Fuzzy Hash: 0CF0E572A885889FD700DB84DE03F45FBA4E704B54F00826DE90587781DB3EA600A697
          Function 00EE1590 Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __onexit
          • String ID:
          • API String ID: 1448380652-0
          • Opcode ID: 0d716a9c0cc25a843bdc8e9cba2083313c5c022f41f5f95e023b8e31f6551d0d
          • Instruction ID: 4684e0b4f64e086a055f4b04c941f1e930113da3c12ddb76a748b203a56afdeb
          • Opcode Fuzzy Hash: 0d716a9c0cc25a843bdc8e9cba2083313c5c022f41f5f95e023b8e31f6551d0d
          • Instruction Fuzzy Hash: 68F0E572988648EBD700EF44DD03F59BBA4E704B54F00826DEC1A83781DB3DA600A797
          Function 00F692E8 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 155COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • UnDecorator::getBasicDataType.LIBVCRUNTIME ref: 00F6931F
          • DName::operator=.LIBVCRUNTIME ref: 00F69330
          • DName::operator+=.LIBCMT ref: 00F6933E
          • UnDecorator::getPtrRefType.LIBCMT ref: 00F69370
          • operator+.LIBVCRUNTIME ref: 00F69391
          • UnDecorator::getDataIndirectType.LIBVCRUNTIME ref: 00F693EE
          • UnDecorator::getBasicDataType.LIBVCRUNTIME ref: 00F693F7
          • UnDecorator::getPtrRefDataType.LIBVCRUNTIME ref: 00F6940F
          • UnDecorator::getFunctionIndirectType.LIBVCRUNTIME ref: 00F69422
          • UnDecorator::getScopedName.LIBVCRUNTIME ref: 00F6944B
          • operator+.LIBVCRUNTIME ref: 00F6946C
          • DName::DName.LIBVCRUNTIME ref: 00F6947E
          • DName::operator=.LIBVCRUNTIME ref: 00F694A9
          • DName::operator+=.LIBCMT ref: 00F694B7
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Decorator::get$Type$Data$BasicIndirectNameName::operator+=Name::operator=operator+$FunctionName::Scoped
          • String ID: std::nullptr_t$std::nullptr_t $volatile
          • API String ID: 2882286118-294867888
          • Opcode ID: 956ac58e244eb2da9e19f38651d78a2d1b7caf74b2443c3dfe7d4b4dd0b182ec
          • Instruction ID: ab692b1588cfa8866959c5276b34c5ca81dbbf6b240cd7fb492f2e5ebeae1cf4
          • Opcode Fuzzy Hash: 956ac58e244eb2da9e19f38651d78a2d1b7caf74b2443c3dfe7d4b4dd0b182ec
          • Instruction Fuzzy Hash: 9351A375808208EECB11DF68CD86DE97FBCEB41714F548155F40997262EBB6DA42FB40
          Function 00F4BA60 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
          Download Yara Rule
          APIs
          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00F4BA60
            • Part of subcall function 00F4BA87: InitializeCriticalSectionAndSpinCount.KERNEL32(00FCB794,00000FA0,F58088C3,?,?,?,?,00F8C8E0,000000FF), ref: 00F4BAB6
            • Part of subcall function 00F4BA87: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00F8C8E0,000000FF), ref: 00F4BAC1
            • Part of subcall function 00F4BA87: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00F8C8E0,000000FF), ref: 00F4BAD2
            • Part of subcall function 00F4BA87: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00F4BAE8
            • Part of subcall function 00F4BA87: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F4BAF6
            • Part of subcall function 00F4BA87: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F4BB04
            • Part of subcall function 00F4BA87: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F4BB2F
            • Part of subcall function 00F4BA87: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F4BB3A
          • ___scrt_fastfail.LIBCMT ref: 00F4BA81
            • Part of subcall function 00F4BA41: __onexit.LIBCMT ref: 00F4BA47
          Strings
          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F4BABC
          • InitializeConditionVariable, xrefs: 00F4BAE2
          • kernel32.dll, xrefs: 00F4BACD
          • SleepConditionVariableCS, xrefs: 00F4BAEE
          • WakeAllConditionVariable, xrefs: 00F4BAFC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
          • API String ID: 66158676-1714406822
          • Opcode ID: d12dc858e35a71977d16aaca0f1b5e8302f35dc43f3540350185beceea64d42c
          • Instruction ID: c80195e81beffe68b44ef7a6a5f468cdf8548a528da0d1ece28e727e5c587115
          • Opcode Fuzzy Hash: d12dc858e35a71977d16aaca0f1b5e8302f35dc43f3540350185beceea64d42c
          • Instruction Fuzzy Hash: 9D210132A4470AABC3116BB4AD17F5A7B98EF85F61F00052AFD0593295DF78C80077A5
          Function 00F75240 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$Info
          • String ID:
          • API String ID: 2509303402-0
          • Opcode ID: e7a7ad4b6c02acdec709e8312608ae28fedd5d6b44ac911610ae364b02d16a05
          • Instruction ID: d99377e69b2f3db66127dc9b420dbc4d684ddd99eb2921b1a0c81529631f7222
          • Opcode Fuzzy Hash: e7a7ad4b6c02acdec709e8312608ae28fedd5d6b44ac911610ae364b02d16a05
          • Instruction Fuzzy Hash: C8B1FE71D006059FDB21DF68C881BEEBBF5BF08704F04806EF499A7252D7B5A841EB61
          Function 00EF34A0 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 399COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: numpunct$_strcspnstd::ios_base::getlocstd::locale::~locale$ctypestd::ios_base::width
          • String ID: @
          • API String ID: 4041577309-2766056989
          • Opcode ID: 42ec44590f8b6bfca1a2f6dc3aac57c60cbf27c9f684802eb12753dc23461ccc
          • Instruction ID: 88d09c90ee482d832ae5515685922bdb02cc20f004324b790023f4382218656e
          • Opcode Fuzzy Hash: 42ec44590f8b6bfca1a2f6dc3aac57c60cbf27c9f684802eb12753dc23461ccc
          • Instruction Fuzzy Hash: 4F024BB190024C9FCB18DFA8C991BEEBBB5BF48304F14815DE519AB295DB34AE45CF90
          Function 00F84F11 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • ___free_lconv_mon.LIBCMT ref: 00F84F55
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F842AA
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F842BC
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F842CE
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F842E0
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F842F2
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F84304
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F84316
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F84328
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F8433A
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F8434C
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F8435E
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F84370
            • Part of subcall function 00F8428D: _free.LIBCMT ref: 00F84382
          • _free.LIBCMT ref: 00F84F4A
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F84F6C
          • _free.LIBCMT ref: 00F84F81
          • _free.LIBCMT ref: 00F84F8C
          • _free.LIBCMT ref: 00F84FAE
          • _free.LIBCMT ref: 00F84FC1
          • _free.LIBCMT ref: 00F84FCF
          • _free.LIBCMT ref: 00F84FDA
          • _free.LIBCMT ref: 00F85012
          • _free.LIBCMT ref: 00F85019
          • _free.LIBCMT ref: 00F85036
          • _free.LIBCMT ref: 00F8504E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
          • String ID:
          • API String ID: 161543041-0
          • Opcode ID: b45f2d46e7cb9c167aa42e9bb9acee72d62627231ca39cbcb677163810622dd9
          • Instruction ID: 4c8e993060e63ebd606fa48fc847dcf0f437ec0dd76d3aff16ea32f68d78154c
          • Opcode Fuzzy Hash: b45f2d46e7cb9c167aa42e9bb9acee72d62627231ca39cbcb677163810622dd9
          • Instruction Fuzzy Hash: 75316D31A046069FDB21BA78DC45FAA7BE9EF01320F14842AF569D7162DF39BC40EB51
          Function 00F84390 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free
          • String ID:
          • API String ID: 269201875-0
          • Opcode ID: ee8262b433abc60228f1ab24dbc233c9a5525e1b22ff3d3bc0f308cdaffc2554
          • Instruction ID: f88e6b6e1fe8edfddf03bb7ffe7af3d67eeee093737cb45fb235a06130fba243
          • Opcode Fuzzy Hash: ee8262b433abc60228f1ab24dbc233c9a5525e1b22ff3d3bc0f308cdaffc2554
          • Instruction Fuzzy Hash: 36C12572D40205AFDB20EBA8CC42FEEB7FCAB09710F154165FA44FB282D674A941EB50
          Function 00F3F0A0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 179COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F3D3E0: ___std_type_info_name.LIBVCRUNTIME ref: 00F3D49E
            • Part of subcall function 00F3D3E0: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3D4D6
            • Part of subcall function 00F3D3E0: ___std_type_info_name.LIBVCRUNTIME ref: 00F3D509
          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3F169
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3F134
            • Part of subcall function 00F63085: ___unDName.LIBVCRUNTIME ref: 00F630B1
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3F19E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ___std_type_info_name$Concurrency::task_continuation_context::task_continuation_context$Name___un
          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent$ThisObject:
          • API String ID: 4072483069-4091968653
          • Opcode ID: a11a066dc90280b1a9990fac42921e657e18e00310f33bd69f85eb5ae8076a2d
          • Instruction ID: eeb5c3d33cfb5fc6949ae5c4c8515574916a05bf1d9409e3710dd030ebbf521b
          • Opcode Fuzzy Hash: a11a066dc90280b1a9990fac42921e657e18e00310f33bd69f85eb5ae8076a2d
          • Instruction Fuzzy Hash: 4261E170904741ABC711EF34CC06B9BBBF5AF81324F004A29F5955B291EB75E948EB92
          Function 00F7359C Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • MultiByteToWideChar.KERNEL32(FC45C6FF,00000000,?,000000FF,00000000,00000000,?,?,?,?,00F094EA,?,00000050,%d-%m-%Y %H:%M:%S,?), ref: 00F735F4
          • GetLastError.KERNEL32(?,?,?,00F094EA,?,00000050,%d-%m-%Y %H:%M:%S,?,?,?,?,?,?,?,00000080,00000004), ref: 00F73601
          • __dosmaperr.LIBCMT ref: 00F73608
          • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,?,?,?,?,?,00F094EA,?,00000050,%d-%m-%Y %H:%M:%S,?), ref: 00F73634
          • GetLastError.KERNEL32(?,?,?,?,00F094EA,?,00000050,%d-%m-%Y %H:%M:%S,?,?,?,?,?,?,?,00000080), ref: 00F7363E
          • __dosmaperr.LIBCMT ref: 00F73645
          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,00000050,00000000,00000000,?,?,?,?,?,?,?,00F094EA), ref: 00F73688
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00F094EA,?,00000050,%d-%m-%Y %H:%M:%S,?), ref: 00F73692
          • __dosmaperr.LIBCMT ref: 00F73699
          • _free.LIBCMT ref: 00F736A5
          • _free.LIBCMT ref: 00F736AC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
          • String ID:
          • API String ID: 2441525078-0
          • Opcode ID: 699da68e42429211ebb43079ffee3331917ed0e4917eb11b2ad7ea9ca059bb90
          • Instruction ID: c55d98c547fef9d51bedd915a403908545d16b62fc9c8d4c79e3f7ad862dd381
          • Opcode Fuzzy Hash: 699da68e42429211ebb43079ffee3331917ed0e4917eb11b2ad7ea9ca059bb90
          • Instruction Fuzzy Hash: EC31917290460ABFDF126FA4CC45DAF3F68EF05720B14811AF85896261DB35CE10FBA2
          Function 00EFAFA0 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 479COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EE2400: _WChar_traits.LIBCPMTD ref: 00EE244D
          • __fread_nolock.LIBCMT ref: 00EFB1F3
            • Part of subcall function 00F6FA12: MoveFileExW.KERNEL32(0000000C,00FC1530,00000002,?,00FC1530,0000000C,00EE3B23,00EF71FE,?,00000001), ref: 00F6FA1F
            • Part of subcall function 00F6FA12: GetLastError.KERNEL32(?,00FC1530,0000000C,00EE3B23,00EF71FE,?,00000001,?,?,?,?,?,?,?,00EF716A), ref: 00F6FA29
            • Part of subcall function 00F6FA12: __dosmaperr.LIBCMT ref: 00F6FA30
            • Part of subcall function 00EE79A0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EE79E4
          • std::ios_base::good.LIBCPMTD ref: 00EFB620
          • std::bad_exception::~bad_exception.LIBCMTD ref: 00EFB6D1
          • std::bad_exception::~bad_exception.LIBCMTD ref: 00EFB71C
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ProcessorVirtualstd::bad_exception::~bad_exception$Char_traitsConcurrency::ErrorFileLastMoveRootRoot::__dosmaperr__fread_nolockstd::ios_base::good
          • String ID: $.Mail-[$].mammn$]ID-[$r+b
          • API String ID: 1605907291-2690886246
          • Opcode ID: 9c34ba73cb08c9e3e52eb873c883c23fc1f4a66f7180249a3158c1b0c8842dc6
          • Instruction ID: d12301a33fda6061de5771cd16ccd9e74aecadfe7b543ea75a3b2ed6fc1b0b60
          • Opcode Fuzzy Hash: 9c34ba73cb08c9e3e52eb873c883c23fc1f4a66f7180249a3158c1b0c8842dc6
          • Instruction Fuzzy Hash: 76323770D002AC9BDB24DB64CC92BEDB7BAAF55304F1441E9E10977282EB746B88DF51
          Function 00EF4B80 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 352COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: numpunctstd::ios_base::getlocstd::locale::~locale$ctypestd::ios_base::width
          • String ID: @
          • API String ID: 2775636304-2766056989
          • Opcode ID: 8740f7325f40e07777ad4e930ffab986d7f29126788b7d560a97363c1897b952
          • Instruction ID: 48e8c14be862c79dd4d8d1f0b7c09b7c80d2b0165af988119a6ee0fc3103ed13
          • Opcode Fuzzy Hash: 8740f7325f40e07777ad4e930ffab986d7f29126788b7d560a97363c1897b952
          • Instruction Fuzzy Hash: 27E13AB1A0024C9FDB14DF98C991BEEBBF5BF48304F149159F619AB291DB34AE41CB90
          Function 00F35120 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
          Download Yara Rule
          APIs
          • std::make_error_code.LIBCPMTD ref: 00F3524E
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F3525B
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F35269
          • std::make_error_code.LIBCPMTD ref: 00F35290
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F3529D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F352AB
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::ios_base::failure::failurestd::make_error_code
          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 1223328998-1866435925
          • Opcode ID: ae363dccd79c3d5332ba2763f5ccaf801ce3e87f1629eb07f0e6e1155b5bd22e
          • Instruction ID: 7fea9213f35736f18cd7e89892d33ff017c1071c572fb00fda197dc537600a24
          • Opcode Fuzzy Hash: ae363dccd79c3d5332ba2763f5ccaf801ce3e87f1629eb07f0e6e1155b5bd22e
          • Instruction Fuzzy Hash: 8B51BF32A006089FDB10DFA5C985F9AB7F4FF44728F188169F9159B292D775ED01DB80
          Function 00F34F80 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 141COMMON
          Download Yara Rule
          APIs
          • std::make_error_code.LIBCPMTD ref: 00F350BB
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F350C8
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F350D6
          • std::make_error_code.LIBCPMTD ref: 00F350FD
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F3510A
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F35118
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::ios_base::failure::failurestd::make_error_code
          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
          • API String ID: 1223328998-1866435925
          • Opcode ID: 1156c5745db4e08d7392fda0e99c4a95b65dcbda21c2800d2deb5da2a48b7aa8
          • Instruction ID: 8afc702421c308cf5c863f52473dc35acf1cda1dac09ffc2ac86da7a9adbaf10
          • Opcode Fuzzy Hash: 1156c5745db4e08d7392fda0e99c4a95b65dcbda21c2800d2deb5da2a48b7aa8
          • Instruction Fuzzy Hash: 0751D072A006099FDB04DF68C981F99B7F4FF44328F188169E916AB692D736E901DBD0
          Function 00F61500 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 119threadCOMMON
          Download Yara Rule
          APIs
          • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00F61519
            • Part of subcall function 00F61811: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00F61225), ref: 00F61821
          • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00F6152E
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F6153D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F6154B
          • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 00F615D0
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F61610
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F6161E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
          • String ID: pContext$switchState
          • API String ID: 3151764488-2660820399
          • Opcode ID: 33c26e3314e56f5b75828ca06a0c00fc28053c5c56fd9801f6e482be487bd80b
          • Instruction ID: 7469a5c6f9678d68bf5f7790bc8c5ee817b1abf4e1a31fec617c63746dde904f
          • Opcode Fuzzy Hash: 33c26e3314e56f5b75828ca06a0c00fc28053c5c56fd9801f6e482be487bd80b
          • Instruction Fuzzy Hash: AE31A436E00214AFCF05EF64CD81A6DB7B5BF84720B284469E91397252DB74EE01EB91
          Function 00F55FE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
          Download Yara Rule
          APIs
          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00F56002
          • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00F5600C
          • DuplicateHandle.KERNEL32(00000000), ref: 00F56013
          • SafeRWList.LIBCONCRT ref: 00F56032
            • Part of subcall function 00F53F57: __EH_prolog3.LIBCMT ref: 00F53F5E
            • Part of subcall function 00F53F57: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00F53F68
            • Part of subcall function 00F53F57: List.LIBCMT ref: 00F53F72
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F56044
          • GetLastError.KERNEL32 ref: 00F56053
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F56069
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F56077
