Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8NU1qpOatQ.exe

Overview

General Information

Sample name:8NU1qpOatQ.exe
renamed because original name is a hash value
Original sample name:20c840940536dc89016f7d4c78cce2c839ee2106.exe
Analysis ID:1546796
MD5:a0c776661815d65a51c4d4c7da408f4d
SHA1:20c840940536dc89016f7d4c78cce2c839ee2106
SHA256:a82da08a181eafbcc779f5af962eebe04e3b973c40f90a37f42ea8d3de7fc70f
Tags:exeReversingLabsuser-NDA0E
Infos:

Detection

MofongoLoader
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected MofongoLoader
AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • 8NU1qpOatQ.exe (PID: 3676 cmdline: "C:\Users\user\Desktop\8NU1qpOatQ.exe" MD5: A0C776661815D65A51C4D4C7DA408F4D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000003.1575210337.000001E3FD881000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MofongoLoaderYara detected MofongoLoaderJoe Security
    00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpJoeSecurity_MofongoLoaderYara detected MofongoLoaderJoe Security
      00000000.00000003.1575514282.000001E3FD38E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MofongoLoaderYara detected MofongoLoaderJoe Security
        00000000.00000000.1573061891.00007FF753400000.00000080.00000001.01000000.00000003.sdmpJoeSecurity_MofongoLoaderYara detected MofongoLoaderJoe Security
          00000000.00000003.1575394016.000001E3FBAFD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MofongoLoaderYara detected MofongoLoaderJoe Security
            No Sigma rule has matched
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-01T15:56:39.831562+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849709TCP
            2024-11-01T15:57:18.349585+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849714TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 8NU1qpOatQ.exeReversingLabs: Detection: 52%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
            Source: 8NU1qpOatQ.exeStatic PE information: certificate valid
            Source: 8NU1qpOatQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343B184 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF75343B184
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49714
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49709
            Source: unknownDNS traffic detected: query: cloudnetworkverify.com replaycode: Server failure (2)
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: cloudnetworkverify.com
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.digicert.com0A
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.digicert.com0C
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.digicert.com0X
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
            Source: 8NU1qpOatQ.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/CS4/Dc
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/MI
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/RouteHelper.dll
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/lH
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/ll
            Source: 8NU1qpOatQ.exe, 8NU1qpOatQ.exe, 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3C5000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAEE000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/windows/verify
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/windows/verify_
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/windows/verifyc94s
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/windows/verifyed
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudnetworkverify.com/windows/verifyn
            Source: 8NU1qpOatQ.exeString found in binary or memory: https://www.globalsign.com/repository/0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534386A40_2_00007FF7534386A4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534009900_2_00007FF753400990
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343E4180_2_00007FF75343E418
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342A3A40_2_00007FF75342A3A4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534342600_2_00007FF753434260
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343B1840_2_00007FF75343B184
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342B12C0_2_00007FF75342B12C
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342A1B80_2_00007FF75342A1B8
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534347200_2_00007FF753434720
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342A5900_2_00007FF75342A590
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342BD000_2_00007FF75342BD00
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753412B200_2_00007FF753412B20
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753441BF40_2_00007FF753441BF4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342AC080_2_00007FF75342AC08
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753430BA40_2_00007FF753430BA4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342EA600_2_00007FF75342EA60
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343FA7C0_2_00007FF75343FA7C
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753439A440_2_00007FF753439A44
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342DAD00_2_00007FF75342DAD0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534339A00_2_00007FF7534339A0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75342E0040_2_00007FF75342E004
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343CE680_2_00007FF75343CE68
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753431EE40_2_00007FF753431EE4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753434DB40_2_00007FF753434DB4
            Source: 8NU1qpOatQ.exe, 00000000.00000000.1573061891.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameP0 vs 8NU1qpOatQ.exe
            Source: 8NU1qpOatQ.exe, 00000000.00000003.1575210337.000001E3FD932000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameP0 vs 8NU1qpOatQ.exe
            Source: 8NU1qpOatQ.exeBinary or memory string: OriginalFilenameP0 vs 8NU1qpOatQ.exe
            Source: classification engineClassification label: mal60.troj.winEXE@1/0@1/0
            Source: 8NU1qpOatQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 8NU1qpOatQ.exeReversingLabs: Detection: 52%
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeFile read: C:\Users\user\Desktop\8NU1qpOatQ.exeJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: 8NU1qpOatQ.exeStatic PE information: certificate valid
            Source: 8NU1qpOatQ.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: 8NU1qpOatQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: 8NU1qpOatQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: 8NU1qpOatQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: 8NU1qpOatQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: 8NU1qpOatQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: 8NU1qpOatQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            Source: Yara matchFile source: 00000000.00000003.1575210337.000001E3FD881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1575514282.000001E3FD38E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.1573061891.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1575394016.000001E3FBAFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753411300 _Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,CheckTokenMembership,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,0_2_00007FF753411300
            Source: 8NU1qpOatQ.exeStatic PE information: real checksum: 0xbf982 should be: 0xbb089
            Source: 8NU1qpOatQ.exeStatic PE information: section name: _RDATA
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75345D1FA push rsp; retf 0_2_00007FF75345D1FB
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447858 push rbp; retf 0_2_00007FF753447863
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447880 push rbp; retf 0_2_00007FF753447863
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447880 push r14; retf 0_2_00007FF753447893
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447848 push rsi; retf 0_2_00007FF753447853
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447838 push rsi; retf 0_2_00007FF75344783B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447840 push rsi; retf 0_2_00007FF753447843
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447840 push r14; retf 0_2_00007FF753447893
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447908 push rbp; retf 0_2_00007FF753447923
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447910 push rsp; retf 0_2_00007FF753447913
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478A8 push rsi; retf 0_2_00007FF7534478AB
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478B0 push rbp; retf 0_2_00007FF7534478B3
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447898 push rbp; retf 0_2_00007FF75344789B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478B8 push rbp; retf 0_2_00007FF7534478BB
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478C0 push rbp; retf 0_2_00007FF75344789B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478C0 push r14; retf 0_2_00007FF7534478D3
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75345E604 push rax; ret 0_2_00007FF75345E609
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A68 push rsi; retf 0_2_00007FF753447A73
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A58 push rbp; retf 0_2_00007FF753447A63
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A60 push rdi; retf 0_2_00007FF753447A6B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A88 push r14; retf 0_2_00007FF753447A8B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A90 push rsi; retf 0_2_00007FF753447A9B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A80 push rsi; retf 0_2_00007FF753447A83
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A18 push rbp; retf 0_2_00007FF7534479F3
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A50 push rbp; retf 0_2_00007FF753447A53
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447A98 push rsi; retf 0_2_00007FF753447A9B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447AB8 push rbp; retf 0_2_00007FF753447ABB
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447968 push rbp; retf 0_2_00007FF75344796B
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447970 push rbp; retf 0_2_00007FF753447973
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447960 push rsi; retf 0_2_00007FF753447963
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447990 push rbp; retf 0_2_00007FF753447993
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753400990 _Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,InternetOpenW,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,InternetConnectW,InternetCloseHandle,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,HttpSendRequestA,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,InternetCloseHandle,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,HttpQueryInfoW,GetLastError,HttpQueryInfoW,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,MultiByteToWideChar,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,MultiByteToWideChar,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,0_2_00007FF753400990
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-23942
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343B184 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF75343B184
            Source: 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753429358 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF753429358
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753411300 _Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,CheckTokenMembership,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,0_2_00007FF753411300
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF75343F768 GetProcessHeap,0_2_00007FF75343F768
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753429358 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF753429358