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8H_prolog3HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
          • String ID: eventObject
          • API String ID: 3870774015-1680012138
          • Opcode ID: 640de72cb870d970a2c05ed43dd7e8f9735282d51805625bfc1fe97f2b5e76c0
          • Instruction ID: eedc18993901adebeee54e4bafab3c584f1191ac2874fadcfd5fee554ccdc000
          • Opcode Fuzzy Hash: 640de72cb870d970a2c05ed43dd7e8f9735282d51805625bfc1fe97f2b5e76c0
          • Instruction Fuzzy Hash: EA11E571A00209EACB14EBA4DC49FAE77BCAB00712F604526BA16D70E1DF74DA08E761
          Function 00F7AF61 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
          Download Yara Rule
          APIs
          • _free.LIBCMT ref: 00F7AF75
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F7AF81
          • _free.LIBCMT ref: 00F7AF8C
          • _free.LIBCMT ref: 00F7AF97
          • _free.LIBCMT ref: 00F7AFA2
          • _free.LIBCMT ref: 00F7AFAD
          • _free.LIBCMT ref: 00F7AFB8
          • _free.LIBCMT ref: 00F7AFC3
          • _free.LIBCMT ref: 00F7AFCE
          • _free.LIBCMT ref: 00F7AFDC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorFreeHeapLast
          • String ID:
          • API String ID: 776569668-0
          • Opcode ID: 047dc0d91a7a821d29bb2f763931ded3b869a5130b3b840266d232201bbb07af
          • Instruction ID: 23029da6400dbab680acd86582abd87fa902a79a47bc8fd51462b41c72aa93f6
          • Opcode Fuzzy Hash: 047dc0d91a7a821d29bb2f763931ded3b869a5130b3b840266d232201bbb07af
          • Instruction Fuzzy Hash: BA119675501148EFCB06EF94CC42DED3B65EF05354B4180A6F91C8B532DB35EA50EB82
          Function 00F47330 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 131COMMON
          Download Yara Rule
          APIs
          • QueryPerformanceCounter.KERNEL32(?), ref: 00F4736A
          • GetLastError.KERNEL32(0000000A), ref: 00F47395
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F473D6
          Strings
          • Timer: QueryPerformanceCounter failed with error , xrefs: 00F473B0
          • Timer: QueryPerformanceFrequency failed with error , xrefs: 00F4749B
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CounterErrorException@8LastPerformanceQueryThrow
          • String ID: Timer: QueryPerformanceCounter failed with error $Timer: QueryPerformanceFrequency failed with error
          • API String ID: 651023626-2136607233
          • Opcode ID: 053398f018e0d308ea99bdd31423beab52019b3bb519179eac163cee23833610
          • Instruction ID: a83a384fb2849cb62905dc708d56421858e94533bcc8584adae3424b384e4a30
          • Opcode Fuzzy Hash: 053398f018e0d308ea99bdd31423beab52019b3bb519179eac163cee23833610
          • Instruction Fuzzy Hash: AA415CB5E4430CEFDB10EFA4DD46F9EBBB8FB08710F104219E915A7292DB74A504AB91
          Function 00F67018 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • UnDecorator::getArgumentList.LIBVCRUNTIME ref: 00F67038
            • Part of subcall function 00F66F22: Replicator::operator[].LIBVCRUNTIME ref: 00F66F8E
            • Part of subcall function 00F66F22: DName::operator+=.LIBVCRUNTIME ref: 00F66F96
          • DName::operator+.LIBCMT ref: 00F6708F
          • DName::DName.LIBVCRUNTIME ref: 00F670D8
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
          • API String ID: 834187326-2211150622
          • Opcode ID: 2780f7c22ec22603358b350d4f85f02558ae0cad97ae30689c318001ce4725c1
          • Instruction ID: a589a1ec2d3bea2a633869ee8fd7b7e4018e65ff16bec80baa1c21a6a0f6be92
          • Opcode Fuzzy Hash: 2780f7c22ec22603358b350d4f85f02558ae0cad97ae30689c318001ce4725c1
          • Instruction Fuzzy Hash: 41218EB8A0420CAFCB04DF1CD992FA57BE4EB46369F104154E845DB262CB75E941BB60
          Function 00F67293 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • UnDecorator::UScore.LIBVCRUNTIME ref: 00F6729B
          • DName::DName.LIBVCRUNTIME ref: 00F672A5
            • Part of subcall function 00F65BBD: DName::doPchar.LIBVCRUNTIME ref: 00F65BE4
          • UnDecorator::getScopedName.LIBVCRUNTIME ref: 00F672E4
          • DName::operator+=.LIBVCRUNTIME ref: 00F672EE
          • DName::operator+=.LIBCMT ref: 00F672FD
          • DName::operator+=.LIBCMT ref: 00F67309
          • DName::operator+=.LIBCMT ref: 00F67316
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
          • String ID: void
          • API String ID: 1480779885-3531332078
          • Opcode ID: 5274a4b219e82467679c632205aa18c17736c2d6b45adce2e52ccbcb68eb6081
          • Instruction ID: d126a19ad5a154a35efa7ccf45b8d2dd8d8b8beb762766e9efd3777276dd3761
          • Opcode Fuzzy Hash: 5274a4b219e82467679c632205aa18c17736c2d6b45adce2e52ccbcb68eb6081
          • Instruction Fuzzy Hash: 7D118271904208AEDB09FF64C996BAD7B74AB51714F104098E4029B392CB74EA45FB50
          Function 00F8392C Relevance: 13.7, APIs: 9, Instructions: 209COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
          • String ID:
          • API String ID: 1282221369-0
          • Opcode ID: b9291dfa881c83fd8a72de5bc0cc1fdd0af2402b93aa282e3fc90329145ba52f
          • Instruction ID: 11dce6bccca458fa043ba26bf2ef1ca3a8ff87166bd516462260565fcfa285fa
          • Opcode Fuzzy Hash: b9291dfa881c83fd8a72de5bc0cc1fdd0af2402b93aa282e3fc90329145ba52f
          • Instruction Fuzzy Hash: F2613771D04314AFDB25BFB48C42BBD7BA5AF02B30F04416EE989972A1D7798A04F791
          Function 00F18F70 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F19118
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1914D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1917D
          Strings
          • ProcessData, xrefs: 00F1912F
          • : message length exceeds maximum, xrefs: 00F190E9
          • setting key and IV, xrefs: 00F1912A
          • ProcessData was called after footer input has started, xrefs: 00F1915F
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: : message length exceeds maximum$ProcessData$ProcessData was called after footer input has started$setting key and IV
          • API String ID: 2005118841-3396553112
          • Opcode ID: d995d239fba6a3ff2269897068b62b29775b9ead918db00380cc113c83e1b4f1
          • Instruction ID: eef1c6d15130728eedb6c419851c3f272fcc09e8b1330a83d2d7549bb3fd308a
          • Opcode Fuzzy Hash: d995d239fba6a3ff2269897068b62b29775b9ead918db00380cc113c83e1b4f1
          • Instruction Fuzzy Hash: CA618B75A0024AEFCB14DFA4C985EEEB7B8FF48304F004119E90A97352DB74AA59DF90
          Function 00F0C770 Relevance: 12.4, APIs: 8, Instructions: 388COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F05360: std::_Lockit::_Lockit.LIBCPMT ref: 00F0538D
            • Part of subcall function 00F05360: std::locale::_Getfacet.LIBCPMTD ref: 00F053B5
            • Part of subcall function 00F05360: std::_Lockit::~_Lockit.LIBCPMT ref: 00F0547D
          • numpunct.LIBCPMTD ref: 00F0C7B2
          • numpunct.LIBCPMTD ref: 00F0C7D3
          • ctype.LIBCPMTD ref: 00F0C82E
          • operator!=.LIBCPMTD ref: 00F0C841
          • operator!=.LIBCPMTD ref: 00F0C928
          • operator!=.LIBCPMTD ref: 00F0C96F
          • operator!=.LIBCPMTD ref: 00F0CA6D
          • _Find_elem.LIBCPMTD ref: 00F0CA90
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: operator!=$Lockitnumpunctstd::_$Find_elemGetfacetLockit::_Lockit::~_ctypestd::locale::_
          • String ID:
          • API String ID: 191028527-0
          • Opcode ID: ce411b3ad4f1014168736cd594f2e89d0f6c02e192086e46f23d4ea003de5ce8
          • Instruction ID: 55d0bfc0116955581edf59dfecea35467834252138f78de123687b06839df88c
          • Opcode Fuzzy Hash: ce411b3ad4f1014168736cd594f2e89d0f6c02e192086e46f23d4ea003de5ce8
          • Instruction Fuzzy Hash: 94F18F71E042988FDF18DFA8C8917EEBBB1AF51304F24825DE45A6B2C2DB355D44EB90
          Function 00F09F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137COMMON
          Download Yara Rule
          APIs
          • operator!=.LIBCPMTD ref: 00F09F6E
          • operator!=.LIBCPMTD ref: 00F09F8D
          • operator!=.LIBCPMTD ref: 00F09FAC
            • Part of subcall function 00F01E10: char_traits.LIBCPMTD ref: 00F01E5D
            • Part of subcall function 00F0F5A0: Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00F0F5D8
          • std::bad_exception::~bad_exception.LIBCMTD ref: 00F0A367
          • std::bad_exception::~bad_exception.LIBCMTD ref: 00F0A41B
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F0A439
          • _Smanip.LIBCPMTD ref: 00F0A870
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F0A8E7
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: operator!=$Container_base12Container_base12::~_std::_std::bad_exception::~bad_exception$Base::ChoresConcurrency::details::GroupScheduleSegmentSmanipUnrealizedchar_traits
          • String ID: C:\$I:\$RSADecryptKey\KEY.DAT$\RSADecryptKey\KEY.DAT
          • API String ID: 1183160274-233014975
          • Opcode ID: 4bb4d359132cca42e4f0a30e5319732fcd5e96eecf5d46cf6da61123317658f6
          • Instruction ID: 076dbec5ef46ff35790eb4fa32488a186212e714bb686c15ea63f38f80afcb0c
          • Opcode Fuzzy Hash: 4bb4d359132cca42e4f0a30e5319732fcd5e96eecf5d46cf6da61123317658f6
          • Instruction Fuzzy Hash: 19518271D042AC9ADB25DB64CC41BEEB7B46F25300F0441EDE24976182EBB45F88EF52
          Function 00EE6080 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE60AD
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE60D5
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE6110
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE611E
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE619D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID: hdz
          • API String ID: 3299565587-147092747
          • Opcode ID: bfc89c20c627e6612c08bee4754cf96c75a27065186c2294d6a359324f926e97
          • Instruction ID: 08b6e7553b23e52b8742176e0794fc8e0dd8accfda5fe714791d785b5bbb494f
          • Opcode Fuzzy Hash: bfc89c20c627e6612c08bee4754cf96c75a27065186c2294d6a359324f926e97
          • Instruction Fuzzy Hash: D7410974D0024DDFCB04DFA5C992AEEB7B0AF58710F108169E92677291DB346A05DBA1
          Function 00F65797 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00F657EA
          • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00F65803
          • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00F6580A
          • PMDtoOffset.LIBCMT ref: 00F65829
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: FindInstanceTargetType$Offset
          • String ID: Bad dynamic_cast!
          • API String ID: 1467055271-2956939130
          • Opcode ID: e7015350a906b62f4f92f39d706a04f9666d3ecf506acfaf8e4680fb211b1a36
          • Instruction ID: ce0504bae7c151a4a900ae9448d7e10a50ddd30e67fe7cb114869a200d23cab7
          • Opcode Fuzzy Hash: e7015350a906b62f4f92f39d706a04f9666d3ecf506acfaf8e4680fb211b1a36
          • Instruction Fuzzy Hash: 9C21F672A00A05EFCB14DFB8CD46AAE77B5EB85F20F108219F911B7681DB35E901B791
          Function 00F13A40 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 310COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13BE3
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13C23
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13DC1
          Strings
          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 00F13BBA
          • : invalid ciphertext, xrefs: 00F13BF7
          • PK_DefaultEncryptionFilter: plaintext too long, xrefs: 00F13D98
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long$PK_DefaultEncryptionFilter: plaintext too long
          • API String ID: 2005118841-2902848663
          • Opcode ID: 47de1b85cc260bbabd7044810928952c9618b8429f202965633689a4f7089a46
          • Instruction ID: 7935eed357649264eefcb47d20440bc27875f749425b0bbce785df568a84a3a0
          • Opcode Fuzzy Hash: 47de1b85cc260bbabd7044810928952c9618b8429f202965633689a4f7089a46
          • Instruction Fuzzy Hash: 7DB19F71A007099FCB24DFA5C885BEABBF5FF48710F10452CE446A7291EB75EA48EB50
          Function 00F8AC0B Relevance: 10.8, APIs: 7, Instructions: 268COMMON
          Download Yara Rule
          APIs
          • GetCPInfo.KERNEL32(0079FE38,0079FE38,?,7FFFFFFF,?,?,00F8AEE4,0079FE38,0079FE38,?,0079FE38,?,?,?,?,0079FE38), ref: 00F8ACB7
          • MultiByteToWideChar.KERNEL32(0079FE38,00000009,0079FE38,0079FE38,00000000,00000000,?,00F8AEE4,0079FE38,0079FE38,?,0079FE38,?,?,?,?), ref: 00F8AD3A
          • MultiByteToWideChar.KERNEL32(0079FE38,00000001,0079FE38,0079FE38,00000000,00F8AEE4,?,00F8AEE4,0079FE38,0079FE38,?,0079FE38,?,?,?,?), ref: 00F8ADCD
          • MultiByteToWideChar.KERNEL32(0079FE38,00000009,0079FE38,0079FE38,00000000,00000000,?,00F8AEE4,0079FE38,0079FE38,?,0079FE38,?,?,?,?), ref: 00F8ADE4
            • Part of subcall function 00F7F17C: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          • MultiByteToWideChar.KERNEL32(0079FE38,00000001,0079FE38,0079FE38,00000000,0079FE38,?,00F8AEE4,0079FE38,0079FE38,?,0079FE38,?,?,?,?), ref: 00F8AE60
          • __freea.LIBCMT ref: 00F8AE8B
          • __freea.LIBCMT ref: 00F8AE97
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
          • String ID:
          • API String ID: 2829977744-0
          • Opcode ID: 9c14a724a1eaedfade402e3a946c59fb5f7849d62605193c4398f52e948aff10
          • Instruction ID: 71b8a6cd432e3caa080f49ff18e4b2870ffcb842bf2e2d55c5278070002e0c00
          • Opcode Fuzzy Hash: 9c14a724a1eaedfade402e3a946c59fb5f7849d62605193c4398f52e948aff10
          • Instruction Fuzzy Hash: 2491C472E002169BEB21AF65CC85EEE7BB5EF09720F18455BE905E7140E735DC40E7A2
          Function 00F0F090 Relevance: 10.7, APIs: 7, Instructions: 213COMMON
          Download Yara Rule
          APIs
          • std::locale::~locale.LIBCPMTD ref: 00F0F11F
          • numpunct.LIBCPMTD ref: 00F0F141
          • numpunct.LIBCPMTD ref: 00F0F182
          • std::ios_base::getloc.LIBCPMTD ref: 00F0F0EE
            • Part of subcall function 00EF9450: std::locale::locale.LIBCPMTD ref: 00EF946A
            • Part of subcall function 00F05360: std::_Lockit::_Lockit.LIBCPMT ref: 00F0538D
            • Part of subcall function 00F05360: std::locale::_Getfacet.LIBCPMTD ref: 00F053B5
            • Part of subcall function 00F05360: std::_Lockit::~_Lockit.LIBCPMT ref: 00F0547D
          • std::ios_base::getloc.LIBCPMTD ref: 00F0F218
          • std::locale::~locale.LIBCPMTD ref: 00F0F280
          • __Stolx.LIBCPMT ref: 00F0F2BA
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitnumpunctstd::_std::ios_base::getlocstd::locale::~locale$GetfacetLockit::_Lockit::~_Stolxstd::locale::_std::locale::locale
          • String ID:
          • API String ID: 1366767378-0
          • Opcode ID: ac66ebb127095592acf906f0744484a80913895691ccef15e4238df43144a2ef
          • Instruction ID: 57c8f1af707d6675e62c8859360de00baf7a3c22fd9311d4059f9b2dc7c4aff5
          • Opcode Fuzzy Hash: ac66ebb127095592acf906f0744484a80913895691ccef15e4238df43144a2ef
          • Instruction Fuzzy Hash: 84A14A75D0024CDFDB14DFA4C851BEDB7B5BF48300F1082A9E419AB291DB749A49DF50
          Function 00F847C0 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free
          • String ID:
          • API String ID: 269201875-0
          • Opcode ID: 8eb1747bb527e7d4c11f302cbb4c0a5fe2dc181c6b7d6ecb7575a893add6ad3b
          • Instruction ID: 24ecbfd5ae1bf3c2a2b92d2caa20ceeaecf5dd59d2f6254415b43a3ec11ff8e1
          • Opcode Fuzzy Hash: 8eb1747bb527e7d4c11f302cbb4c0a5fe2dc181c6b7d6ecb7575a893add6ad3b
          • Instruction Fuzzy Hash: 2861A571D04246AFDB20EF68CC42BEEBBF4EB45720F14416AE954EB292D770AD41EB50
          Function 00EF8420 Relevance: 10.7, APIs: 7, Instructions: 195COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: numpunctshared_ptrstd::ios_base::getlocstd::locale::~locale
          • String ID:
          • API String ID: 165846242-0
          • Opcode ID: 21327866bdf8762b5545b888c14107243b67232101f0af7a3f71f524666f0062
          • Instruction ID: 013f68ed90796c8fe73bf1f2a1baca584352dfe0b20a87322857f9d9e2172f5d
          • Opcode Fuzzy Hash: 21327866bdf8762b5545b888c14107243b67232101f0af7a3f71f524666f0062
          • Instruction Fuzzy Hash: 4981D9B290014CAFCB14DFA8D991AEEBBF5BF48310F109119F619BB291DB34A945DF90
          Function 00EFDC10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 167COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Char_traitschar_traits
          • String ID:
          • API String ID: 2830450730-3916222277
          • Opcode ID: f11d6f0433731a0e21d6a43da585f852be890614ea2d6469c41e0bef5b14cbf1
          • Instruction ID: 19d7284a70fe0f31f03fd4d37f4cca1893f648ee541c6f5602848ae9a6466f10
          • Opcode Fuzzy Hash: f11d6f0433731a0e21d6a43da585f852be890614ea2d6469c41e0bef5b14cbf1
          • Instruction Fuzzy Hash: 4A515C75D1410CABCF14EFE4E8919FEBBBAAF58304F106119F601BB251EB329984CB91
          Function 00F7D758 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetConsoleCP.KERNEL32(?,00F6DF7D,E0830C40,?,?,?,?,?,?,00F7DECD,00F49005,00F6DF7D,?,00F6DF7D,00F6DF7D,00F49005), ref: 00F7D79A
          • __fassign.LIBCMT ref: 00F7D815
          • __fassign.LIBCMT ref: 00F7D830
          • WideCharToMultiByte.KERNEL32(?,00000000,00F6DF7D,00000001,?,00000005,00000000,00000000), ref: 00F7D856
          • WriteFile.KERNEL32(?,?,00000000,00F7DECD,00000000,?,?,?,?,?,?,?,?,?,00F7DECD,00F49005), ref: 00F7D875
          • WriteFile.KERNEL32(?,00F49005,00000001,00F7DECD,00000000,?,?,?,?,?,?,?,?,?,00F7DECD,00F49005), ref: 00F7D8AE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
          • String ID:
          • API String ID: 1324828854-0
          • Opcode ID: 0a9c49ff2270c9c8c0d04a8fa38efef5bf8126f02a7473372f0560368649e69a
          • Instruction ID: 59d2b3d0aa1d663310d6dc8e8e24e3305f4801d21beb75b6650d20f3b1aeedb3
          • Opcode Fuzzy Hash: 0a9c49ff2270c9c8c0d04a8fa38efef5bf8126f02a7473372f0560368649e69a
          • Instruction Fuzzy Hash: C35191B1E002499FDB10CFA8DC85BEEBBB4EF09310F14815BE959E7291D7709941DB62
          Function 00F3F370 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 110COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00F3D5D0: ___std_type_info_name.LIBVCRUNTIME ref: 00F3D68E
            • Part of subcall function 00F3D5D0: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3D6C6
            • Part of subcall function 00F3D5D0: ___std_type_info_name.LIBVCRUNTIME ref: 00F3D6F9
          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3F3F6
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3F3C1
            • Part of subcall function 00F63085: ___unDName.LIBVCRUNTIME ref: 00F630B1
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3F427
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ___std_type_info_name$Concurrency::task_continuation_context::task_continuation_context$Name___un
          • String ID: Modulus$PublicExponent$ThisObject:
          • API String ID: 4072483069-1616987064
          • Opcode ID: d6769db00089783ca0e184b766f653f9934e049329d154dcc31fd8868cecbebc
          • Instruction ID: 6e121dc01232adf097a0826854b5a1ed4d5681f02b8ad2f754a6de928be12cb1
          • Opcode Fuzzy Hash: d6769db00089783ca0e184b766f653f9934e049329d154dcc31fd8868cecbebc
          • Instruction Fuzzy Hash: 0D411731908341ABCB11AF34CC42B5BBBE1AF95328F04465DF88867292D776D90CD792
          Function 00F8A611 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e4aa2c89b414b7d394b39b2ea7876dd58bbb5410bdabc0c151eb61f4278b9735
          • Instruction ID: 98990461362da5a7986cd5a737ebf80123dd9767164e79773e9a4c7816b4d556
          • Opcode Fuzzy Hash: e4aa2c89b414b7d394b39b2ea7876dd58bbb5410bdabc0c151eb61f4278b9735
          • Instruction Fuzzy Hash: B711E732905215AFFB213F769C08EBF3B58EF86B70B144526F895D7161EA39C800B7A1
          Function 00F06950 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
          Download Yara Rule
          APIs
          • std::_Cnd_initX.LIBCPMTD ref: 00F06982
            • Part of subcall function 00F0B070: __Cnd_init.LIBCPMT ref: 00F0B077
            • Part of subcall function 00F0B070: std::_Check_C_return.LIBCPMTD ref: 00F0B080
          • std::_Auto_cnd::_Auto_cnd.LIBCPMTD ref: 00F0699E
          • std::_Cnd_waitX.LIBCPMTD ref: 00F069B3
            • Part of subcall function 00F0D500: __Mtx_init.LIBCPMT ref: 00F0D50B
            • Part of subcall function 00F0D500: std::_Check_C_return.LIBCPMTD ref: 00F0D514
          • std::_Auto_cnd::_Auto_cnd.LIBCPMTD ref: 00F069CF
          • std::_Cnd_initX.LIBCPMTD ref: 00F069E6
            • Part of subcall function 00EF5220: std::_Check_C_return.LIBCPMTD ref: 00EF5230
          • std::_Auto_cnd::~_Auto_cnd.LIBCPMTD ref: 00F06A05
          • std::_Auto_cnd::~_Auto_cnd.LIBCPMTD ref: 00F06A14
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::_$Auto_cnd$C_returnCheck_Cnd_init$Auto_cnd::_Auto_cnd::~_$Cnd_waitMtx_init
          • String ID:
          • API String ID: 1028754979-0
          • Opcode ID: 5be14acc1dfa84908394117006446101ed6285e0bb48df3f8d38605524a69443
          • Instruction ID: 312e0c0a88b01f76249049f7925481245485295ffd9e993697a3ff596cbb31d7
          • Opcode Fuzzy Hash: 5be14acc1dfa84908394117006446101ed6285e0bb48df3f8d38605524a69443
          • Instruction Fuzzy Hash: 7D216075D001089BDB04EB98CD42BEEB7F4AF18704F5441A8E902772D2DB39AE05DBA0
          Function 00F84C95 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F849DC: _free.LIBCMT ref: 00F84A05
          • _free.LIBCMT ref: 00F84CE3
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F84CEE
          • _free.LIBCMT ref: 00F84CF9
          • _free.LIBCMT ref: 00F84D4D
          • _free.LIBCMT ref: 00F84D58
          • _free.LIBCMT ref: 00F84D63
          • _free.LIBCMT ref: 00F84D6E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorFreeHeapLast
          • String ID:
          • API String ID: 776569668-0
          • Opcode ID: 799c8d95349627b7683f864eafde8b1f1602b40e217374dd2b23754633b6644b
          • Instruction ID: 229d639d8daeeb9015dd3469f6fe4a38e43cb10265958501d2829df694368a4d
          • Opcode Fuzzy Hash: 799c8d95349627b7683f864eafde8b1f1602b40e217374dd2b23754633b6644b
          • Instruction Fuzzy Hash: 78115E71941B04AAD631BBB0CC07FDB7B9CAF01750F404916F2ADA6063DB7DB524A791
          Function 00F4EADF Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00F4D153,?,?,?,00000000), ref: 00F4EAED
          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00F4D153,?,?,?,00000000), ref: 00F4EAF3
          • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00F4D153,?,?,?,00000000), ref: 00F4EB20
          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00F4D153,?,?,?,00000000), ref: 00F4EB2A
          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00F4D153,?,?,?,00000000), ref: 00F4EB3C
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EB52
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EB60
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
          • String ID:
          • API String ID: 4227777306-0
          • Opcode ID: cd807b299af7c8b04f526cf661885ef6f70c6e086c468b8297d3e3d367f86d97
          • Instruction ID: 9e57e4eb9c6b16c1ae6754a4b7d133433ba721b70deb10164b39bff631844415
          • Opcode Fuzzy Hash: cd807b299af7c8b04f526cf661885ef6f70c6e086c468b8297d3e3d367f86d97
          • Instruction Fuzzy Hash: 55016731A00115A7C721BB65ED1AFAF7F78FF80B61B504416F906D6061DB74E904B7A1
          Function 00F79468 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F7B055: GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
            • Part of subcall function 00F7B055: _free.LIBCMT ref: 00F7B08C
            • Part of subcall function 00F7B055: SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
            • Part of subcall function 00F7B055: _abort.LIBCMT ref: 00F7B0D3
          • _memcmp.LIBVCRUNTIME ref: 00F79712
          • _free.LIBCMT ref: 00F79783
          • _free.LIBCMT ref: 00F7979C
          • _free.LIBCMT ref: 00F797CE
          • _free.LIBCMT ref: 00F797D7
          • _free.LIBCMT ref: 00F797E3
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorLast$_abort_memcmp
          • String ID:
          • API String ID: 1679612858-0
          • Opcode ID: 8320933e67dd0fb92c4abeb224ef352cbfb9a59eab5d537130e193f61f1e4bb4
          • Instruction ID: 2fc001aea5056f0651d7d25f6c80b9b8e5fb8a5289361e0fd068b0e2c6583206
          • Opcode Fuzzy Hash: 8320933e67dd0fb92c4abeb224ef352cbfb9a59eab5d537130e193f61f1e4bb4
          • Instruction Fuzzy Hash: 36B148759052299FDB24DF18C885BADB7B4FF09314F5485AAE80DA7360E770AE80DF41
          Function 00F80C3D Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F6F450,00F6F450,?,?,?,00F80E8E,00000001,00000001,0EE85006), ref: 00F80C97
          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F80E8E,00000001,00000001,0EE85006,?,?,?), ref: 00F80D1D
          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,0EE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F80E17
          • __freea.LIBCMT ref: 00F80E24
            • Part of subcall function 00F7F17C: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          • __freea.LIBCMT ref: 00F80E2D
          • __freea.LIBCMT ref: 00F80E52
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharMultiWide__freea$AllocateHeap
          • String ID:
          • API String ID: 1414292761-0
          • Opcode ID: 56ca9662f086f075c1f457d4d80a3908a578089a1c64e03b77e5b40dfdb6f05c
          • Instruction ID: 34c2fae86d2bdbb21fa86efa41b78290cb0a294f4f67e9709d22e1d57f3fc730
          • Opcode Fuzzy Hash: 56ca9662f086f075c1f457d4d80a3908a578089a1c64e03b77e5b40dfdb6f05c
          • Instruction Fuzzy Hash: 9151D572A00216AFEB65AF64CC81EFF7BA9EB44760F554629FD04D6140EF34DC44A790
          Function 00F45300 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 439COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F45627
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: Max$Min$RandomNumberType$invalid bit length
          • API String ID: 2005118841-2498579642
          • Opcode ID: f846b4c6e622047e476bd76161bd2ad12fe093f5a536b1d229c2e240f47bbf58
          • Instruction ID: 3138ffc8c7dd477d3038e3bd50466a89b8b9094a8d753374bb29332d1583775b
          • Opcode Fuzzy Hash: f846b4c6e622047e476bd76161bd2ad12fe093f5a536b1d229c2e240f47bbf58
          • Instruction Fuzzy Hash: 0602B171D0164CEFDF04DFA4C841BDEBBB5AF58314F148169F805A7242DB789A48EBA2
          Function 00EF32F0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3d20e6a5bbf805484a9c6a14a0f02e87289d634b1221e28b0fd8ed1872c607dd
          • Instruction ID: 5dc20601e5c8beed887f6c3cf33c2c6eb895f335e834c0d2063893c62170f084
          • Opcode Fuzzy Hash: 3d20e6a5bbf805484a9c6a14a0f02e87289d634b1221e28b0fd8ed1872c607dd
          • Instruction Fuzzy Hash: 2741A47020412C67DB29DF1DD495A7D37E2EBC5348F00E028FAA9EF2C6DA34DA4193A4
          Function 00F05220 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00F0524D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00F05275
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00F052B0
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F052BE
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00F0533D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: 1387cc3cd76751ae5fbed02c264822ba57b44686ae21cea99bd5fd0714185fb7
          • Instruction ID: 7bf206538dd8e9659a0eeba5a6569d5ffddf83f49da6472c11025d5f2180164e
          • Opcode Fuzzy Hash: 1387cc3cd76751ae5fbed02c264822ba57b44686ae21cea99bd5fd0714185fb7
          • Instruction Fuzzy Hash: 04412970D0060DDFCB04DFA4D991AEEB7B0BF48710F104269E92277291DB746A05DFA1
          Function 00F05360 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00F0538D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00F053B5
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00F053F0
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F053FE
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00F0547D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: babfb94a8590e4c6773d500200312ba6449758699ed02bdf99f8e35a1be01438
          • Instruction ID: f853059abc6fc6a0fd58fc7aa66162476ae909c6f7947805e252d31a7c207732
          • Opcode Fuzzy Hash: babfb94a8590e4c6773d500200312ba6449758699ed02bdf99f8e35a1be01438
          • Instruction Fuzzy Hash: CA410975D0060DDFCB04DFA4D991AEEB7B0EF48710F104269E92277291DB746A05DFA1
          Function 00EE5E00 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE5E2D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE5E55
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE5E90
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE5E9E
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE5F1D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: f71beaf418fe5f564c5122920ac91b80fbaaa1d073d40ab2655ad15d5c931a22
          • Instruction ID: 0db367b8ee385e107ea5b3e43edde1e801b1a4b31c5d83231c8ff46c7c03a3be
          • Opcode Fuzzy Hash: f71beaf418fe5f564c5122920ac91b80fbaaa1d073d40ab2655ad15d5c931a22
          • Instruction Fuzzy Hash: 0C411A71D0024DDFCB04DFA5C992AEEB7B0FF48714F104269E922B7291DB356A05DBA1
          Function 00EE5F40 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE5F6D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE5F95
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE5FD0
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE5FDE
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE605D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: 1cea0520b86667f3829da6adbd681621f5b6b32c1dfa30cea0323f9f7372d7a8
          • Instruction ID: 6885f8c99502e321c20d79f181aa0c90109c7b83f31d8c74e000074e59522267
          • Opcode Fuzzy Hash: 1cea0520b86667f3829da6adbd681621f5b6b32c1dfa30cea0323f9f7372d7a8
          • Instruction Fuzzy Hash: 23412970D0024DDFCB04DFA4C992AEEB7B0BF48310F104169E922B7291DB346E05DBA1
          Function 00EE61C0 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE61ED
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE6215
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE6250
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE625E
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE62DD
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: c9f8c0ddcec01e95b6467ebdfec1dfe029546ffee6e514ab5798394f8a313390
          • Instruction ID: a9083e5e0b319e19af90084b54402bfb187f1561b677017223d9d9132413b9cc
          • Opcode Fuzzy Hash: c9f8c0ddcec01e95b6467ebdfec1dfe029546ffee6e514ab5798394f8a313390
          • Instruction Fuzzy Hash: C7414C70D0024DDFCB04EFA5C992AEEB7B0FF48710F108269E92277291DB346A05DBA1
          Function 00EE6440 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
          Download Yara Rule
          APIs
          • std::_Lockit::_Lockit.LIBCPMT ref: 00EE646D
            • Part of subcall function 00EED050: std::_Lockit::_Lockit.LIBCPMT ref: 00EED070
            • Part of subcall function 00EED050: std::_Lockit::~_Lockit.LIBCPMT ref: 00EED09A
          • std::locale::_Getfacet.LIBCPMTD ref: 00EE6495
          • std::bad_alloc::bad_alloc.LIBCMTD ref: 00EE64D0
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EE64DE
          • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE655D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetThrowstd::bad_alloc::bad_allocstd::locale::_
          • String ID:
          • API String ID: 3299565587-0
          • Opcode ID: 3ab61b2a9623354103d74e0dee2faf59341395bff46370b21e28809896d70d02
          • Instruction ID: 5b97555d55f37032d87c0f1467a5192398eb8c5eebba682bcc25983e80c8256e
          • Opcode Fuzzy Hash: 3ab61b2a9623354103d74e0dee2faf59341395bff46370b21e28809896d70d02
          • Instruction Fuzzy Hash: 1A411B71D0024DDFCB04DFA4C992AEEB7B0FF58710F104269E92277291DB38AA05DBA1
          Function 00EF14F0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
          Download Yara Rule
          APIs
          • delete.LIBCONCRTD ref: 00EF1582
            • Part of subcall function 00F4BC0A: EnterCriticalSection.KERNEL32(00FCB794,?,?,?,00F33571,00FCAEB8,F58088C3,?,?,?,00000000,00F913CF,000000FF,?,00F3362C,00000001), ref: 00F4BC15
            • Part of subcall function 00F4BC0A: LeaveCriticalSection.KERNEL32(00FCB794,?,00F33571,00FCAEB8,F58088C3,?,?,?,00000000,00F913CF,000000FF,?,00F3362C,00000001), ref: 00F4BC52
          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00EF15A0
          • delete.LIBCONCRTD ref: 00EF15BD
          • SafeRWList.LIBCONCRTD ref: 00EF15DB
            • Part of subcall function 00EEAA60: std::_Mutex_base::_Mutex_base.LIBCONCRTD ref: 00EEAA6C
            • Part of subcall function 00F4BA41: __onexit.LIBCMT ref: 00F4BA47
            • Part of subcall function 00F4BBC0: EnterCriticalSection.KERNEL32(00FCB794,?,?,00F3359F,00FCAEB8,00F948A0,00000001), ref: 00F4BBCA
            • Part of subcall function 00F4BBC0: LeaveCriticalSection.KERNEL32(00FCB794,?,00F3359F,00FCAEB8,00F948A0,00000001), ref: 00F4BBFD
            • Part of subcall function 00EED670: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EED68F
            • Part of subcall function 00EFF2E0: std::locale::_Locimp::_Addfac.LIBCPMTD ref: 00EFF2F2
          • delete.LIBCONCRTD ref: 00EF1602
          • SafeRWList.LIBCONCRTD ref: 00EF161A
            • Part of subcall function 00EEBB70: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00EEBB9B
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Critical$Section$delete$EnterLeaveListMutex_baseProcessorSafeVirtualstd::_$AddfacConcurrency::Concurrency::details::_Locimp::_Lock::_Mutex_base::_Mutex_base::~_ReentrantRootRoot::Scoped_lockScoped_lock::___onexitstd::locale::_
          • String ID:
          • API String ID: 2240771013-0
          • Opcode ID: bfb451b51ca9f34942e915d7955777c653982f3b6b19bd170da9c222ca184541
          • Instruction ID: ae5fd65240e399552f51c7129d780ef73abab9e70d1f4b6202c58d2c5847c0a4
          • Opcode Fuzzy Hash: bfb451b51ca9f34942e915d7955777c653982f3b6b19bd170da9c222ca184541
          • Instruction Fuzzy Hash: 23316170E0420EDBDB04DBA4D957BBEB7B0EB44714F10016DE516772C2DB745904AB56
          Function 00F6B18A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(?,?,00F6B181,00F65362,00F8B676,00000008,00F8B9F3,?,?,?,?,00F6066E,?,?,F58088C3), ref: 00F6B198
          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F6B1A6
          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F6B1BF
          • SetLastError.KERNEL32(00000000,?,00F6B181,00F65362,00F8B676,00000008,00F8B9F3,?,?,?,?,00F6066E,?,?,F58088C3), ref: 00F6B211
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLastValue___vcrt_
          • String ID:
          • API String ID: 3852720340-0
          • Opcode ID: e03798cc39b833132b4237618f750fa0339b1411a770dac78ff52859c4ef29b6
          • Instruction ID: 4bd483c1cab84fb4287b23b04436c2c0f37bdc881351adf77669b34a4ded1976
          • Opcode Fuzzy Hash: e03798cc39b833132b4237618f750fa0339b1411a770dac78ff52859c4ef29b6
          • Instruction Fuzzy Hash: 9A01D43291821A6EA62527B57CAA97B3B94EB027F4724433AF190C60E1EF174D60B284