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534231C4 SetUnhandledExceptionFilter,0_2_00007FF7534231C4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447908 RtlLookupFunctionEntry,SetUnhandledExceptionFilter,0_2_00007FF753447908
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753447920 SetUnhandledExceptionFilter,0_2_00007FF753447920
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753423010 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF753423010
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF753444478 cpuid 0_2_00007FF753444478
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF75343F448
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF75343F258
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,0_2_00007FF75343F30C
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: EnumSystemLocalesW,0_2_00007FF753447A68
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,0_2_00007FF753447A50
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: EnumSystemLocalesW,0_2_00007FF753435940
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF75343E9D4
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,0_2_00007FF75343F0F0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF75343EEA0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: EnumSystemLocalesW,0_2_00007FF75343ED30
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: GetLocaleInfoW,0_2_00007FF753435E10
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: EnumSystemLocalesW,0_2_00007FF75343EE04
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeCode function: 0_2_00007FF7534478F0 LCMapStringEx,GetSystemTimeAsFileTime,0_2_00007FF7534478F0
            Source: C:\Users\user\Desktop\8NU1qpOatQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Native API
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            OS Credential Dumping1
            System Time Discovery
            Remote Services1
            Archive Collected Data
            1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Obfuscated Files or Information
            LSASS Memory21
            Security Software Discovery
            Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
            File and Directory Discovery
            SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS23
            System Information Discovery
            Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            8NU1qpOatQ.exe53%ReversingLabsWin64.Trojan.Convagent
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            NameIPActiveMaliciousAntivirus DetectionReputation
            cloudnetworkverify.com
            unknown
            unknownfalse
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://cloudnetworkverify.com/8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpfalse
                unknown
                https://cloudnetworkverify.com/RouteHelper.dll8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmpfalse
                  unknown
                  https://cloudnetworkverify.com/MI8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD397000.00000004.00000020.00020000.00000000.sdmpfalse
                    unknown
                    https://cloudnetworkverify.com/lH8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      https://cloudnetworkverify.com/windows/verify8NU1qpOatQ.exe, 8NU1qpOatQ.exe, 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3C5000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAEE000.00000004.00000020.00020000.00000000.sdmp, 8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpfalse
                        unknown
                        https://cloudnetworkverify.com/windows/verifyc94s8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpfalse
                          unknown
                          https://cloudnetworkverify.com/ll8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpfalse
                            unknown
                            https://cloudnetworkverify.com/windows/verify_8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAEE000.00000004.00000020.00020000.00000000.sdmpfalse
                              unknown
                              https://cloudnetworkverify.com/windows/verifyed8NU1qpOatQ.exe, 00000000.00000002.1580843749.000001E3FBAAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                unknown
                                https://cloudnetworkverify.com/windows/verifyn8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD3A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  unknown
                                  https://cloudnetworkverify.com/CS4/Dc8NU1qpOatQ.exe, 00000000.00000002.1580998541.000001E3FD380000.00000004.00000020.00020000.00000000.sdmpfalse
                                    unknown
                                    No contacted IP infos
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1546796
                                    Start date and time:2024-11-01 15:55:09 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 4m 30s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:8
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:8NU1qpOatQ.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:20c840940536dc89016f7d4c78cce2c839ee2106.exe
                                    Detection:MAL
                                    Classification:mal60.troj.winEXE@1/0@1/0
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 30
                                    • Number of non-executed functions: 97
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: 8NU1qpOatQ.exe
                                    No simulations
                                    No context
                                    No context
                                    No context
                                    No context
                                    No context
                                    No created / dropped files found