          Function 00F7B055 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(?,00000000,00F751CC,?,?,00F48334,00000000,?,?,?,00FBFD70,?,?,?,?,string too long), ref: 00F7B059
          • _free.LIBCMT ref: 00F7B08C
          • _free.LIBCMT ref: 00F7B0B4
          • SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0C1
          • SetLastError.KERNEL32(00000000,?,00FBFD70,?,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F7B0CD
          • _abort.LIBCMT ref: 00F7B0D3
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$_free$_abort
          • String ID:
          • API String ID: 3160817290-0
          • Opcode ID: 56f9c0aa181bafb09c393e863b74e54f0a4fb078ae976a4dc7f38c18a36a119c
          • Instruction ID: 3b2cc5b1e908834952e4968ae52d3075a2b1e006f33ca00cad9214741491104f
          • Opcode Fuzzy Hash: 56f9c0aa181bafb09c393e863b74e54f0a4fb078ae976a4dc7f38c18a36a119c
          • Instruction Fuzzy Hash: AAF0A932500A0566C2323734AD0EF6F39559FC2B70B21C017F53C931A2EF2888017193
          Function 00F14310 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 274COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1463F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: exceeds the maximum of $: footer length $: header length $: message length
          • API String ID: 2005118841-976070898
          • Opcode ID: 8e48eb2e39053c63c3317e584619dc9f47fc9229738a915606c1090847de807f
          • Instruction ID: d1ee8239d4ca9e6495235700010a94f19768ac5a7286ce078608badea5fac7fb
          • Opcode Fuzzy Hash: 8e48eb2e39053c63c3317e584619dc9f47fc9229738a915606c1090847de807f
          • Instruction Fuzzy Hash: 95A16F75A0028CAFDB21DFA4CC85FDEBBECAF58300F144459F945E7242DA74AA449BA1
          Function 00F14780 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 174COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F148B6
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
          • API String ID: 2005118841-1273958906
          • Opcode ID: 75284e8f2ca2eef58f3d57f4d21ad9eb87bfbea51373d24201b8ea55753f0c0e
          • Instruction ID: f53a4eae2da44da5f9f786f2613f38db180a564b1694fab960d89476b7de1c76
          • Opcode Fuzzy Hash: 75284e8f2ca2eef58f3d57f4d21ad9eb87bfbea51373d24201b8ea55753f0c0e
          • Instruction Fuzzy Hash: FB517075A01358ABDB11EBA4CC49FDEBBFCAF19300F104599F509E3242DB749B449BA1
          Function 00F172F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 173COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F174CC
          Strings
          • StreamTransformationFilter: W3C_PADDING cannot be used with , xrefs: 00F173B0
          • BlockPaddingScheme, xrefs: 00F17346
          • StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with , xrefs: 00F173E9
          • StreamTransformationFilter: PKCS_PADDING cannot be used with , xrefs: 00F174A8
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: BlockPaddingScheme$StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with $StreamTransformationFilter: PKCS_PADDING cannot be used with $StreamTransformationFilter: W3C_PADDING cannot be used with
          • API String ID: 2005118841-406985018
          • Opcode ID: f40d1ab3f3b033e7f8bd17a74109c7aaa5853a3a410fc8d167e44ae4fdb8d2de
          • Instruction ID: 0f3b4761049da7998e231e11eaa8266941ee188cd5399cb5c6ca2a86d6561699
          • Opcode Fuzzy Hash: f40d1ab3f3b033e7f8bd17a74109c7aaa5853a3a410fc8d167e44ae4fdb8d2de
          • Instruction Fuzzy Hash: 15518975A04319EBDB10EF64C884FDABBB4BF49710F004599E809A7291DB31AE84EB91
          Function 00F3D5D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171COMMON
          Download Yara Rule
          APIs
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3D68E
          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3D6C6
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3D6F9
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ___std_type_info_name$Concurrency::task_continuation_context::task_continuation_context
          • String ID: ThisPointer:$ValueNames
          • API String ID: 219333310-2375088429
          • Opcode ID: ad90c2c981fefff19a933261a3186ea47cba908470be509a6bbfd124168e816f
          • Instruction ID: 09629929755d783f28cca0b9a14d5a35eeb09eca9ced0be7a8e7c215bcaf4437
          • Opcode Fuzzy Hash: ad90c2c981fefff19a933261a3186ea47cba908470be509a6bbfd124168e816f
          • Instruction Fuzzy Hash: 135156307043419BC7209F24AD82F23BBE6AF55768F04495CF9D987242D763ED18E762
          Function 00F3D3E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 170COMMON
          Download Yara Rule
          APIs
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3D49E
          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00F3D4D6
          • ___std_type_info_name.LIBVCRUNTIME ref: 00F3D509
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ___std_type_info_name$Concurrency::task_continuation_context::task_continuation_context
          • String ID: ThisPointer:$ValueNames
          • API String ID: 219333310-2375088429
          • Opcode ID: 668da8eadea5d1c3781ed2f8a004edea0edaf652605f487e60b0ef9e4880606c
          • Instruction ID: 77e6681d6ec9892e5f12208bc020a4d59dee574ca43801e5746db7f71c509073
          • Opcode Fuzzy Hash: 668da8eadea5d1c3781ed2f8a004edea0edaf652605f487e60b0ef9e4880606c
          • Instruction Fuzzy Hash: FB5104316043419BCB20DF24ED82E67BBE5AF55728F08496CF98987242D773ED08E752
          Function 00EE4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00EFC240: _Max_value.LIBCPMTD ref: 00EFC276
            • Part of subcall function 00EFC240: _Min_value.LIBCPMTD ref: 00EFC29C
          • allocator.LIBCONCRTD ref: 00EE4FFB
          • allocator.LIBCONCRTD ref: 00EE506D
          • construct.LIBCPMTD ref: 00EE50AD
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator$Max_valueMin_valueconstruct
          • String ID: g$g
          • API String ID: 3172100163-1725961578
          • Opcode ID: 430a3ca184d7a4b8921b0db79d0fb125aa6787fb52e6057ae23070c1d813c1a5
          • Instruction ID: 25cd816967c7a97697d9f54eb2cda89345a5059667d80fb0a8112b0c01d1c8a9
          • Opcode Fuzzy Hash: 430a3ca184d7a4b8921b0db79d0fb125aa6787fb52e6057ae23070c1d813c1a5
          • Instruction Fuzzy Hash: 8D4193B5E0010DAFCB48DFA9D8919EEB7B5FF88300F109559E919B7355DB30AA00CBA1
          Function 00F77901 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
          Download Yara Rule
          APIs
          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\12.exe,00000104), ref: 00F77941
          • _free.LIBCMT ref: 00F77A0C
          • _free.LIBCMT ref: 00F77A16
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$FileModuleName
          • String ID: 0&y$C:\Users\user\Desktop\12.exe
          • API String ID: 2506810119-3740557232
          • Opcode ID: e02a668051a7d32a63032687aab5dc96003a98770e95114d019a619a53d2c78e
          • Instruction ID: 64371120531210a7b92f0f83a3bb64a977e22784ba42710400bdff435959e5a6
          • Opcode Fuzzy Hash: e02a668051a7d32a63032687aab5dc96003a98770e95114d019a619a53d2c78e
          • Instruction Fuzzy Hash: 4F31B571E15318AFEB21EB998C82E9EBBBCEB85710F10806BE54897211D7744E40FB51
          Function 00EF5600 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
          Download Yara Rule
          APIs
          • std::ios_base::good.LIBCPMTD ref: 00EF5662
          • std::ios_base::good.LIBCPMTD ref: 00EF56DF
          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EF5718
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::ios_base::good$Concurrency::task_continuation_context::task_continuation_context
          • String ID: ", "$: "
          • API String ID: 926726489-747220369
          • Opcode ID: 13958f328627751fd02e34a8c1e2146d58d33eb420547423a42ecfa6f8d38cc5
          • Instruction ID: 639db09cc1c6ebd40c3d8788a2e849b34f8d6c407bd5255e33c1240eabc503d5
          • Opcode Fuzzy Hash: 13958f328627751fd02e34a8c1e2146d58d33eb420547423a42ecfa6f8d38cc5
          • Instruction Fuzzy Hash: 65415E7281019CDACB04EF95CC52BEEB7B8FF14314F445129E506B7292EF716A49CBA1
          Function 00EE4BB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EFC2C0: _Max_value.LIBCPMTD ref: 00EFC2F6
            • Part of subcall function 00EFC2C0: _Min_value.LIBCPMTD ref: 00EFC31C
          • allocator.LIBCONCRTD ref: 00EE4C2B
          • allocator.LIBCPMTD ref: 00EE4C95
          • construct.LIBCPMTD ref: 00EE4CCD
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator$Max_valueMin_valueconstruct
          • String ID: $
          • API String ID: 3172100163-1760928858
          • Opcode ID: b8e0be31b8087a0ffcdb6de0668deb06480539e3c479bc678c5b9e3c7063dff7
          • Instruction ID: bbbc83b657762f4390b6a54be2fd841ef1d089ba59a299ff7332697618c692f5
          • Opcode Fuzzy Hash: b8e0be31b8087a0ffcdb6de0668deb06480539e3c479bc678c5b9e3c7063dff7
          • Instruction Fuzzy Hash: 6041A5B5E0010DAFCB48DFA9D8918EEB7F5FF88300B109569E516B7355DB30AA00CBA5
          Function 00EE4E40 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EFC240: _Max_value.LIBCPMTD ref: 00EFC276
            • Part of subcall function 00EFC240: _Min_value.LIBCPMTD ref: 00EFC29C
          • allocator.LIBCONCRTD ref: 00EE4EBB
          • allocator.LIBCONCRTD ref: 00EE4F25
          • construct.LIBCPMTD ref: 00EE4F5D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator$Max_valueMin_valueconstruct
          • String ID: [$[
          • API String ID: 3172100163-1962798049
          • Opcode ID: 730ac209ee0b95bb9531eacdbd9a8e8fb5366f68cb19901ca7f31ab5906be03f
          • Instruction ID: 7d310cfeffc811c702695ae180fe8d873b0a2b1412c94d96fe42edfd2bd1a7eb
          • Opcode Fuzzy Hash: 730ac209ee0b95bb9531eacdbd9a8e8fb5366f68cb19901ca7f31ab5906be03f
          • Instruction Fuzzy Hash: 9841A4B5E0010DAFCB48DFA9D8918EEB7B5FF88300B109569E515B7351DB30AA40CBA5
          Function 00EE4260 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00EFC2C0: _Max_value.LIBCPMTD ref: 00EFC2F6
            • Part of subcall function 00EFC2C0: _Min_value.LIBCPMTD ref: 00EFC31C
          • allocator.LIBCONCRTD ref: 00EE42C6
          • allocator.LIBCPMTD ref: 00EE431B
          • construct.LIBCPMTD ref: 00EE433F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator$Max_valueMin_valueconstruct
          • String ID: rl$rl
          • API String ID: 3172100163-3070577822
          • Opcode ID: c88047d102682267f49f8083c735ce57e6cee6c21af769bcd8cb747b3976cbb2
          • Instruction ID: e5e6e91c7bb18e5bd68bec4dce2a70c3ac3957d7b59a8819a71331da81bfbbe5
          • Opcode Fuzzy Hash: c88047d102682267f49f8083c735ce57e6cee6c21af769bcd8cb747b3976cbb2
          • Instruction Fuzzy Hash: 0131CAB5E1010DAFCB44EFA9D8929AEB7B5FF88300B10956DE915A7351DB30AA40CB91
          Function 00EE4360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00EFC240: _Max_value.LIBCPMTD ref: 00EFC276
            • Part of subcall function 00EFC240: _Min_value.LIBCPMTD ref: 00EFC29C
          • allocator.LIBCONCRTD ref: 00EE43C6
          • allocator.LIBCONCRTD ref: 00EE441B
          • construct.LIBCPMTD ref: 00EE443F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: allocator$Max_valueMin_valueconstruct
          • String ID: j$j
          • API String ID: 3172100163-170249305
          • Opcode ID: df4ec9ed16b69307a72f4966651edb83cc9d0b053e3b2c88a5664d43e89cdfed
          • Instruction ID: 549fd082ba2ec324f70be22cec1e9de26c229c85ff805b22e494c79b0bb050f4
          • Opcode Fuzzy Hash: df4ec9ed16b69307a72f4966651edb83cc9d0b053e3b2c88a5664d43e89cdfed
          • Instruction Fuzzy Hash: CF31CCB5E1010DEFCB44DFA9D8919AEB7B5FF48300B10956DE915B7391DB30AA40CB91
          Function 00F341CE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00EF7130: std::ios_base::clear.LIBCPMTD ref: 00EF7165
          • std::make_error_code.LIBCPMTD ref: 00F34211
            • Part of subcall function 00EFC200: std::generic_category.LIBCPMTD ref: 00EFC203
            • Part of subcall function 00EFC200: _Smanip.LIBCPMTD ref: 00EFC210
          • std::ios_base::failure::failure.LIBCPMTD ref: 00F34222
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F34206
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F34230
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F342CD
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F342E3
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw$ExceptionRaiseSmanipstd::generic_categorystd::ios_base::clearstd::ios_base::failure::failurestd::make_error_code
          • String ID: ios_base::badbit set
          • API String ID: 2251910535-3882152299
          • Opcode ID: c535579ea59d9369c9186faa89d7a633e0a7bb82d456df7cc0e2df3a47a9af76
          • Instruction ID: ce809b6d47a5cb012c8d85d1fd17ca4fe4e752d5fc5d8e0074f38fb0e8461574
          • Opcode Fuzzy Hash: c535579ea59d9369c9186faa89d7a633e0a7bb82d456df7cc0e2df3a47a9af76
          • Instruction Fuzzy Hash: F021BE31A40708AFDB14EFA8DD42FAAB3B4FF05710F044659F911A7682DB74B900CB91
          Function 00EF3D40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3D9F
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3DA8
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00EF3DD2
            • Part of subcall function 00EE8560: std::bad_exception::bad_exception.LIBCMTD ref: 00EE858D
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3E0E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_std::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwctypestd::locale::c_str
          • String ID: Eb
          • API String ID: 1422144976-3006133623
          • Opcode ID: e8cd48879c7cd0d9e40f6bfd3718d132793c6aad63d15ba3d044a3feddefb08a
          • Instruction ID: 1cd52f58a83019d9e8ccb335e11dc8adaaaedf8be1a24c972eb7b292ea85cf7a
          • Opcode Fuzzy Hash: e8cd48879c7cd0d9e40f6bfd3718d132793c6aad63d15ba3d044a3feddefb08a
          • Instruction Fuzzy Hash: 5F31F4B0D0420DDFDB14DF98C942BAEBBB0FB48314F208269E525BB390D775AA44CB91
          Function 00F49667 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32 ref: 00F496C1
          • GetFileInformationByHandle.KERNEL32(?,?), ref: 00F496D1
          • GetLastError.KERNEL32 ref: 00F496E5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$FileHandleInformation
          • String ID: GetFileInformationByHandleEx$kernel32.dll
          • API String ID: 514658993-1782754588
          • Opcode ID: f7254dfd6f52b1d536ee68e2735750152c43585ac363f24e6369eeae7ce2cfce
          • Instruction ID: 5ea842f2bb818259ae981a7356bf1743460c08429af10f1fb093cde354e3d266
          • Opcode Fuzzy Hash: f7254dfd6f52b1d536ee68e2735750152c43585ac363f24e6369eeae7ce2cfce
          • Instruction Fuzzy Hash: C9110075B04209AFDB00DF65DD86EAFBFB8BB09B10B514026E905D7250DB74D901ABA1
          Function 00F2C4FD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: ios_base::badbit set
          • API String ID: 0-3882152299
          • Opcode ID: 9e55171ab634a88c0acab01f33ecd8183ed15010f5804e36c2daaf87918ca726
          • Instruction ID: acca9e88e5e29db092fe040bc1250b958dbfaef54e3d2a806934199f7a947033
          • Opcode Fuzzy Hash: 9e55171ab634a88c0acab01f33ecd8183ed15010f5804e36c2daaf87918ca726
          • Instruction Fuzzy Hash: F3F06271A00604AFEB04EB54EC87F6C33A4AB04714F594069F206EB292C775F900DB95
          Function 00F77806 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F777B7,00000000,?,00F77757,00000000,00FC15D0,0000000C,00F778AE,00000000,00000002), ref: 00F77826
          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F77839
          • FreeLibrary.KERNEL32(00000000,?,?,?,00F777B7,00000000,?,00F77757,00000000,00FC15D0,0000000C,00F778AE,00000000,00000002), ref: 00F7785C
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AddressFreeHandleLibraryModuleProc
          • String ID: CorExitProcess$mscoree.dll
          • API String ID: 4061214504-1276376045
          • Opcode ID: ed495ed14ca0050582e055d35dadfccc95d6dbe0936c347c990f57433d5f2a26
          • Instruction ID: 8b08df2c06ef25c894d505b4cfe6f58d1caae5f0501765c84e839b20ef62deea
          • Opcode Fuzzy Hash: ed495ed14ca0050582e055d35dadfccc95d6dbe0936c347c990f57433d5f2a26
          • Instruction Fuzzy Hash: 5BF0A430A1020CBBCB115B91DC09B9EBFB4EF04B11F1040AAB809A6160CF308E40EB92
          Function 00F597A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
          Download Yara Rule
          APIs
          • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 00F597B4
          • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 00F597D8
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F597EB
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F597F9
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
          • String ID: pScheduler
          • API String ID: 3657713681-923244539
          • Opcode ID: 64e65754774db1a5cb40850be23395270841be46cfbadad30a9dfc8ba2b4a01a
          • Instruction ID: 014072389f788be1c6c32c9e50354a7c76a65daea46aee65d389646ca3075f5b
          • Opcode Fuzzy Hash: 64e65754774db1a5cb40850be23395270841be46cfbadad30a9dfc8ba2b4a01a
          • Instruction Fuzzy Hash: 1DF02B35900504E7C718EA10EC52D9EB7649F85B21310452AAD0613142DFB4EA0AE6D1
          Function 00F74652 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8c6537e0b59727bab86850a177ab85699f0e6754ecd6ad60b3c5748a0a1076fb
          • Instruction ID: 6a7dc5804085852cc38b6e8e7afcd12dc7d35ed6c07e8a2b6f01746bb866200b
          • Opcode Fuzzy Hash: 8c6537e0b59727bab86850a177ab85699f0e6754ecd6ad60b3c5748a0a1076fb
          • Instruction Fuzzy Hash: 3171C431E0025ADBDB218F95CC44ABFBBB5EF46360F14822BE45967290D770AD41E7A3
          Function 00F780F2 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free
          • String ID:
          • API String ID: 269201875-0
          • Opcode ID: fb485845ae884c7dd375c52415696604a94f8f9424f6574e58f00b2b0a8f0d37
          • Instruction ID: 8686dffd37985d0f0cd91376f05b133557591abdf24fdcc48a47b3e20237d49a
          • Opcode Fuzzy Hash: fb485845ae884c7dd375c52415696604a94f8f9424f6574e58f00b2b0a8f0d37
          • Instruction Fuzzy Hash: BC41F332E002049FCB10DF78CC85A6DB7F5EF85724F5585AAE919EB251DB70AE02EB41
          Function 00EFDE50 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits
          • String ID:
          • API String ID: 1158913984-0
          • Opcode ID: db92f29e8dc85207a10dcd2f62dcb5b7af1225133f1c30f3f7292ecab69c9db1
          • Instruction ID: 51f4a1d86584f82fd9b0b5599f06603509d921f4882691c4f139495664480bac
          • Opcode Fuzzy Hash: db92f29e8dc85207a10dcd2f62dcb5b7af1225133f1c30f3f7292ecab69c9db1
          • Instruction Fuzzy Hash: 604153B6D0411DABCF04EBA4DC919FE7BB6AF60304F049169E6067B242EF319A45CB91
          Function 00EFDFB0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traits$Char_traits
          • String ID:
          • API String ID: 2319263282-0
          • Opcode ID: 4de5aa97fe6521210d2a6efb3011edd1880264afad6e2766fd29117350dfee28
          • Instruction ID: 487619e6ce8d0b64c72d2bea27ed57ca954f231337b0fca83b8b89c8e48a5d93
          • Opcode Fuzzy Hash: 4de5aa97fe6521210d2a6efb3011edd1880264afad6e2766fd29117350dfee28
          • Instruction Fuzzy Hash: 5D416279D0010CAACF04EBA0D8919FE77B5AF90304F54A16AEA157B352EF31AE04CB91
          Function 00F577C0 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
          Download Yara Rule
          APIs
          • _SpinWait.LIBCONCRT ref: 00F577E5
            • Part of subcall function 00F4D54A: _SpinWait.LIBCONCRT ref: 00F4D562
          • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00F577F9
          • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00F5782B
          • List.LIBCMT ref: 00F578AE
          • List.LIBCMT ref: 00F578BD
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
          • String ID:
          • API String ID: 3281396844-0
          • Opcode ID: ff50538196e31ad48777ca6d9ed29fa0df5b52237d0741d0d4a47883a077467e
          • Instruction ID: 830e09c0f6f3a95dc892c9d02cba6894b1703961092fcc2e9d07633b9452e8fb
          • Opcode Fuzzy Hash: ff50538196e31ad48777ca6d9ed29fa0df5b52237d0741d0d4a47883a077467e
          • Instruction Fuzzy Hash: 8C317772D09715DBCB14EFA4E9416ECBBB1BF0431AB28006ADE0137242CB746908EBA0
          Function 00F0F7B0 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
          Download Yara Rule
          APIs
          • Concurrency::details::VirtualProcessor::IsAvailable.LIBCMTD ref: 00F0F7BC
          • std::_Throw_Cpp_error.LIBCPMT ref: 00F0F7CA
            • Part of subcall function 00F495C6: std::generic_category.LIBCPMTD ref: 00F495D7
            • Part of subcall function 00F495C6: std::system_error::system_error.LIBCPMT ref: 00F495E7
            • Part of subcall function 00F495C6: __CxxThrowException@8.LIBVCRUNTIME ref: 00F495F5
          • std::_Throw_Cpp_error.LIBCPMT ref: 00F0F7F5
          • std::_Throw_Cpp_error.LIBCPMT ref: 00F0F838
          • std::_Throw_Cpp_error.LIBCPMT ref: 00F0F85A
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Cpp_errorThrow_std::_$AvailableConcurrency::details::Exception@8Processor::ThrowVirtualstd::generic_categorystd::system_error::system_error
          • String ID:
          • API String ID: 272441680-0
          • Opcode ID: 324499b0c2d967cbd9662792196b2673cf69da478bc2950ee8c9c10342896fa2
          • Instruction ID: 33f67ee909126f2cc4470e739f4faafd6614c8087f3c6cdd485d7ed3d595560d
          • Opcode Fuzzy Hash: 324499b0c2d967cbd9662792196b2673cf69da478bc2950ee8c9c10342896fa2
          • Instruction Fuzzy Hash: A521CCB5E042096BDB10DBA1DC42BAFBBB45F04300F0440B8E945AB3C2E775DA49E792
          Function 00F838A9 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
          Download Yara Rule
          APIs
          • GetEnvironmentStringsW.KERNEL32 ref: 00F838B2
          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F838D5
            • Part of subcall function 00F7F17C: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F838FB
          • _free.LIBCMT ref: 00F8390E
          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F8391D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
          • String ID:
          • API String ID: 336800556-0
          • Opcode ID: ae33e2555d6e06914673649132cf1a04222e6dd9d052da329e3c824aaa2396ff
          • Instruction ID: 57e122ae600800e94604865d1e6b6ac4a0f7d740a2bab0678583c1f8657f9bea
          • Opcode Fuzzy Hash: ae33e2555d6e06914673649132cf1a04222e6dd9d052da329e3c824aaa2396ff
          • Instruction Fuzzy Hash: 260179739016157B67222B665C8CCBF796EDAC6FA03154129F904D2121DBA4CE01A7B0
          Function 00F7B0D9 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(?,?,?,00F6C967,00F8174C,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F,?,00000000), ref: 00F7B0DE
          • _free.LIBCMT ref: 00F7B113
          • _free.LIBCMT ref: 00F7B13A
          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F7B147
          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F7B150
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorLast$_free
          • String ID:
          • API String ID: 3170660625-0
          • Opcode ID: b70fed6d9896f701d63a63e71f3ed51a15546f51b381da313e43a1e163798fb1
          • Instruction ID: 09330802c2957364b40f341d80bcef5417584f37b5a92d3e164ee4cd99e32509
          • Opcode Fuzzy Hash: b70fed6d9896f701d63a63e71f3ed51a15546f51b381da313e43a1e163798fb1
          • Instruction Fuzzy Hash: 33012D33600A052783132B346D5AF6B3669DFC3B70761C02BF41D922A2EFBC880171A3
          Function 00F073E0 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
          Download Yara Rule
          APIs
          • std::_Auto_cnd::_Auto_cnd.LIBCPMTD ref: 00F0741F
          • std::_Auto_cnd::_Auto_cnd.LIBCPMTD ref: 00F07438
          • std::_Cnd_initX.LIBCPMTD ref: 00F07444
            • Part of subcall function 00EF5240: __Mtx_unlock.LIBCPMT ref: 00EF5247
            • Part of subcall function 00EF5240: std::_Check_C_return.LIBCPMTD ref: 00EF5250
          • std::_Auto_cnd::~_Auto_cnd.LIBCPMTD ref: 00F0744F
          • std::_Auto_cnd::~_Auto_cnd.LIBCPMTD ref: 00F07457
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: std::_$Auto_cnd$Auto_cnd::_Auto_cnd::~_$C_returnCheck_Cnd_initMtx_unlock
          • String ID:
          • API String ID: 2679331167-0
          • Opcode ID: da6bc5393b7a8227182e5e10b19d344df984cccda52226d9cccef8f1adebaa5c
          • Instruction ID: 0ae51b91ecc1c567f6b83a7ecd45e0e34d0fb8284f3870cb2b04a9d7c8486477
          • Opcode Fuzzy Hash: da6bc5393b7a8227182e5e10b19d344df984cccda52226d9cccef8f1adebaa5c
          • Instruction Fuzzy Hash: 6D113C759101089BCB04EB94CD92EEEF7B4FB08700F404669E916A72D1DF35AE04DB90
          Function 00F1166B Relevance: 7.5, APIs: 5, Instructions: 46COMMON
          Download Yara Rule
          APIs
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1168E
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1169A
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116A6
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116D0
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116EB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Container_base12Container_base12::~_std::_
          • String ID:
          • API String ID: 1531518832-0
          • Opcode ID: ad1f7342b2850b9cb8fa2a928d15d1cbb5815063f3f0441e4b2539a2e9d06cea
          • Instruction ID: 10690b5b6097d4ca72a813b37ef184362fcc904060d576fb20cda303561052c9
          • Opcode Fuzzy Hash: ad1f7342b2850b9cb8fa2a928d15d1cbb5815063f3f0441e4b2539a2e9d06cea
          • Instruction Fuzzy Hash: 9511073080928DDADB15EBA4D9557EEBBB0AF21304F6040E8D0466B1D3DB742F49EB92
          Function 00F11676 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
          Download Yara Rule
          APIs
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1168E
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F1169A
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116A6
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116D0
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00F116EB
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Container_base12Container_base12::~_std::_
          • String ID:
          • API String ID: 1531518832-0
          • Opcode ID: 41da91c4660b14c1a410623407a4f698f632bcff28e1037c7e192f103a49e27f
          • Instruction ID: f07c51915254d581eae5eb46585594c78a0ef2e676ccd4dfa20c99796f5f4f6a
          • Opcode Fuzzy Hash: 41da91c4660b14c1a410623407a4f698f632bcff28e1037c7e192f103a49e27f
          • Instruction Fuzzy Hash: 4D11073080928DDADB15EBA4D9557EEBBB0AF21304F6040E8D0466B1D3DB742F49EB92
          Function 00F54126 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F4EE2A: TlsGetValue.KERNEL32(?,?,00F4D175,00F4F362,00000000,?,00F4D153,?,?,?,00000000,?,00000000), ref: 00F4EE30
          • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00F54150
            • Part of subcall function 00F5DAA6: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00F5DACD
            • Part of subcall function 00F5DAA6: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00F5DAE6
            • Part of subcall function 00F5DAA6: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00F5DB5C
            • Part of subcall function 00F5DAA6: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00F5DB64
          • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00F5415E
          • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00F54168
          • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00F54172
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F54190
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
          • String ID:
          • API String ID: 4266703842-0
          • Opcode ID: 2d0845a556e57eafd22006f6889eef68e5fe1edb2fb4e24621f57dd387a6f6d1
          • Instruction ID: 95db660e19ff1405b224599efd6537112052559af3d083290fbc02b2ee6bd904
          • Opcode Fuzzy Hash: 2d0845a556e57eafd22006f6889eef68e5fe1edb2fb4e24621f57dd387a6f6d1
          • Instruction Fuzzy Hash: 0DF08131A00918A7CB15B7359C12D5EB7799FD1B21B000129FE0043256DF6CAE4EBBC1
          Function 00F8474C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • _free.LIBCMT ref: 00F84764
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F84776
          • _free.LIBCMT ref: 00F84788
          • _free.LIBCMT ref: 00F8479A
          • _free.LIBCMT ref: 00F847AC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorFreeHeapLast
          • String ID:
          • API String ID: 776569668-0
          • Opcode ID: 4badd1bd577e3567cf65b702eded6c771cc4119ce1f0c011713f0eef2780c23a
          • Instruction ID: 1f8bfa6964941f2a0f3a77a8d790e343782c2cb66b4391c1cfa138550f548f02
          • Opcode Fuzzy Hash: 4badd1bd577e3567cf65b702eded6c771cc4119ce1f0c011713f0eef2780c23a
          • Instruction Fuzzy Hash: 0AF096329022546BCA20FB64FDC7D9E77DDEA02764394880AF069D7521C734FC80B765
          Function 00F493C0 Relevance: 7.5, APIs: 5, Instructions: 39timeCOMMON
          Download Yara Rule
          APIs
          • __EH_prolog3.LIBCMT ref: 00F4D6E4
          • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 00F4D704
            • Part of subcall function 00F4CF5C: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00F4CF7E
            • Part of subcall function 00F4CF5C: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00F4CF9F
          • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00F4D717
          • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00F4D723
          • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00F4D72C
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefH_prolog3LibraryLoadRegisterSchedulerSwitch_to_active
          • String ID:
          • API String ID: 1236927926-0
          • Opcode ID: bd171ffaa4332ddf3c78c00a8ad48515f6a1a9c169d865524123661f2a6ae990
          • Instruction ID: 084cc5dbc05c0d9a8aa19ef355a6ba8e566e4cce1a1a79823a85cefdff910870
          • Opcode Fuzzy Hash: bd171ffaa4332ddf3c78c00a8ad48515f6a1a9c169d865524123661f2a6ae990
          • Instruction Fuzzy Hash: D7F0E97160130567DF547EB44C82ABD3ED65F843A0B184139FD129B3C2DE798E0172E4
          Function 00F78370 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
          Download Yara Rule
          APIs
          • _free.LIBCMT ref: 00F7838E
            • Part of subcall function 00F7B207: HeapFree.KERNEL32(00000000,00000000,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?), ref: 00F7B21D
            • Part of subcall function 00F7B207: GetLastError.KERNEL32(?,?,00F84A0A,?,00000000,?,00000000,?,00F84CAE,?,00000007,?,?,00F850A9,?,?), ref: 00F7B22F
          • _free.LIBCMT ref: 00F783A0
          • _free.LIBCMT ref: 00F783B3
          • _free.LIBCMT ref: 00F783C4
          • _free.LIBCMT ref: 00F783D5
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free$ErrorFreeHeapLast
          • String ID:
          • API String ID: 776569668-0
          • Opcode ID: 04926541f0e0fd7c15ed067b4c9a507c4947efad2183c9d349b635cd8e57c52b
          • Instruction ID: 8eeadfd5dd0a5520433ce00baf70b18367f834292286d162d7260a6b7487ad69
          • Opcode Fuzzy Hash: 04926541f0e0fd7c15ed067b4c9a507c4947efad2183c9d349b635cd8e57c52b
          • Instruction Fuzzy Hash: B2F0D0759012189BC6527F64EE43DA83B60E706764701850BF46857372C7350955FFC2
          Function 00F59642 Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
          Download Yara Rule
          APIs
          • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 00F5964C
            • Part of subcall function 00F4FD8D: __EH_prolog3.LIBCMT ref: 00F4FD94
          • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 00F5967D
          • GetCurrentThread.KERNEL32 ref: 00F59686
          • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 00F59699
          • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 00F596A2
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedH_prolog3LevelManager::Thread
          • String ID:
          • API String ID: 1830408045-0
          • Opcode ID: 1dd99b0574e88d8c80bc2756a718e676eae4d9df325b6e78eb4b60bb091460b4
          • Instruction ID: 427ad593396de453fb984e8fc87a51f1da0caaeb601365e360b6d0744a558e49
          • Opcode Fuzzy Hash: 1dd99b0574e88d8c80bc2756a718e676eae4d9df325b6e78eb4b60bb091460b4
          • Instruction Fuzzy Hash: 07F082322005009B8629EF20ED2087A77B6AFD4711358061DEE4746651CF25A81EFB22
          Function 00F76EF2 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __freea
          • String ID: a/p$am/pm
          • API String ID: 240046367-3206640213
          • Opcode ID: ece473d7aaf03b8729bbf0378a833955b6f34956eebbddc500e61ca60c74b907
          • Instruction ID: 340da8f84f692d58de39d336d95fac114ed91c189e7e8572e38afee44e31a086
          • Opcode Fuzzy Hash: ece473d7aaf03b8729bbf0378a833955b6f34956eebbddc500e61ca60c74b907
          • Instruction Fuzzy Hash: 0BD1F332D283069ACB24AF68C855BBAB7B1FF05320F24C15BE94D9B251D3759D40FB92
          Function 00F3C390 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 305COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F3C577
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: 0$0$RoundUpToMultipleOf: integer overflow
          • API String ID: 2005118841-3133548746
          • Opcode ID: c300a378371e566c803b1f1edde408ccbf87238fe848b1779fd7946bd1409294
          • Instruction ID: ab15d871f64365b7e7fd2423a9c123adf1f558fbbf61c0c50d77c050b2555f03
          • Opcode Fuzzy Hash: c300a378371e566c803b1f1edde408ccbf87238fe848b1779fd7946bd1409294
          • Instruction Fuzzy Hash: D4C1AF71E002089FDB24DFA8CC95FEEBBB4EF14710F10416DE51AA7282DB74A949CB91
          Function 00F151C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 169COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __cftoe$Exception@8Throw
          • String ID: StringNarrow: wcstombs_s() call failed with error
          • API String ID: 3925382403-1818402112
          • Opcode ID: 6b1cd3e4219be012a1468eb6f2a4db9462d8f36371c236f6334a5df60573cc98
          • Instruction ID: bb2999f3587fa915340b12490a1d383a2a986ee8e2c1e76fd21e32a47a2e2582
          • Opcode Fuzzy Hash: 6b1cd3e4219be012a1468eb6f2a4db9462d8f36371c236f6334a5df60573cc98
          • Instruction Fuzzy Hash: 6A519971D00249DBDF20DFA4C845BEEBBB8BB44710F54415AE501B7282DBB4AA88DBA1
          Function 00F82BD8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
          Download Yara Rule
          APIs
          • _strpbrk.LIBCMT ref: 00F82C27
          • _free.LIBCMT ref: 00F82D44
            • Part of subcall function 00F6C8A6: IsProcessorFeaturePresent.KERNEL32(00000017,00F6C878,00000000,?,00000004,00000000,?,?,?,?,00F6C885,00000000,00000000,00000000,00000000,00000000), ref: 00F6C8A8
            • Part of subcall function 00F6C8A6: GetCurrentProcess.KERNEL32(C0000417), ref: 00F6C8CA
            • Part of subcall function 00F6C8A6: TerminateProcess.KERNEL32(00000000), ref: 00F6C8D1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
          • String ID: *?$.