                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                    Entropy (8bit):4.948835133826694
                                    TrID:
                                    • Win64 Executable GUI (202006/5) 92.65%
                                    • Win64 Executable (generic) (12005/4) 5.51%
                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                    • DOS Executable Generic (2002/1) 0.92%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:8NU1qpOatQ.exe
                                    File size:749'408 bytes
                                    MD5:a0c776661815d65a51c4d4c7da408f4d
                                    SHA1:20c840940536dc89016f7d4c78cce2c839ee2106
                                    SHA256:a82da08a181eafbcc779f5af962eebe04e3b973c40f90a37f42ea8d3de7fc70f
                                    SHA512:e19fe7b6cf9c88d89d7566ccbd6f3033e49fd1a89ef515517d2748f175b672f6bff138d87313edc5f2f75a36bf559e00bfa2debff8aeb597b55b882dc223b887
                                    SSDEEP:6144:Fp19SmYRZbsuSBs3ojpe6aABlwZFsr5pOGJr3eRqk3tJc+xZRtiKzvzaOKIeM87e:Fp1EPZbsu2s3ojpe6aeSg3DeRqkUW5
                                    TLSH:1DF46FC6E6604CECF47688389D73B129E9643C79032156D726947A36AB336E4F93B703
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!.f.........."....&.t..........0*.........@.............................<............`................................
                                    Icon Hash:969696225aaa8a5b
                                    Entrypoint:0x140022a30
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x140000000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x661321F2 [Sun Apr 7 22:45:06 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:6
                                    OS Version Minor:0
                                    File Version Major:6
                                    File Version Minor:0
                                    Subsystem Version Major:6
                                    Subsystem Version Minor:0
                                    Import Hash:643597ba0ad6c06e6187f0ee823adb76
                                    Signature Valid:true
                                    Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                    Signature Validation Error:The operation completed successfully
                                    Error Number:0
                                    Not Before, Not After
                                    • 30/03/2024 12:20:38 30/03/2025 07:26:45
                                    Subject Chain
                                    • CN="Xuaony Plantain E-Commerce Trading Co., Ltd.", O="Xuaony Plantain E-Commerce Trading Co., Ltd.", L=Xiangyang, S=Hubei, C=CN, OID.1.3.6.1.4.1.311.60.2.1.1=Xiangyang, OID.1.3.6.1.4.1.311.60.2.1.2=Hubei, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91420600MACLU7R889, OID.2.5.4.15=Private Organization
                                    Version:3
                                    Thumbprint MD5:095FDDACF810F82ECE32F570F486702A
                                    Thumbprint SHA-1:C23686C7F96871D88754C70138702D5DCC35AC6D
                                    Thumbprint SHA-256:AD98024CF6546F37BF482A625BB18ABB0DAD060B4561BCC71405B1E61D121646
                                    Serial:5867CAD98B5C8552F60A7BD8
                                    Instruction
                                    dec eax
                                    sub esp, 28h
                                    call 00007F3B6CAC2F4Ch
                                    dec eax
                                    add esp, 28h
                                    jmp 00007F3B6CAC294Fh
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    dec eax
                                    sub esp, 28h
                                    call 00007F3B6CAC3358h
                                    test eax, eax
                                    je 00007F3B6CAC2B03h
                                    dec eax
                                    mov eax, dword ptr [00000030h]
                                    dec eax
                                    mov ecx, dword ptr [eax+08h]
                                    jmp 00007F3B6CAC2AE7h
                                    dec eax
                                    cmp ecx, eax
                                    je 00007F3B6CAC2AF6h
                                    xor eax, eax
                                    dec eax
                                    cmpxchg dword ptr [00039BC4h], ecx
                                    jne 00007F3B6CAC2AD0h
                                    xor al, al
                                    dec eax
                                    add esp, 28h
                                    ret
                                    mov al, 01h
                                    jmp 00007F3B6CAC2AD9h
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    dec eax
                                    sub esp, 28h
                                    test ecx, ecx
                                    jne 00007F3B6CAC2AE9h
                                    mov byte ptr [00039BA9h], 00000001h
                                    call 00007F3B6CAC2D0Dh
                                    call 00007F3B6CAC47CCh
                                    test al, al
                                    jne 00007F3B6CAC2AE6h
                                    xor al, al
                                    jmp 00007F3B6CAC2AF6h
                                    call 00007F3B6CAD243Bh
                                    test al, al
                                    jne 00007F3B6CAC2AEBh
                                    xor ecx, ecx
                                    call 00007F3B6CAC47E4h
                                    jmp 00007F3B6CAC2ACCh
                                    mov al, 01h
                                    dec eax
                                    add esp, 28h
                                    ret