          • API String ID: 2812119850-3972193922
          • Opcode ID: b8a42de4a16cc4a74f3b77593d76e3490dbc9165ca0609ffc063dc11bd4b6620
          • Instruction ID: 9483447c012a64f244e2e859a2ad6afc9d86b6c6b89e288f4c744c07376dd735
          • Opcode Fuzzy Hash: b8a42de4a16cc4a74f3b77593d76e3490dbc9165ca0609ffc063dc11bd4b6620
          • Instruction Fuzzy Hash: A6517372E001099FDF14EFA8CC81AFDBBB5FF59320F24416AE854E7351E675AA01AB50
          Function 00F14D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 160COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F14E94
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
          • API String ID: 2005118841-1139078987
          • Opcode ID: ba7d80627e278f52b422df8df86e6058c73d99043ac71819046abff2942f0746
          • Instruction ID: a26c837a8b7510e36ed1bb06bd78045cbd26a608a5fd95fd453f7b0c3ec8524c
          • Opcode Fuzzy Hash: ba7d80627e278f52b422df8df86e6058c73d99043ac71819046abff2942f0746
          • Instruction Fuzzy Hash: 3951BF72D00258AFDB10DF95CC45FDEBBB8FB49710F0041AAF908A7381DA749A049BA1
          Function 00F11EA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F11F3D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F11F6B
          Strings
          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 00F11F42
          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 00F11F14
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
          • API String ID: 2005118841-3345525433
          • Opcode ID: 81b665c4e793fa9654d0776a753073f8f72f284352a5364b8d2f895eaebb3739
          • Instruction ID: fe80ad1759eb178441997270bd934aa187b68fd9c3feb151a2193d503075ebb6
          • Opcode Fuzzy Hash: 81b665c4e793fa9654d0776a753073f8f72f284352a5364b8d2f895eaebb3739
          • Instruction Fuzzy Hash: F7417371900249ABDB10DFA5CC42BDAB7F8FF05720F04462AE811A3641EB74AA44DBA0
          Function 00F14980 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F14A6D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
          • API String ID: 2005118841-1139078987
          • Opcode ID: 645380d256355e3a9231c52a60ca2e36605361a7e8020071a654e969e1b43a43
          • Instruction ID: df782bb63ec71529285b6a577eecf4db3c7c42d296743de7d24da679934f8b2c
          • Opcode Fuzzy Hash: 645380d256355e3a9231c52a60ca2e36605361a7e8020071a654e969e1b43a43
          • Instruction Fuzzy Hash: B2319275A04258ABDB10EBA4CC45FCEBBFCEF49710F14416AF505E7282DB74AA0497A1
          Function 00F17680 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1772F
          Strings
          • FilterWithBufferedInput: invalid buffer size, xrefs: 00F17706
          • TruncatedDigestSize, xrefs: 00F17779
          • PutMessage, xrefs: 00F17756
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: FilterWithBufferedInput: invalid buffer size$PutMessage$TruncatedDigestSize
          • API String ID: 2005118841-3547780871
          • Opcode ID: 587e5daf4a2db7f3ad2a4db478a72b5f399199acec4f88a62b0b135dc870d00d
          • Instruction ID: 6c478bb331656f318dbf6887660ce34efbce877af2b3aec08ce29f098cd57f55
          • Opcode Fuzzy Hash: 587e5daf4a2db7f3ad2a4db478a72b5f399199acec4f88a62b0b135dc870d00d
          • Instruction Fuzzy Hash: 3D31AF71604249AFCB14DF59C895EDABBF8FF49760F10462AF41997680DB30E909CBA1
          Function 00EF2850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Min_valueallocatorconstruct
          • String ID: ~
          • API String ID: 3465976222-2493274609
          • Opcode ID: f4327397545a749a16d1aa053947306b274f9e35d6ad00eb5f4b087a49b6a937
          • Instruction ID: 6cd86469443c7e2e7795c50e9e6f6d20287bd90ddbf217dc555d2d24d4b2b7e7
          • Opcode Fuzzy Hash: f4327397545a749a16d1aa053947306b274f9e35d6ad00eb5f4b087a49b6a937
          • Instruction Fuzzy Hash: 1931B9B5D0020D9FCB44DFA9D8929EEB7F5BF48300F109569E516B7352DB31AA00CBA5
          Function 00F6B17C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49threadCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • IsProcessorFeaturePresent.KERNEL32(00000017,00F7B0D8,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?,?), ref: 00F7583C
          • GetLastError.KERNEL32(00FC1570,00000010,00000003,00F7B0D8,?,?,?,string too long,?,00EE4385,?,?,?,00EF6AED,ij,?), ref: 00F75883
          • ExitThread.KERNEL32 ref: 00F7588A
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorExitFeatureLastPresentProcessorThread
          • String ID: w}
          • API String ID: 3213686812-1622563160
          • Opcode ID: 58ecc19e1be2d538ee0b3f730f620a9790c74aba111ff4eea8eb3c992635e3b9
          • Instruction ID: e170883e6955c946a6d271dc4fc37aeb931ed8591acbb5c218d7a5820d04e0ec
          • Opcode Fuzzy Hash: 58ecc19e1be2d538ee0b3f730f620a9790c74aba111ff4eea8eb3c992635e3b9
          • Instruction Fuzzy Hash: 8AF0A760A8070A77FA2237B05C1FBA936492F51F61F58441ABE4DAE0D3DFD8C541B2A3
          Function 00F52500 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
          Download Yara Rule
          APIs
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F52530
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F5253E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
          • String ID: pScheduler$version
          • API String ID: 1687795959-3154422776
          • Opcode ID: 8726f724bc2f8ed7d5aa121a57b11c19c151726bafef111729f90ff15eb2ae78
          • Instruction ID: bb3eda99b01e3a4fdb7ead90092e6566680244f4ee58586f021aae6188b79810
          • Opcode Fuzzy Hash: 8726f724bc2f8ed7d5aa121a57b11c19c151726bafef111729f90ff15eb2ae78
          • Instruction Fuzzy Hash: 91E04F60D00208B6CB55FA90DC1AFCD3BA49B12745F4482217D01110D2D7B8D7CDEA82
          Function 00F60F40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
          Download Yara Rule
          APIs
          • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 00F60F72
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F60F84
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F60F92
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
          • String ID: pScheduler
          • API String ID: 1381464787-923244539
          • Opcode ID: 301e934ae8e83b6567851e8ce0ffb1529968395dc69d2a758a0acb6b59dd8bf4
          • Instruction ID: 2f6b2ef137359b18dd1436134b0bf9fa22150aa5fcae45bf76d8c0ea09db9102
          • Opcode Fuzzy Hash: 301e934ae8e83b6567851e8ce0ffb1529968395dc69d2a758a0acb6b59dd8bf4
          • Instruction Fuzzy Hash: 06F0A731A00204ABC728FB54DC52D9F77789F45700750452DB80257592DF68EA46F786
          Function 00F5AFE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28threadCOMMON
          Download Yara Rule
          APIs
          • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 00F5B002
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F5B015
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F5B023
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
          • String ID: pContext
          • API String ID: 1990795212-2046700901
          • Opcode ID: d953c4341e09b32a07b3b22861411619b17f4d29f54da76f23142a6dee5575c7
          • Instruction ID: 9dc0412a25407b86ddc6a391c033754bd235f35b27faaf8dbae7d27e707ac4be
          • Opcode Fuzzy Hash: d953c4341e09b32a07b3b22861411619b17f4d29f54da76f23142a6dee5575c7
          • Instruction Fuzzy Hash: 2FE09B35F0010867CA04F765DC15D5E7BA95FC5B107044155ED1193241DFB4EA059AD1
          Function 00F7F2DA Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: __alldvrm$_strrchr
          • String ID:
          • API String ID: 1036877536-0
          • Opcode ID: 4ca78e11cf294b3b2d14d721adefea74b05be274ade9bb73dfcb4a664288b0c4
          • Instruction ID: c11b8265fde756a82e23802b56078db66af10862c8430d1d256a4b8f8ebe55be
          • Opcode Fuzzy Hash: 4ca78e11cf294b3b2d14d721adefea74b05be274ade9bb73dfcb4a664288b0c4
          • Instruction Fuzzy Hash: 67A15C72D043869FDB11CF58C8817AEBBE5EF55320F18817FD5899B281C2388945E752
          Function 00F8A6D8 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: _free
          • String ID:
          • API String ID: 269201875-0
          • Opcode ID: 55271c1468cb6ac7e88ac1bb57005905656487907342bac1147e0bba1e92e6aa
          • Instruction ID: dad0e778565dabf9c9904f70be26d050c0f0098a1e3e256881f6e37cb09a3773
          • Opcode Fuzzy Hash: 55271c1468cb6ac7e88ac1bb57005905656487907342bac1147e0bba1e92e6aa
          • Instruction Fuzzy Hash: 9441E531E005006AFB217B798C86BFE3AB5EF45B70F148167F498D6291EB784941B3A3
          Function 00F7FF9D Relevance: 6.1, APIs: 4, Instructions: 133COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ffcffd4628487df0536086eb531177fe6a5b6c73d78b86c3f0773d5b32c9e09f
          • Instruction ID: f0801e2e6e8ca73049cc8a444125c9ad8d64382508946e39971dd987bd8c2b68
          • Opcode Fuzzy Hash: ffcffd4628487df0536086eb531177fe6a5b6c73d78b86c3f0773d5b32c9e09f
          • Instruction Fuzzy Hash: 8E414072A00704AFD724BF78CC01BEA7BE8EB49720F10862AF155DB3C1DB759904A780
          Function 00F812AD Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • MultiByteToWideChar.KERNEL32(00000000,00000000,0000007F,00FA62D8,00000000,00000000,8B56FF8B,00F787AF,?,00000000,00000001,00FA62D8,0000007F,?,8B56FF8B,00000001), ref: 00F812FA
          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F81383
          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00F81395
          • __freea.LIBCMT ref: 00F8139E
            • Part of subcall function 00F7F17C: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F8172E,?,00000000,?,00F83CCB,?,00000004,00000000,?,?,?,00F7817F), ref: 00F7F1AE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
          • String ID:
          • API String ID: 2652629310-0
          • Opcode ID: bf0a2d7f9f4a6cb4dc5262e466b9506bdf2da7d93106f8224da9b62726137473
          • Instruction ID: 0a4ad71cb2f7bb085bc04567f73b00b06706abbb58f7f0b5eee6a4b79895e664
          • Opcode Fuzzy Hash: bf0a2d7f9f4a6cb4dc5262e466b9506bdf2da7d93106f8224da9b62726137473
          • Instruction Fuzzy Hash: BF31B232A0020AABDF259F65CC86EEE7BA9FB00710F044229FC04D7151E735CD55EB90
          Function 00EFEF30 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7fec547b8266444ee1ee5e9e1ea84f777429c2c3ab41cb3b2ed813755835111f
          • Instruction ID: be2cc1b7b5d63d1b7c47463717d09b27e3515f5a8d2e4d9e39266320e2c84fbe
          • Opcode Fuzzy Hash: 7fec547b8266444ee1ee5e9e1ea84f777429c2c3ab41cb3b2ed813755835111f
          • Instruction Fuzzy Hash: 3D31B8B5E0010CEFCB08DF94D9919AEB7F6BF88304B2055A9E505BB352DB31AE41DB91
          Function 00F602C0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
          Download Yara Rule
          APIs
          • SetEvent.KERNEL32(?,00000000), ref: 00F6030A
          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00F602F2
            • Part of subcall function 00F5806C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00F5808D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F6033B
          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00F60373
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
          • String ID:
          • API String ID: 2630251706-0
          • Opcode ID: 2d3dcd6fadd25722fca88f68766253a761bc7c65f793b7286f8cd119bcc1f2e7
          • Instruction ID: 789065cc803db52a39f7600a843ae72ecfa8793589747e2701066ecd0375e8bf
          • Opcode Fuzzy Hash: 2d3dcd6fadd25722fca88f68766253a761bc7c65f793b7286f8cd119bcc1f2e7
          • Instruction Fuzzy Hash: 5C112B35700204ABCF10AB65DC86E6E7B68EF48771B1000A5FE069B3D2CFB4DD05EA90
          Function 00EFD438 Relevance: 6.1, APIs: 4, Instructions: 80fileCOMMON
          Download Yara Rule
          APIs
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EFD451
          • FindNextFileW.KERNEL32(000000FF,?), ref: 00EFD511
          • FindClose.KERNEL32(000000FF), ref: 00EFD526
          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00EFD569
            • Part of subcall function 00EFCE60: FindFirstFileW.KERNEL32(00000000,?), ref: 00EFCEEC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$File$Affinity::operator!=CloseConcurrency::details::Container_base12Container_base12::~_FirstHardwareNextstd::_
          • String ID:
          • API String ID: 339435691-0
          • Opcode ID: 084d305f13d0ec58eeb5f2988f4ce7903eb1d8373eb3e6264ed45af8f63a3d45
          • Instruction ID: cb6a039407f560b5049044cd7974ed72697835412d60f15deb308a4319f0b986
          • Opcode Fuzzy Hash: 084d305f13d0ec58eeb5f2988f4ce7903eb1d8373eb3e6264ed45af8f63a3d45
          • Instruction Fuzzy Hash: F1316D71C0424DDBCB15EBA4CD46AFEBBB9AF54304F5090D9A219B7192EB301B48DF91
          Function 00F4A508 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Xtime_diff_to_millis2_xtime_get
          • String ID:
          • API String ID: 531285432-0
          • Opcode ID: fa5f165dccfe631c77a85a3bb37341925897d766f65fad93444da150e09a7c73
          • Instruction ID: ab04de48e2842f13a28e3a857d13da89f54b4ce81b07a2a60aef8c9b1ca294a9
          • Opcode Fuzzy Hash: fa5f165dccfe631c77a85a3bb37341925897d766f65fad93444da150e09a7c73
          • Instruction Fuzzy Hash: 13214A75E0011D9FDF00EFA8DD829BEBBB8AF08714F044059FD01A7261DB74AD02ABA1
          Function 00EFD443 Relevance: 6.1, APIs: 4, Instructions: 79fileCOMMON
          Download Yara Rule
          APIs
          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00EFD451
          • FindNextFileW.KERNEL32(000000FF,?), ref: 00EFD511
          • FindClose.KERNEL32(000000FF), ref: 00EFD526
          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00EFD569
            • Part of subcall function 00EFCE60: FindFirstFileW.KERNEL32(00000000,?), ref: 00EFCEEC
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Find$File$Affinity::operator!=CloseConcurrency::details::Container_base12Container_base12::~_FirstHardwareNextstd::_
          • String ID:
          • API String ID: 339435691-0
          • Opcode ID: e32d03f86cba9cb6da8424e65d93f539a07975625ca1743d8baa0d0ef78341d3
          • Instruction ID: 5453008b428b6d021e899e17a013300d66e6402c9826e0fc7832eedd0a2f6872
          • Opcode Fuzzy Hash: e32d03f86cba9cb6da8424e65d93f539a07975625ca1743d8baa0d0ef78341d3
          • Instruction Fuzzy Hash: 62317C71C0424DDBCB15EBA4CD46AFEBBB9AF54304F5090D9A219B7192EB301B48DF91
          Function 00F0B470 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00F0B4D9
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00F0B4E2
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • numpunct.LIBCPMTD ref: 00F0B50E
            • Part of subcall function 00F05E20: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00F05E4D
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00F0B54A
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_Topology$Concurrency::details::Core::Exception@8GlobalLocinfo::~_Locinfo_ctorLockitLockit::_ObjectObject::Thrownumpunctstd::bad_exception::bad_exceptionstd::locale::c_str
          • String ID:
          • API String ID: 2130324186-0
          • Opcode ID: a1e4f3daf7f912b8a40f29c2931646050ceeeaff80aec4113614c10424925605
          • Instruction ID: 6d19e48bbf63f6406bedf0b4abd0e7b769edf2374f4de6e410bb6c81c4845b9e
          • Opcode Fuzzy Hash: a1e4f3daf7f912b8a40f29c2931646050ceeeaff80aec4113614c10424925605
          • Instruction Fuzzy Hash: CD3118B0D00209DBDB04DF98C842BEEBBB1FB48714F248269E4157B3D4D7756A04DB91
          Function 00EF3F20 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3F89
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3F92
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • numpunct.LIBCPMTD ref: 00EF3FBE
            • Part of subcall function 00EE8770: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00EE879D
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3FFA
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_Topology$Concurrency::details::Core::Exception@8GlobalLocinfo::~_Locinfo_ctorLockitLockit::_ObjectObject::Thrownumpunctstd::bad_exception::bad_exceptionstd::locale::c_str
          • String ID:
          • API String ID: 2130324186-0
          • Opcode ID: 55916ccba2ede033d3664a567f802eff4348aecba69bc66a1470f917a13a1244
          • Instruction ID: a18a2fa633ef4733f1760bd833c701f8a47b5e24254bc02c2707247e6696a450
          • Opcode Fuzzy Hash: 55916ccba2ede033d3664a567f802eff4348aecba69bc66a1470f917a13a1244
          • Instruction Fuzzy Hash: 1931E871E0420DDBDB04DFA4C942BEEBBB1FB44714F204269E5257B390DB755A44CB91
          Function 00F0B380 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00F0B3DF
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00F0B3E8
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00F0B412
            • Part of subcall function 00F05DB0: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00F05DDD
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00F0B44E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_Topology$Concurrency::details::Core::Exception@8GlobalLocinfo::~_Locinfo_ctorLockitLockit::_ObjectObject::Throwctypestd::bad_exception::bad_exceptionstd::locale::c_str
          • String ID:
          • API String ID: 1157453502-0
          • Opcode ID: e003fbb200a9e6d59ba3e5b5fc160c5de64ee07b4b3684d3a9060f3f8ddb78d3
          • Instruction ID: 03275b63a0874344d8eba3929f8905c9d281de56b2d33578a3cc75a0fcd59334
          • Opcode Fuzzy Hash: e003fbb200a9e6d59ba3e5b5fc160c5de64ee07b4b3684d3a9060f3f8ddb78d3
          • Instruction Fuzzy Hash: 1831F2B0D04209DBDB04CF98D845BAEBBB0FB48320F208269E425AB391D7756A04DB95
          Function 00EF3A70 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3ACF
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3AD8
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00EF3B02
            • Part of subcall function 00EE8410: std::bad_exception::bad_exception.LIBCMTD ref: 00EE843D