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    inc eax
                                    push ebx
                                    dec eax
                                    sub esp, 20h
                                    cmp byte ptr [00039B6Ch], 00000000h
                                    mov ebx, ecx
                                    jne 00007F3B6CAC2B49h
                                    cmp ecx, 01h
                                    jnbe 00007F3B6CAC2B4Ch
                                    call 00007F3B6CAC32C6h
                                    test eax, eax
                                    je 00007F3B6CAC2B0Ah
                                    test ebx, ebx
                                    jne 00007F3B6CAC2B06h
                                    dec eax
                                    lea ecx, dword ptr [00039B56h]
                                    call 00007F3B6CAD2216h
                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x596ac0x64.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x62e000x50ce0.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x5d6000x4980.pdata
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xb3c000x3360
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x622000xb14.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x53c300x140.rdata
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x478000x310.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x4000x472a40x47400569396a8079805ff6e8aa1e68b2a48d4False0.4361876370614035data6.052587914123249IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0x478000x129120x12a0027ed03b97119dab2025ba0b80c3e3a47False0.4084652894295302data4.890972924183041IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x5a2000x32800x34006c2b69e614b5d1ff04ea9c8a1f2d49c2False0.07654747596153846data1.7664629350175303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .pdata0x5d6000x49800x4a0028a9cbbb0ec2eb45dacd0c505aea47b7False0.47962415540540543data5.558671214161405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    _RDATA0x620000x1f40x2004f3fc7598f6bf98cf91df53f44af3b3fFalse0.51953125data4.173069153790896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x622000xb140xc0082cff5055fb40b763fdd1a9387f99229False0.4876302083333333data5.29691559139134IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                    .rsrc0x62e000x50ce00x50e00a3be695d45afddbed34c93748ceccf38False0.087597807187017data2.565180833378099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    PNG0x631d40x2569PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9884097316487418
                                    RT_ICON0x657400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.1254723665564478
                                    RT_ICON0x699680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2535178236397749
                                    RT_ICON0x6aa100x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.48404255319148937
                                    RT_ICON0x6ae780x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.29918032786885246
                                    RT_ICON0x6b8000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24379432624113476
                                    RT_ICON0x6bc680x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m0.16434426229508198
                                    RT_ICON0x6c5f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.13297373358348968
                                    RT_ICON0x6d6980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.08952282157676349
                                    RT_ICON0x6fc400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.06914265470004724
                                    RT_ICON0x73e680x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m0.052843178473828044
                                    RT_ICON0x7d3100x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.04186383532473678
                                    RT_ICON0x8db380x25228Device independent bitmap graphic, 192 x 384 x 32, image size 147456, resolution 2835 x 2835 px/m0.031701993372955345
                                    RT_GROUP_ICON0xb2d600x3edata0.8225806451612904
                                    RT_GROUP_ICON0xb2da00x76data0.7542372881355932
                                    RT_VERSION0xb2e180x318data0.4292929292929293
                                    RT_MANIFEST0xb31300x9b0XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.39838709677419354
                                    DLLImport
                                    KERNEL32.dllLoadLibraryA, MultiByteToWideChar, GetStdHandle, SetEnvironmentVariableW, CreateFileW, ReadFile, CloseHandle, GetProcAddress, CreatePipe, GetCurrentProcess, CreateProcessA, GetModuleHandleA, WideCharToMultiByte, SetEndOfFile, WriteConsoleW, HeapSize, SetHandleInformation, GetLastError, GetProcessHeap, SetStdHandle, FreeEnvironmentStringsW, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, HeapReAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, RtlUnwind
                                    USER32.dllMessageBoxA
                                    ADVAPI32.dllOpenProcessToken
                                    WININET.dllInternetCloseHandle, HttpQueryInfoW
                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-11-01T15:56:39.831562+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849709TCP
                                    2024-11-01T15:57:18.349585+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849714TCP
                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 1, 2024 15:56:23.296506882 CET5630153192.168.2.81.1.1.1
                                    Nov 1, 2024 15:56:23.337707996 CET53563011.1.1.1192.168.2.8
                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Nov 1, 2024 15:56:23.296506882 CET192.168.2.81.1.1.10xa9d1Standard query (0)cloudnetworkverify.comA (IP address)IN (0x0001)false
                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Nov 1, 2024 15:56:23.337707996 CET1.1.1.1192.168.2.80xa9d1Server failure (2)cloudnetworkverify.comnonenoneA (IP address)IN (0x0001)false

                                    Click to jump to process

                                    Click to jump to process

                                    Target ID:0
                                    Start time:10:56:21
                                    Start date:01/11/2024
                                    Path:C:\Users\user\Desktop\8NU1qpOatQ.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\8NU1qpOatQ.exe"
                                    Imagebase:0x7ff753400000
                                    File size:749'408 bytes
                                    MD5 hash:A0C776661815D65A51C4D4C7DA408F4D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.1575210337.000001E3FD881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.1575514282.000001E3FD38E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000000.1573061891.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.1575394016.000001E3FBAFD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:7.5%
                                      Dynamic/Decrypted Code Coverage:0.7%
                                      Signature Coverage:12.8%
                                      Total number of Nodes:594
                                      Total number of Limit Nodes:28
                                      execution_graph 23584 7ff753435788 23597 7ff75342d9d4 EnterCriticalSection 23584->23597 23586 7ff753435798 23587 7ff75343c8e0 16 API calls 23586->23587 23588 7ff7534357a1 23587->23588 23589 7ff7534357af 23588->23589 23591 7ff753435584 18 API calls 23588->23591 23590 7ff75342da34 BuildCatchObjectHelperInternal LeaveCriticalSection 23589->23590 23596 7ff7534357bb 23590->23596 23592 7ff7534357aa 23591->23592 23593 7ff753435678 GetStdHandle GetFileType 23592->23593 23593->23589 23594 7ff75343c888 6 API calls 23594->23596 23595 7ff7534357ff 23596->23594 23596->23595 23598 7ff75342e808 23599 7ff75342e847 23598->23599 23600 7ff75342e825 23598->23600 23599->23600 23602 7ff75342e851 23599->23602 23629 7ff75342e7e0 6 API calls _set_errno_from_matherr 23600->23629 23604 7ff75342e856 23602->23604 23605 7ff75342e863 23602->23605 23603 7ff75342e82a 23630 7ff753429648 16 API calls _invalid_parameter_noinfo 23603->23630 23631 7ff75342e7e0 6 API calls _set_errno_from_matherr 23604->23631 23617 7ff7534367a4 23605->23617 23609 7ff75342e835 23611 7ff75342e877 23632 7ff75342e7e0 6 API calls _set_errno_from_matherr 23611->23632 23612 7ff75342e884 23624 7ff75343a7b4 23612->23624 23615 7ff75342e898 Concurrency::event::~event 23633 7ff75342c0a4 LeaveCriticalSection 23615->23633 23634 7ff75342d9d4 EnterCriticalSection 23617->23634 23619 7ff7534367bb 23620 7ff753436824 8 API calls 23619->23620 23621 7ff7534367c6 23620->23621 23622 7ff75342da34 BuildCatchObjectHelperInternal LeaveCriticalSection 23621->23622 23623 7ff75342e86d 23622->23623 23623->23611 23623->23612 23635 7ff75343a1e4 23624->23635 23627 7ff75343a80e 23627->23615 23629->23603 23630->23609 23631->23609 23632->23609 23640 7ff75343a20e 23635->23640 23637 7ff75343a487 23654 7ff753429648 16 API calls _invalid_parameter_noinfo 23637->23654 23639 7ff75343a3ca 23639->23627 23647 7ff753442270 23639->23647 23640->23640 23644 7ff75343a3c1 23640->23644 23650 7ff753441900 16 API calls 3 library calls 23640->23650 23642 7ff75343a422 23642->23644 23651 7ff753441900 16 API calls 3 library calls 23642->23651 23644->23639 23653 7ff75342e7e0 6 API calls _set_errno_from_matherr 23644->23653 23645 7ff75343a443 23645->23644 23652 7ff753441900 16 API calls 3 library calls 23645->23652 23655 7ff753441a5c 23647->23655 23650->23642 23651->23645 23652->23644 23653->23637 23654->23639 23656 7ff753441a73 23655->23656 23658 7ff753441a91 23655->23658 23675 7ff75342e7e0 6 API calls _set_errno_from_matherr 23656->23675 23658->23656 23660 7ff753441aad 23658->23660 23659 7ff753441a78 23676 7ff753429648 16 API calls _invalid_parameter_noinfo 23659->23676 23666 7ff75344214c 23660->23666 23664 7ff753441a84 23664->23627 23678 7ff75342e9b0 23666->23678 23669 7ff75344219f 23686 7ff75342f32c 23669->23686 23672 7ff75344220b 23673 7ff753441ad8 23672->23673 23745 7ff7534340d0 6 API calls 3 library calls 23672->23745 23673->23664 23677 7ff75343ca88 LeaveCriticalSection 23673->23677 23675->23659 23676->23664 23679 7ff75342e9d4 23678->23679 23685 7ff75342e9cf 23678->23685 23679->23685 23746 7ff7534331b0 16 API calls 4 library calls 23679->23746 23681 7ff75342e9ef 23747 7ff753434178 16 API calls _Getctype 23681->23747 23685->23669 23687 7ff75342f37a 23686->23687 23688 7ff75342f356 23686->23688 23689 7ff75342f37f 23687->23689 23692 7ff75342f3d4 ctype 23687->23692 23693 7ff75342f365 23688->23693 23748 7ff7534340d0 6 API calls 3 library calls 23688->23748 23691 7ff75342f394 23689->23691 23689->23693 23749 7ff7534340d0 6 API calls 3 library calls 23689->23749 23750 7ff753434114 23691->23750 23696 7ff75342f3f7 __vcrt_getptd_noinit ctype 23692->23696 23697 7ff75342f425 23692->23697 23757 7ff7534340d0 6 API calls 3 library calls 23692->23757 23693->23672 23703 7ff7534422a8 23693->23703 23696->23693 23756 7ff75342e740 6 API calls 2 library calls 23696->23756 23698 7ff753434114 _fread_nolock 6 API calls 23697->23698 23698->23696 23768 7ff753441e74 23703->23768 23705 7ff7534422ef 23706 7ff75344231d 23705->23706 23707 7ff753442335 23705->23707 23796 7ff75342e7b8 6 API calls _set_errno_from_matherr 23706->23796 23784 7ff75343cab8 23707->23784 23711 7ff753442322 23797 7ff75342e7e0 6 API calls _set_errno_from_matherr 23711->23797 23718 7ff75344232e 23718->23672 23745->23673 23746->23681 23748->23693 23749->23691 23751 7ff75343415f 23750->23751 23754 7ff753434123 _Getctype 23750->23754 23761 7ff75342e7e0 6 API calls _set_errno_from_matherr 23751->23761 23753 7ff75343415d 23753->23693 23754->23751 23754->23753 23758 7ff75342f4bc 23754->23758 23757->23697 23762 