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3B3E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_std::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwctypestd::locale::c_str
          • String ID:
          • API String ID: 1422144976-0
          • Opcode ID: 81ceccfb8ef556c547d1be68d01ba1bbad5ea6dc966851e733e3ac509a8b6ea1
          • Instruction ID: d6aa681b135508c782c268a894a8dd3e2274225d651ba97c4a697df80afaaa81
          • Opcode Fuzzy Hash: 81ceccfb8ef556c547d1be68d01ba1bbad5ea6dc966851e733e3ac509a8b6ea1
          • Instruction Fuzzy Hash: D931F5B0D0420DDBDB14DF98C955BEEBBB0FB48314F208269E4297B390D7756A04CB91
          Function 00EF3B60 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3BBF
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3BC8
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00EF3BF2
            • Part of subcall function 00EE8480: std::bad_exception::bad_exception.LIBCMTD ref: 00EE84AD
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3C2E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_std::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwctypestd::locale::c_str
          • String ID:
          • API String ID: 1422144976-0
          • Opcode ID: 26e0b6c6a17ab5482757356a7c651c53e6ef0014fd1add214509c1a87f338543
          • Instruction ID: 2607ecf543798a8546228f797c2374c3d60e4b6f33afd0a96ba8a578a944912f
          • Opcode Fuzzy Hash: 26e0b6c6a17ab5482757356a7c651c53e6ef0014fd1add214509c1a87f338543
          • Instruction Fuzzy Hash: 3C31F6B1D0424DDBDB04CF98D945BEEBBB0FB48314F208269E5257B390D7756A40CB91
          Function 00EF3C50 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • std::locale::c_str.LIBCPMTD ref: 00EF3CAF
          • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00EF3CB8
            • Part of subcall function 00EEA270: std::_Lockit::_Lockit.LIBCPMT ref: 00EEA2A3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2B5
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2C4
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2D3
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2E2
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA2F1
            • Part of subcall function 00EEA270: _Yarn.LIBCPMTD ref: 00EEA300
            • Part of subcall function 00EEA270: std::bad_exception::bad_exception.LIBCMTD ref: 00EEA317
            • Part of subcall function 00EEA270: __CxxThrowException@8.LIBVCRUNTIME ref: 00EEA325
            • Part of subcall function 00EEA270: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EEA332
          • ctype.LIBCPMTD ref: 00EF3CE2
            • Part of subcall function 00EE84F0: std::bad_exception::bad_exception.LIBCMTD ref: 00EE851D
            • Part of subcall function 00EE84F0: ctype.LIBCPMTD ref: 00EE8539
          • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00EF3D1E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Yarn$std::_$LocinfoLocinfo::_ctypestd::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwstd::locale::c_str
          • String ID:
          • API String ID: 1516229762-0
          • Opcode ID: 14dd076b6bc1ca5d8e359dbf6ebff4aac34f250100c736c43c2c0ced6b0effe7
          • Instruction ID: 487b4b7402cae20e25c71db7de0c9cbbf6f3a6a7ae840fc48651b0a90036e18f
          • Opcode Fuzzy Hash: 14dd076b6bc1ca5d8e359dbf6ebff4aac34f250100c736c43c2c0ced6b0effe7
          • Instruction Fuzzy Hash: 2531F5B0D0420DDBDB14CF98D942BEEBBB0FB48314F208269E9257B390D775AA44CB91
          Function 00EFEB50 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: fpos
          • String ID:
          • API String ID: 1083263101-0
          • Opcode ID: 2940f14d879cae719aad962084223604116b83c4b1bcb981bee6cb6489dae3e4
          • Instruction ID: c52c1e6efffcf35f2cba71abe9f4b38153c042a6a09160e9e046794c88082c87
          • Opcode Fuzzy Hash: 2940f14d879cae719aad962084223604116b83c4b1bcb981bee6cb6489dae3e4
          • Instruction Fuzzy Hash: 1E21ED75A1010D9FCB18DF99D891DBEB7B5BF48310F508659EA166B3A1EB30A900CB90
          Function 00EFEC10 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: fpos
          • String ID:
          • API String ID: 1083263101-0
          • Opcode ID: 014eca1b517fdd09a2c35a507b61ead8ad0c116645a131cf4b5e2b16a66a6c0f
          • Instruction ID: 107730c83ca52eff0f17e434e7988122277d19c8e13858539cb21a8313e86578
          • Opcode Fuzzy Hash: 014eca1b517fdd09a2c35a507b61ead8ad0c116645a131cf4b5e2b16a66a6c0f
          • Instruction Fuzzy Hash: 4B21FF75A1010DAFCB14DF99D891DFEB7B5BF48310F108659FA196B3A1EB31A900CB90
          Function 00F77D82 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a81ac45cd1b64f169521f26da034f0fd29de495c90cef56b7de6384695798fd2
          • Instruction ID: add2ea0ba17b53442f1b9882e996d113f3c2bc6c327a3d38f073fe710346ee49
          • Opcode Fuzzy Hash: a81ac45cd1b64f169521f26da034f0fd29de495c90cef56b7de6384695798fd2
          • Instruction Fuzzy Hash: 8901D4B26193167EE62136786CC1F3B360CDF81774B208327F039511D5EB648C006162
          Function 00F4FC22 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00F4FC3B
            • Part of subcall function 00F4EF9D: ___crtGetTimeFormatEx.LIBCMT ref: 00F4EFB3
            • Part of subcall function 00F4EF9D: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00F4EFD2
          • GetLastError.KERNEL32 ref: 00F4FC57
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4FC6D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4FC7B
            • Part of subcall function 00F4ED72: SetThreadPriority.KERNEL32(?,?), ref: 00F4ED7E
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
          • String ID:
          • API String ID: 1674182817-0
          • Opcode ID: b1c95dae58cf92c515ba1a8b9cc8d88947404cc759d0a757a274e5d790d0a3e5
          • Instruction ID: cfdec35421ec2819d2761411f7d4343783d0f68a4742768b52149823f01feaf5
          • Opcode Fuzzy Hash: b1c95dae58cf92c515ba1a8b9cc8d88947404cc759d0a757a274e5d790d0a3e5
          • Instruction Fuzzy Hash: 09F0A7B1D403297AE720B7755D07FBB3E9CAB01750F50082ABD45E6082EDA9E40462B5
          Function 00F6B479 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • ___BuildCatchObject.LIBVCRUNTIME ref: 00F6B493
            • Part of subcall function 00F6B3E0: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00F6B40F
            • Part of subcall function 00F6B3E0: ___AdjustPointer.LIBCMT ref: 00F6B42A
          • _UnwindNestedFrames.LIBCMT ref: 00F6B4A8
          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00F6B4B9
          • CallCatchBlock.LIBVCRUNTIME ref: 00F6B4E1
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
          • String ID:
          • API String ID: 737400349-0
          • Opcode ID: d58634da3e734018c52a7c6b7b39953d9d403735a9096aa41e010e61aa0dc9b3
          • Instruction ID: dfa4db1214dfa9368c58382234be6ea0bb18bc627876441ffc711610e8f7e3ea
          • Opcode Fuzzy Hash: d58634da3e734018c52a7c6b7b39953d9d403735a9096aa41e010e61aa0dc9b3
          • Instruction Fuzzy Hash: D3014032500109BBCF119E95CC42DEF3B7DEF88754F044004FE0896122DB36E9A1EBA0
          Function 00F7CA68 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00F7CA0F,00000000,00000000,00000000,00000000,?,00F7CD3B,00000006,FlsSetValue), ref: 00F7CA9A
          • GetLastError.KERNEL32(?,00F7CA0F,00000000,00000000,00000000,00000000,?,00F7CD3B,00000006,FlsSetValue,00FA6B80,FlsSetValue,00000000,00000364,?,00F7B127), ref: 00F7CAA6
          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F7CA0F,00000000,00000000,00000000,00000000,?,00F7CD3B,00000006,FlsSetValue,00FA6B80,FlsSetValue,00000000), ref: 00F7CAB4
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: LibraryLoad$ErrorLast
          • String ID:
          • API String ID: 3177248105-0
          • Opcode ID: 5ef1cd16805d1a57a9f5291c6f4512bf90cd1dfe3bc1aac33373975fc6316abc
          • Instruction ID: 53dc1c87694e6a8eb6a11dc928d859cf16194f67c92e929df4303fedd5bd32bf
          • Opcode Fuzzy Hash: 5ef1cd16805d1a57a9f5291c6f4512bf90cd1dfe3bc1aac33373975fc6316abc
          • Instruction Fuzzy Hash: C001D433A0162EABD722DB689C54B573B98EB05BB2728412BF90AD3140D624D801E7E1
          Function 00F62E35 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00F62E4F
          • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 00F62E63
          • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00F62E7B
          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00F62E93
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
          • String ID:
          • API String ID: 78362717-0
          • Opcode ID: 0bcfc0b340291fcbe34dfbc81162e43a5ece5e105f1087a9ff9ae7cba2b57d5e
          • Instruction ID: 6a8afa904afa2ff8bfa60739b3e6f675789872d2aeb4661808027f5c68741f83
          • Opcode Fuzzy Hash: 0bcfc0b340291fcbe34dfbc81162e43a5ece5e105f1087a9ff9ae7cba2b57d5e
          • Instruction Fuzzy Hash: BC01F932700915A7CF56EEA5CC51AEF7799AFA4760F000066FD15AB281DA36ED10B6E0
          Function 00F4A5F0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3.LIBCMT ref: 00F4E1E6
          • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00F4E1F9
            • Part of subcall function 00F4D06B: Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 00F4D07E
            • Part of subcall function 00F4D06B: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00F4D088
          • Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 00F4E212
          • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00F4E258
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::details::Concurrency::details::_LockLock::_Node::QueueScoped_lock$Acquire_lockConcurrency::critical_section::_EventH_prolog3NodeReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter
          • String ID:
          • API String ID: 1424302493-0
          • Opcode ID: edb54e4ee5ca978a6761ddd9cd4857f826ec54097b116038c11b28f05b9afd31
          • Instruction ID: 579e2d5cc690f6b441b4a9ad4d14d617ff846609c2f32790ab7d7240f7c36c2e
          • Opcode Fuzzy Hash: edb54e4ee5ca978a6761ddd9cd4857f826ec54097b116038c11b28f05b9afd31
          • Instruction Fuzzy Hash: E901B575D011218BDF15ABA4C9447BDBB76BFC8710F190054DC116B346DBB8AE05EB91
          Function 00F4BBC0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
          Download Yara Rule
          APIs
          • EnterCriticalSection.KERNEL32(00FCB794,?,?,00F3359F,00FCAEB8,00F948A0,00000001), ref: 00F4BBCA
          • LeaveCriticalSection.KERNEL32(00FCB794,?,00F3359F,00FCAEB8,00F948A0,00000001), ref: 00F4BBFD
          • SetEvent.KERNEL32(00000000,00FCAEB8,00F948A0,00000001), ref: 00F4BC8B
          • ResetEvent.KERNEL32 ref: 00F4BC97
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CriticalEventSection$EnterLeaveReset
          • String ID:
          • API String ID: 3553466030-0
          • Opcode ID: 70bbf25277538a6df5c7e3a67edd1d915793d7c9b0629f328572aab37a8d2b57
          • Instruction ID: 46b49c33b133eaaeccf3f548f9594ab4a43868b99a2c986639ea38ffae9c661c
          • Opcode Fuzzy Hash: 70bbf25277538a6df5c7e3a67edd1d915793d7c9b0629f328572aab37a8d2b57
          • Instruction Fuzzy Hash: B6012C35A04529DFCB059F14EE5BD997BA8FF89B41B05805AED0297320CB309900AF94
          Function 00F58819 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 00F5884B
          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 00F5885B
          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 00F5886B
          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 00F5887F
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Compare_exchange_acquire_4std::_
          • String ID:
          • API String ID: 3973403980-0
          • Opcode ID: 0afb5701640ffc842da03f69a85d025ba205578d75e5f186f253663f98ddd670
          • Instruction ID: 671560650af4e73cf650c408f4623d9b72213a61c6530edf1dc3d7d6897da641
          • Opcode Fuzzy Hash: 0afb5701640ffc842da03f69a85d025ba205578d75e5f186f253663f98ddd670
          • Instruction Fuzzy Hash: 1501BB77400109BBCF119E54DC0299D3B66EF553A3B588515FE18A4531DB32C67AFB41
          Function 00F4ECDE Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RegisterWaitForSingleObject.KERNEL32(?,00000000,00F60140,000000A4,000000FF,0000000C), ref: 00F4ECF5
          • GetLastError.KERNEL32(?,?,?,?,00F54E00,?,?,?,?,00000000,?,00000000), ref: 00F4ED04
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4ED1A
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4ED28
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
          • String ID:
          • API String ID: 3803302727-0
          • Opcode ID: 22ecc54a98718448af2a9880e652dcb94aca9405fed7c76864410bc4212b0cf8
          • Instruction ID: 53d3c3d7bd696e6c7517fe0af10b5ae1aef2a3aa6e256d7a9d984b0e0cb06bd4
          • Opcode Fuzzy Hash: 22ecc54a98718448af2a9880e652dcb94aca9405fed7c76864410bc4212b0cf8
          • Instruction Fuzzy Hash: 7EF0307190020EFBCF01EFA4DD0AFAF7B787B04710F604615B911E60A1DA35DA14A761
          Function 00F4EA03 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • ___crtCreateEventExW.LIBCPMT ref: 00F4EA19
          • GetLastError.KERNEL32(?,?,?,?,?,00F4D153), ref: 00F4EA27
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EA3D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EA4B
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
          • String ID:
          • API String ID: 200240550-0
          • Opcode ID: a61da376bb2ca847e3ea73d2f88eb70ce51f9ed363cda5812fe577044f85aba8
          • Instruction ID: e651d4aa19cec0e0f86a557ff2727d151cbcccb0f900450cd56e3a8e641fa59b
          • Opcode Fuzzy Hash: a61da376bb2ca847e3ea73d2f88eb70ce51f9ed363cda5812fe577044f85aba8
          • Instruction Fuzzy Hash: 0AE086A1E4031AAAE710B7B59D07F7B3EAC7B00B40F840865BD15E51D3FE6CEA0462A5
          Function 00F55B43 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
            • Part of subcall function 00F4EDDF: TlsAlloc.KERNEL32(?,00F4D153), ref: 00F4EDE5
          • TlsAlloc.KERNEL32(?,00F4D153), ref: 00F605A2
          • GetLastError.KERNEL32 ref: 00F605B4
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F605CA
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F605D8
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
          • String ID:
          • API String ID: 3735082963-0
          • Opcode ID: 02838ae9af5487ee04d08a49934713654a6461f73716c316c1aa85cb8c7bf09b
          • Instruction ID: 8736ac0d55218ea310d706c7dca0e1aeea9b2f06c6f7c4c446ce3f3da205e77a
          • Opcode Fuzzy Hash: 02838ae9af5487ee04d08a49934713654a6461f73716c316c1aa85cb8c7bf09b
          • Instruction Fuzzy Hash: 7AE01B7480031D97C704BB745D17F7B3A787604754B640E15B416D21B2EF38D915BB65
          Function 00F4EC1A Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00F4D153), ref: 00F4EC24
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00F4D153), ref: 00F4EC33
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EC49
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EC57
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
          • String ID:
          • API String ID: 3016159387-0
          • Opcode ID: cd63d33e6b81e1703c8acb560f372417c8a4ce979b3144788d20808399c26bac
          • Instruction ID: 7d7f9a8e78ac8500d4aa0cd20e4cacdd5430eef1c15a31c4f5862ff790c99cdc
          • Opcode Fuzzy Hash: cd63d33e6b81e1703c8acb560f372417c8a4ce979b3144788d20808399c26bac
          • Instruction Fuzzy Hash: ABE04F70E0020EE7CB00FBB49E4AFAF76BC6B00B04B500465A501E2051EE68EA08A7A5
          Function 00F4ED72 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • SetThreadPriority.KERNEL32(?,?), ref: 00F4ED7E
          • GetLastError.KERNEL32 ref: 00F4ED8A
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EDA0
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EDAE
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
          • String ID:
          • API String ID: 4286982218-0
          • Opcode ID: 7ab89ad02badde7a4f5d5e5b90c7553966cd2914a7716983ee2d5bb1f054f1bd
          • Instruction ID: f9c94594f98afd6fe81e28b9fa23e84bcb6648a7122bb1e472c43f8d2a5e8024
          • Opcode Fuzzy Hash: 7ab89ad02badde7a4f5d5e5b90c7553966cd2914a7716983ee2d5bb1f054f1bd
          • Instruction Fuzzy Hash: 0BE04F7090011AB7CB01BB71DC06FBA3A787B00740B404815B951D10A2DA39D514A794
          Function 00F4EE38 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • TlsSetValue.KERNEL32(?,00000000,00F54177,00000000,?,?,00F4D153,?,?,?,00000000,?,00000000), ref: 00F4EE44
          • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00F4EE50
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EE66
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EE74
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
          • String ID:
          • API String ID: 1964976909-0
          • Opcode ID: 4133e7ca205f4f65e4c60915271b330ac850c8ce1b236f52a69e6bb6c33f0f07
          • Instruction ID: 8aa00c7b6cba9e9288943896f168709d70684aa8ef4bd005438d2c73b9655688
          • Opcode Fuzzy Hash: 4133e7ca205f4f65e4c60915271b330ac850c8ce1b236f52a69e6bb6c33f0f07
          • Instruction Fuzzy Hash: 08E0863090021AE7CB01BFB0DC06FBA3B6C7F00B40F404815B815D10A2DE39D514B7A4
          Function 00F4EDDF Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • TlsAlloc.KERNEL32(?,00F4D153), ref: 00F4EDE5
          • GetLastError.KERNEL32 ref: 00F4EDF2
          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00F4EE08
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F4EE16
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
          • String ID:
          • API String ID: 3103352999-0
          • Opcode ID: 8f24bdcd7e976e46bb979e0c15f1fb0b2663a59d3870cc79756124a8261fa6de
          • Instruction ID: 3d746eed90b89c22426d0fae02badce77bf548fdb7d5d80db111a676ccfdde57
          • Opcode Fuzzy Hash: 8f24bdcd7e976e46bb979e0c15f1fb0b2663a59d3870cc79756124a8261fa6de
          • Instruction Fuzzy Hash: 37E01270D0022A978700FBB49D0AFBA3A687A00724F900E15F426D10E2EE68D419A7E5