7ff75342f4fc 23758->23762 23760 7ff75342f4ca __crtLCMapStringW 23760->23754 23761->23753 23767 7ff75342d9d4 EnterCriticalSection 23762->23767 23764 7ff75342f509 23765 7ff75342da34 BuildCatchObjectHelperInternal LeaveCriticalSection 23764->23765 23766 7ff75342f527 23765->23766 23766->23760 23769 7ff753441ea0 23768->23769 23777 7ff753441eba 23768->23777 23769->23777 23807 7ff75342e7e0 6 API calls _set_errno_from_matherr 23769->23807 23771 7ff753441eaf 23808 7ff753429648 16 API calls _invalid_parameter_noinfo 23771->23808 23773 7ff753441f8e 23783 7ff753441fe6 23773->23783 23813 7ff7534302e8 16 API calls 2 library calls 23773->23813 23774 7ff753441f3a 23774->23773 23811 7ff75342e7e0 6 API calls _set_errno_from_matherr 23774->23811 23777->23774 23809 7ff75342e7e0 6 API calls _set_errno_from_matherr 23777->23809 23778 7ff753441f83 23812 7ff753429648 16 API calls _invalid_parameter_noinfo 23778->23812 23781 7ff753441f2f 23810 7ff753429648 16 API calls _invalid_parameter_noinfo 23781->23810 23783->23705 23814 7ff75342d9d4 EnterCriticalSection 23784->23814 23796->23711 23797->23718 23807->23771 23808->23777 23809->23781 23810->23774 23811->23778 23812->23773 23813->23783 23815 7ff7534228ac 23827 7ff753422a88 23815->23827 23817 7ff753422910 BuildCatchObjectHelperInternal 23818 7ff753422996 23831 7ff75342fe84 23818->23831 23820 7ff7534228c5 __scrt_acquire_startup_lock __scrt_release_startup_lock 23820->23817 23820->23818 23882 7ff753430294 16 API calls __GSHandlerCheck_EH 23820->23882 23822 7ff75342299b 23837 7ff753413b80 23822->23837 23824 7ff7534229b8 23883 7ff75342316c GetModuleHandleW 23824->23883 23826 7ff7534229bf 23826->23817 23828 7ff753422a90 23827->23828 23829 7ff753422a9c __scrt_dllmain_crt_thread_attach 23828->23829 23830 7ff753422aa5 23829->23830 23830->23820 23832 7ff75342fea9 23831->23832 23833 7ff75342fe94 23831->23833 23832->23822 23833->23832 23884 7ff75342fb14 18 API calls __free_lconv_num 23833->23884 23835 7ff75342feb2 23835->23832 23885 7ff75342fcf4 6 API calls 3 library calls 23835->23885 23838 7ff753413bae _Mtx_guard::~_Mtx_guard 23837->23838 23839 7ff753413bd9 QueryFullProcessImageNameW 23838->23839 23840 7ff753413c06 23839->23840 23844 7ff753413bff ctype Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23839->23844 23886 7ff753411300 23840->23886 23842 7ff753413c0b 23897 7ff7534115e0 23842->23897 23844->23824 23845 7ff753413c1c 23845->23844 23846 7ff753413cd1 23845->23846 23852 7ff753413c37 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 23845->23852 23846->23844 23901 7ff753403880 23846->23901 23850 7ff753413c50 LoadLibraryA 23850->23852 23851 7ff753413d1c _Mtx_guard::~_Mtx_guard 23909 7ff7534081d0 23851->23909 23852->23846 23852->23850 23856 7ff753413d7c _Mtx_guard::~_Mtx_guard Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23937 7ff753411cd0 OpenProcessToken 23856->23937 23858 7ff753413da9 _Mtx_guard::~_Mtx_guard 23963 7ff753414690 23858->23963 23862 7ff753413e4a 23972 7ff7534145e0 23862->23972 23865 7ff753414630 18 API calls 23866 7ff753413ed4 _Mtx_guard::~_Mtx_guard Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23865->23866 23867 7ff753403880 _Mpunct 18 API calls 23866->23867 23868 7ff753413f44 23867->23868 23975 7ff753408130 23868->23975 23870 7ff753413f91 _Mtx_guard::~_Mtx_guard 23871 7ff753403880 _Mpunct 18 API calls 23870->23871 23872 7ff753413fe3 23871->23872 23979 7ff753400990 23872->23979 23874 7ff75341402d 23874->23844 23875 7ff753414099 Concurrency::details::WorkQueue::IsStructuredEmpty _Mtx_guard::~_Mtx_guard 23874->23875 23876 7ff7534140b8 SetEnvironmentVariableW 23875->23876 23877 7ff7534140e8 std::ios_base::_Init 23876->23877 24050 7ff753412670 20 API calls Concurrency::details::ResourceManager::CreateNodeTopology 23877->24050 23879 7ff753414103 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock _Mtx_guard::~_Mtx_guard 24051 7ff753412b20 13 API calls 6 library calls 23879->24051 23881 7ff753414157 Concurrency::details::ResourceManager::CreateNodeTopology Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23881->23844 23882->23818 23883->23826 23884->23835 23885->23832 23887 7ff75341135e _Mtx_guard::~_Mtx_guard 23886->23887 23888 7ff75341136d LoadLibraryA 23887->23888 23889 7ff75341138b _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 23888->23889 23890 7ff7534113eb ctype 23889->23890 23891 7ff75341140e LoadLibraryA 23889->23891 23890->23842 24052 7ff753447848 23891->24052 23893 7ff753411435 CheckTokenMembership 23894 7ff75341146a _Mtx_guard::~_Mtx_guard 23893->23894 23895 7ff753411491 LoadLibraryA 23894->23895 23896 7ff7534114b8 __vcrt_InitializeCriticalSectionEx 23895->23896 23896->23890 23898 7ff753411730 _Mtx_guard::~_Mtx_guard 23897->23898 23899 7ff75341173f LoadLibraryA 23898->23899 23900 7ff75341175d ctype __vcrt_InitializeCriticalSectionEx 23899->23900 23900->23845 23902 7ff7534038a7 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct _WChar_traits 23901->23902 24053 7ff7534021a0 23902->24053 23904 7ff7534038cc 23905 7ff7534139e0 23904->23905 23906 7ff753413a18 std::ios_base::failure::failure _Wcrtomb 23905->23906 23908 7ff753413a1f std::ios_base::failure::failure _Wcrtomb ctype Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23906->23908 24061 7ff7534179f0 18 API calls _Mpunct 23906->24061 23908->23851 23910 7ff7534081f7 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct char_traits 23909->23910 24062 7ff753405f60 23910->24062 23912 7ff75340821c 23913 7ff753411810 23912->23913 23914 7ff753411854 std::ios_base::_Init 23913->23914 24107 7ff753416b00 23914->24107 23916 7ff75341187d 23917 7ff7534118a1 _Mtx_guard::~_Mtx_guard 23916->23917 23921 7ff7534118ee Concurrency::details::WorkQueue::IsStructuredEmpty 23916->23921 23918 7ff7534081d0 _Mpunct 18 API calls 23917->23918 23919 7ff7534118bb 23918->23919 23920 7ff753418f90 Concurrency::details::VirtualProcessor::Initialize 23 API calls 23919->23920 23934 7ff7534118d3 ctype Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23920->23934 24111 7ff753414430 23921->24111 23923 7ff7534119df 