          Function 00F75F1D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
          Download Yara Rule
          APIs
          • __startOneArgErrorHandling.LIBCMT ref: 00F75FAD
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ErrorHandling__start
          • String ID: pow
          • API String ID: 3213639722-2276729525
          • Opcode ID: fc575933a48d9a4b826dd1b5c96b0579643bf36ada9385edfb10adf9d795787b
          • Instruction ID: a5b184ee73203a706d82a03d3c5ce7d7be646acf38333fe2ebf4a91d534edc58
          • Opcode Fuzzy Hash: fc575933a48d9a4b826dd1b5c96b0579643bf36ada9385edfb10adf9d795787b
          • Instruction Fuzzy Hash: 4D516E71D08A0597CB117B14CD013ED3794DB40B60F20CD5BE49A862EAEB359C95BB47
          Function 00F199D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: ef79a77f82df5b81391f8737d968a26479d127df1af2bb54805a18de91f68206
          • Instruction ID: f71763b6c55f6665911c07d68d23c453a9e15a0aa2c773f12b5ce73252cf432b
          • Opcode Fuzzy Hash: ef79a77f82df5b81391f8737d968a26479d127df1af2bb54805a18de91f68206
          • Instruction Fuzzy Hash: EA51BF71D042598BDF14CFA8C8917EEBBB5FF88314F108219E855B7281D7B8AA85DB90
          Function 00F165C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1672D
          Strings
          • StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher, xrefs: 00F16707
          • BlockPaddingScheme, xrefs: 00F166BD
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: BlockPaddingScheme$StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher
          • API String ID: 2005118841-3582606076
          • Opcode ID: a92c3a7412745e5e2c2f09406e09c17a506662c004e10927dd94956d3d755294
          • Instruction ID: 87cf4b761b79ca9a5abbbac18c343ae2c6c984559827b0a77a7b55d0db9ec349
          • Opcode Fuzzy Hash: a92c3a7412745e5e2c2f09406e09c17a506662c004e10927dd94956d3d755294
          • Instruction Fuzzy Hash: FD41ADB0A00749EFDB04DFA8C845B9DBBF4FF49714F10415AE811AB392DBB5AA04DB91
          Function 00F658D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
          Download Yara Rule
          APIs
          • ___except_validate_context_record.LIBVCRUNTIME ref: 00F65903
          • __IsNonwritableInCurrentImage.LIBCMT ref: 00F659BC
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CurrentImageNonwritable___except_validate_context_record
          • String ID: csm
          • API String ID: 3480331319-1018135373
          • Opcode ID: 087f2dabeea2a9bb7e75bdd02ed2699e3c11bbe5c0527f471e5131567a244694
          • Instruction ID: 9732ca08725aa039a94e740077f9720cb908f18ec854da2fb633d0b993f51bf4
          • Opcode Fuzzy Hash: 087f2dabeea2a9bb7e75bdd02ed2699e3c11bbe5c0527f471e5131567a244694
          • Instruction Fuzzy Hash: D141D030E00609EBCF00DF68CC85AAEBBB4AF45B38F148155E854AB392D735DA05EB90
          Function 00EF2C30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traitscodecvt
          • String ID:
          • API String ID: 1910604377-3916222277
          • Opcode ID: 6b50e6bac75003f867868def2231c8cb945ec3f5c48e75274ac3c577a1f4ffd2
          • Instruction ID: 2cb3ea0c4f0df070bd7d7a042764a17ab977edbba737b8c1f8b25b3f03c56bd0
          • Opcode Fuzzy Hash: 6b50e6bac75003f867868def2231c8cb945ec3f5c48e75274ac3c577a1f4ffd2
          • Instruction Fuzzy Hash: 5C413370D0121CAFCB08CFA4D895AEDBBB5BF48304F14A05DEA06BB295DB31A946DB50
          Function 00EF2D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: char_traitscodecvt
          • String ID:
          • API String ID: 1910604377-3916222277
          • Opcode ID: bad16d2c2507ceb75cb5f6871203de844d7d3e41b1b1dc4d0878b41878cd026b
          • Instruction ID: ee2d8dc5ea9e8b020d69e718f4ed9409aa539bdb614390bc5b01393517b4a325
          • Opcode Fuzzy Hash: bad16d2c2507ceb75cb5f6871203de844d7d3e41b1b1dc4d0878b41878cd026b
          • Instruction Fuzzy Hash: 00412475D1420DEBCF19DFA4D894AEEB7B5BF48304F24615EE602BB241DB30A905DB90
          Function 00F18830 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F1892B
          Strings
          • StringStore: missing InputBuffer argument, xrefs: 00F18905
          • InputBuffer, xrefs: 00F18891
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: InputBuffer$StringStore: missing InputBuffer argument
          • API String ID: 2005118841-2380213735
          • Opcode ID: 2619582d266febf0652f34f492f0b27fbea5fd341b43fd23e8a920c0a3f294b6
          • Instruction ID: cd3786159205b2864525d2bae0499705094d4c011d6181fe9867bbe095b870ed
          • Opcode Fuzzy Hash: 2619582d266febf0652f34f492f0b27fbea5fd341b43fd23e8a920c0a3f294b6
          • Instruction Fuzzy Hash: B0317C71A00348DFDB10DF98C895BDEBBF4EF49710F108169E415AB381DB75AA08DB91
          Function 00F172EA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F174CC
          Strings
          • StreamTransformationFilter: W3C_PADDING cannot be used with , xrefs: 00F173B0
          • BlockPaddingScheme, xrefs: 00F17346
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: BlockPaddingScheme$StreamTransformationFilter: W3C_PADDING cannot be used with
          • API String ID: 2005118841-4002109100
          • Opcode ID: 647e7ed8ed13460a6d764e054c3f84630a5b531f171537f49f473f237577c543
          • Instruction ID: 4b3284f4b5bfa5d4de17533da639dafbb21d30b0fef6498d114929d2e08081b1
          • Opcode Fuzzy Hash: 647e7ed8ed13460a6d764e054c3f84630a5b531f171537f49f473f237577c543
          • Instruction Fuzzy Hash: 65218B71D04219EBDB10EF54CD81FDABBB8FB09710F0045A5E819A7650D730AE88EBA1
          Function 00F191A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F19274
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: Resynchronize$key is set
          • API String ID: 2005118841-370131452
          • Opcode ID: 69d5963a94b304a0e55ff8fcabca0f20ca16ff7d439de257ad470c80fad4330c
          • Instruction ID: 2e9adb2d8544b12e6534d50145f531b225b5399a5ea0fe0ac1e87262a52c0b52
          • Opcode Fuzzy Hash: 69d5963a94b304a0e55ff8fcabca0f20ca16ff7d439de257ad470c80fad4330c
          • Instruction Fuzzy Hash: 76317AB160060ABFDB00DF51C989BAAFBB8FF48714F004519E81557A80CBB9E528DF90
          Function 00F85791 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,00F859EC,?,00000050,?,?,?,?,?), ref: 00F8586C
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID:
          • String ID: ACP$OCP
          • API String ID: 0-711371036
          • Opcode ID: d932a31beddd07e59858c09836a26540660a436bc22808305d963a449d4982e1
          • Instruction ID: dc8269d0a1852d4da7e94d694a0ce12a61d98cbce71b1a93b9c7728021fa2745
          • Opcode Fuzzy Hash: d932a31beddd07e59858c09836a26540660a436bc22808305d963a449d4982e1
          • Instruction Fuzzy Hash: 2F21A162E40904A7DB24AA64C901BDB739AAF50F71F968526E90AD7204E732DD00E390
          Function 00F067D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82memoryCOMMON
          Download Yara Rule
          APIs
          • _DebugHeapAllocator.LIBCPMTD ref: 00F0682C
          • _DebugHeapAllocator.LIBCPMTD ref: 00F06848
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: AllocatorDebugHeap
          • String ID: RSA
          • API String ID: 571936431-3431517
          • Opcode ID: b57af730f5bf208ad4947cb8dfaa140d79fb32a10e96d263ab3cc78c9c6bb1f9
          • Instruction ID: 8165d9a4e601231ba982ff06879f97f8bf14cd04c66383aab122975e8c1e119e
          • Opcode Fuzzy Hash: b57af730f5bf208ad4947cb8dfaa140d79fb32a10e96d263ab3cc78c9c6bb1f9
          • Instruction Fuzzy Hash: B63119B0A04249DFDF04CF88C991BAEBBB5FF48308F148158E815AB392C775AE41DB94
          Function 00F16B80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F16C27
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrow
          • String ID: AAD$AuthenticatedEncryptionFilter
          • API String ID: 3976011213-396231977
          • Opcode ID: 8c93e3ad37d542cd417b7e33fd1a54c9928f0eeed56d0e721eda26fc6e906246
          • Instruction ID: 1a68358f3501292c6a7703032c6457746d71f0cb15031ca6e3ef65a6705fd589
          • Opcode Fuzzy Hash: 8c93e3ad37d542cd417b7e33fd1a54c9928f0eeed56d0e721eda26fc6e906246
          • Instruction Fuzzy Hash: A921A131A04208EFCB14DF94C885FEAB7B8FF44720F104569E816EB281DF74A944DB91
          Function 00F175B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F17656
          Strings
          • OutputBuffer, xrefs: 00F175E7
          • ArraySink: missing OutputBuffer argument, xrefs: 00F1762D
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
          • API String ID: 2005118841-3781944848
          • Opcode ID: 01b932ade22ce154aeab6731c7285e94d1a2e88f3356415fd19c27b4516d7d6b
          • Instruction ID: 3994a14059e7f9d466b1184c62d3cc49bd32ec3665560e42b263cb070fcd35a4
          • Opcode Fuzzy Hash: 01b932ade22ce154aeab6731c7285e94d1a2e88f3356415fd19c27b4516d7d6b
          • Instruction Fuzzy Hash: D9216F71904249AFCB10EF98C841FDEBBF4FB48710F00452AF415AB290DB74A948DB51
          Function 00EF1CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
          Download Yara Rule
          APIs
          • std::bad_exception::bad_exception.LIBCMTD ref: 00EF1D32
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EF1D40
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          • CryptoMaterial: this object contains invalid values, xrefs: 00EF1D17
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
          • String ID: CryptoMaterial: this object contains invalid values
          • API String ID: 1843230569-887990677
          • Opcode ID: dde8c86d253c327d67e2fa3da60ece4f8ecccc5f6a2189aa546820b81eb5008c
          • Instruction ID: e9dd7807c2b132fa8ffbb8648aa1c1b0fe4a7fea2030307953ca4ca685151ca5
          • Opcode Fuzzy Hash: dde8c86d253c327d67e2fa3da60ece4f8ecccc5f6a2189aa546820b81eb5008c
          • Instruction Fuzzy Hash: 0E116A7190024DEFCB04DF95C981EEEB7B4FF48710F108269E916A7290EB30AA04CB91
          Function 00EF0610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EF067C
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          • StringSink: OutputStringPointer not specified, xrefs: 00EF0653
          • OutputStringPointer, xrefs: 00EF063F
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrow
          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
          • API String ID: 3976011213-1331214609
          • Opcode ID: 441d4bf9e70d63ca1deb7a4a06571a724e0d53116960918e56eeeade26a0dcac
          • Instruction ID: 580158a3f322c784deca0f6ebcd347111befc78fb5547b2c1d164b25fabe9090
          • Opcode Fuzzy Hash: 441d4bf9e70d63ca1deb7a4a06571a724e0d53116960918e56eeeade26a0dcac
          • Instruction Fuzzy Hash: 8D015EB194424CABDB04EF95CC42BEEB7B8EB05720F40562DF411B72C1DB75AA04DB55
          Function 00EFC2C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Max_valueMin_value
          • String ID: {B
          • API String ID: 3846992165-219045038
          • Opcode ID: b0fdf1d6e2fdef04c1c42680ebfd2c7a52a79a7c4ee7d5784edec907ee55c28f
          • Instruction ID: 6882fc76ba604d17c28969b6c4aacec4adff1194ed93265e603e5d1f2df0c163
          • Opcode Fuzzy Hash: b0fdf1d6e2fdef04c1c42680ebfd2c7a52a79a7c4ee7d5784edec907ee55c28f
          • Instruction Fuzzy Hash: 5A01ECB5D0020D9FCB04EFE5E9829EEBBF4AF18300F504569E606B7251EA34A7149B91
          Function 00EFC240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Max_valueMin_value
          • String ID: {C
          • API String ID: 3846992165-3048356811
          • Opcode ID: 88884c5c52f6973c645adce0e2eba848cc19d1ae90202ef0418c05aded0ad30d
          • Instruction ID: 9fbef7386e1a337e4977b601af132b97453c2ae519a771a3e12427898c8d0210
          • Opcode Fuzzy Hash: 88884c5c52f6973c645adce0e2eba848cc19d1ae90202ef0418c05aded0ad30d
          • Instruction Fuzzy Hash: 5E01E1B5D0020D9FCB04EFE5D9429EEBBF4AF18300F504569E605B7251EA3567049B91
          Function 00F5A3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
          Download Yara Rule
          APIs
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F5A3E8
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F5A3F6
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
          • String ID: pContext
          • API String ID: 1687795959-2046700901
          • Opcode ID: 84fbc5e05583fa488aff50826da48164b6c62e7da195cc15d5cd5da8c1e6cd11
          • Instruction ID: 7e53715c231656939178fc610519f3bf8dceb0d0c1709c778a42e3a081ca0327
          • Opcode Fuzzy Hash: 84fbc5e05583fa488aff50826da48164b6c62e7da195cc15d5cd5da8c1e6cd11
          • Instruction Fuzzy Hash: 89F0E939B00119ABCB04ABA9DC44C5EBBA89F85BA030000A6FD02D7351DB74ED059BD1
          Function 00F8B660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • __EH_prolog3_catch.LIBCMT ref: 00F8B667
            • Part of subcall function 00F8B335: __EH_prolog3.LIBCMT ref: 00F8B33C
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: H_prolog3H_prolog3_catch
          • String ID: MOC$RCC
          • API String ID: 1882928916-2084237596
          • Opcode ID: 1f40a30a0865d44bec3114cd571018c6fea47ae9f599332f321fe034befc4ba1
          • Instruction ID: 48a50df424f66e5bcf40cd207fdf177b3d6d856b0e7214539ef5c66050e32d25
          • Opcode Fuzzy Hash: 1f40a30a0865d44bec3114cd571018c6fea47ae9f599332f321fe034befc4ba1
          • Instruction Fuzzy Hash: 0FF04931904214DFDB12BB64C80299C3B61AF06F80F5950A1F854AB321EBBDAF41AFA1
          Function 00F6AADD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: NameName::
          • String ID: {flat}
          • API String ID: 1333004437-2606204563
          • Opcode ID: 659196f95a8db6a9b50084a4a63fc1fade755f2ac50be5e5dfcb06e40b1aa99d
          • Instruction ID: a9bd64737e100a69518b5f29f6f2603e50b0da71bedde8dd0cb4d2aa3439efb2
          • Opcode Fuzzy Hash: 659196f95a8db6a9b50084a4a63fc1fade755f2ac50be5e5dfcb06e40b1aa99d
          • Instruction Fuzzy Hash: EBF0657560024C9FD701DF58E5A6FE53BE19B81765F048045E90D4F292CBB8D880EB91
          Function 00F65851 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
          Download Yara Rule
          APIs
          • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00F6585D
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F65884
            • Part of subcall function 00F63148: RaiseException.KERNEL32(?,?,?,00F4C9DF,?,00000000,?,?,?,?,?,?,00F4C9DF,?,00FBFECC), ref: 00F631A8
          Strings
          • Access violation - no RTTI data!, xrefs: 00F65854
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
          • String ID: Access violation - no RTTI data!
          • API String ID: 2053020834-2158758863
          • Opcode ID: afcb0f6ea5474399a224bf4ae1f905937058d6306ed7a67db9c7071555d4d508
          • Instruction ID: 73cd205203447647ae5893b35b79613f33a0516923318fedb8a3e5f6620f569d
          • Opcode Fuzzy Hash: afcb0f6ea5474399a224bf4ae1f905937058d6306ed7a67db9c7071555d4d508
          • Instruction Fuzzy Hash: 74C01272C0420CAADB04E6E08D47DDD73AC9A09B10F600446F61073442EE6AFB146761
          Function 00F5DDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
          Download Yara Rule
          APIs
          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00F5DDDF
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00F5DDED
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
          • String ID: pThreadProxy
          • API String ID: 1687795959-3651400591
          • Opcode ID: 12e8783c56e1d4b57920eba26445d81cd249da8b5dc86696149d70af46643ac8
          • Instruction ID: 40f736d13d796bab2d62eb790b5ec01001bc8b957f9c7b2c27d17d578ebb52dd
          • Opcode Fuzzy Hash: 12e8783c56e1d4b57920eba26445d81cd249da8b5dc86696149d70af46643ac8
          • Instruction Fuzzy Hash: 93D05E71E0020C6ACB00FBA5DC07E8E77B85B04744F0041756E12A6082EEB4E609DA91
          Function 00F78690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: CommandLine
          • String ID: 0&y
          • API String ID: 3253501508-825062974
          • Opcode ID: 860d7b809ff9aeee79f3bc40f55b417569a2c12b535190095abca85f64785e3e
          • Instruction ID: 946f00be4aa03b8c856d36779ef84dfb0cdccd4e180afef3dc6a1001703138c6
          • Opcode Fuzzy Hash: 860d7b809ff9aeee79f3bc40f55b417569a2c12b535190095abca85f64785e3e
          • Instruction Fuzzy Hash: 51B0927C80160D8FC7418FB0BD1F6083BA0B309A02780605FD805C3328D7360084FF00
          Function 00F743D6 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,00F8C280,00F8C280,00000000,00000000,00000000,?), ref: 00F7446C
          • GetLastError.KERNEL32(?,00F8C280), ref: 00F7447A
          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00F8C280), ref: 00F744D5
          Memory Dump Source
          • Source File: 00000000.00000002.3267175834.0000000000EE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true
          • Associated: 00000000.00000002.3267158518.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267259670.0000000000F95000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267295342.0000000000FC3000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267311658.0000000000FC4000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267323838.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267342497.0000000000FC6000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267357785.0000000000FCB000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.3267383584.0000000000FCD000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_ee0000_12.jbxd
          Similarity
          • API ID: ByteCharMultiWide$ErrorLast
          • String ID:
          • API String ID: 1717984340-0
          • Opcode ID: 859cb78c668bb7ab467a72327e7f7719a0b470040b625fc7c27a742fe209e403
          • Instruction ID: 3e59536d797af55eece5c246b933aaf2a8ae25af5da1a53283e7d0506eccb57d
          • Opcode Fuzzy Hash: 859cb78c668bb7ab467a72327e7f7719a0b470040b625fc7c27a742fe209e403
          • Instruction Fuzzy Hash: 8741D531A00216AFDF31CF65D8447BA7BA5AF01724F19826EF89D9B1A1D730AD01F752