23924 7ff753414690 18 API calls 23923->23924 23925 7ff7534119fc 23924->23925 23926 7ff753414630 18 API calls 23925->23926 23929 7ff753411a24 Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23926->23929 23927 7ff753411c09 _Mtx_guard::~_Mtx_guard 23928 7ff7534081d0 _Mpunct 18 API calls 23927->23928 23932 7ff753411c23 Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23928->23932 23929->23927 23930 7ff753411aa2 23929->23930 24117 7ff75341fa30 23930->24117 23933 7ff753418f90 Concurrency::details::VirtualProcessor::Initialize 23 API calls 23932->23933 23933->23934 23934->23856 23935 7ff753411acf std::ios_base::failure::failure Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 24121 7ff753418f90 23935->24121 23938 7ff753411d39 _Mtx_guard::~_Mtx_guard 23937->23938 23940 7ff753411d14 Concurrency::details::ResourceManager::CreateNodeTopology ctype Concurrency::event::~event 23937->23940 23939 7ff753411d5d LoadLibraryA 23938->23939 24367 7ff753447848 23939->24367 23940->23858 23942 7ff753411d7b GetTokenInformation 23943 7ff753411dc0 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 23942->23943 24368 7ff753417f70 23943->24368 23945 7ff753411dfe _Mtx_guard::~_Mtx_guard 23946 7ff753411e1b LoadLibraryA 23945->23946 23947 7ff753411e42 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock __vcrt_InitializeCriticalSectionEx 23946->23947 23948 7ff753411e62 GetTokenInformation 23947->23948 23948->23940 23949 7ff753411eec std::ios_base::_Init Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock Concurrency::event::~event 23948->23949 24372 7ff753417ac0 25 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 23949->24372 23951 7ff753411f33 _Mtx_guard::~_Mtx_guard 23952 7ff753411f50 LoadLibraryA 23951->23952 23953 7ff753411f77 __vcrt_InitializeCriticalSectionEx 23952->23953 24373 7ff753418680 25 API calls 3 library calls 23953->24373 23955 7ff753411fc7 _Mtx_guard::~_Mtx_guard 23956 7ff753411fe3 LoadLibraryA 23955->23956 23960 7ff75341200a _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 23956->23960 23957 7ff7534120bc 24375 7ff75341f9b0 18 API calls 23957->24375 23959 7ff75341206c LoadLibraryA 23959->23960 23960->23957 23960->23959 24374 7ff753418930 25 API calls 3 library calls 23960->24374 23961 7ff7534120d1 Concurrency::details::ResourceManager::CreateNodeTopology 23961->23940 23964 7ff7534146b5 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct char_traits 23963->23964 23965 7ff7534146f2 Concurrency::details::WorkQueue::IsStructuredEmpty 23964->23965 24385 7ff753404c50 18 API calls type_info::_name_internal_method 23964->24385 24381 7ff753417800 23965->24381 23968 7ff753413e05 23969 7ff753414630 23968->23969 24386 7ff75340c580 23969->24386 23971 7ff75341465a std::ios_base::failure::failure 23971->23862 24395 7ff7534173a0 23972->24395 23974 7ff753413e8f 23974->23865 23976 7ff753408152 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure 23975->23976 24402 7ff753406120 23976->24402 23978 7ff7534081b6 23978->23870 23980 7ff7534009af _Mtx_guard::~_Mtx_guard ctype 23979->23980 23981 7ff753400a13 LoadLibraryA 23980->23981 23982 7ff753400a3a Concurrency::details::WorkQueue::IsStructuredEmpty __vcrt_InitializeCriticalSectionEx 23981->23982 23983 7ff753400a4f InternetOpenW 23982->23983 23984 7ff753400a86 _Mtx_guard::~_Mtx_guard 23983->23984 23986 7ff753400aef _Mtx_guard::~_Mtx_guard 23983->23986 23985 7ff753403880 _Mpunct 18 API calls 23984->23985 24003 7ff753400aa0 ctype Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 23985->24003 23987 7ff753400b88 LoadLibraryA 23986->23987 23988 7ff753400baf Concurrency::details::WorkQueue::IsStructuredEmpty __vcrt_InitializeCriticalSectionEx 23987->23988 23989 7ff753400bf0 _Mtx_guard::~_Mtx_guard 23988->23989 23990 7ff753400cb0 _Mtx_guard::~_Mtx_guard 23988->23990 23992 7ff753400c0c LoadLibraryA 23989->23992 23991 7ff753400ccc LoadLibraryA 23990->23991 24409 7ff753447848 23991->24409 23997 7ff753400c33 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 23992->23997 23994 7ff753400cf3 InternetConnectW 23995 7ff753400d4c InternetCloseHandle 23994->23995 23998 7ff753400dc0 _Mtx_guard::~_Mtx_guard 23994->23998 23996 7ff753400d61 _Mtx_guard::~_Mtx_guard 23995->23996 23999 7ff753403880 _Mpunct 18 API calls 23996->23999 24000 7ff753403880 _Mpunct 18 API calls 23997->24000 24001 7ff753400ddc LoadLibraryA 23998->24001 23999->24003 24049 7ff753400c61 Concurrency::details::ResourceManager::CreateNodeTopology __vcrt_InitializeCriticalSectionEx Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor 24000->24049 24002 7ff753400e03 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24001->24002 24004 7ff753400f90 _Mtx_guard::~_Mtx_guard 24002->24004 24005 7ff753400e76 _Mtx_guard::~_Mtx_guard 24002->24005 24003->23874 24006 7ff753400fac LoadLibraryA 24004->24006 24007 7ff753400e92 LoadLibraryA 24005->24007 24009 7ff753400fd3 Concurrency::details::WorkQueue::IsStructuredEmpty __vcrt_InitializeCriticalSectionEx 24006->24009 24008 7ff753400eb9 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24007->24008 24011 7ff753400eec LoadLibraryA 24008->24011 24009->24009 24010 7ff75340103e HttpSendRequestA 24009->24010 24012 7ff7534011e9 HttpQueryInfoW 24010->24012 24014 7ff753401078 _Mtx_guard::~_Mtx_guard 24010->24014 24015 7ff753400f13 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24011->24015 24013 7ff753401220 __vcrt_getptd_noinit 24012->24013 24042 7ff7534013e8 std::ios_base::_Init _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24012->24042 24019 7ff75340126b HttpQueryInfoW 24013->24019 24013->24042 24016 7ff753401094 LoadLibraryA 24014->24016 24020 7ff753403880 _Mpunct 18 API calls 24015->24020 24410 7ff753447848 24016->24410 24018 7ff7534010bb InternetCloseHandle 24411 7ff753401d10 24018->24411 24022 7ff7534012b4 24019->24022 24023 7ff753401412 shared_ptr 24019->24023 24020->24049 24024 7ff753403880 _Mpunct 18 API calls 24022->24024 24023->24042 24026 7ff7534012c9 _Mtx_guard::~_Mtx_guard 24024->24026 24025 7ff7534010d9 _Mtx_guard::~_Mtx_guard 24028 7ff7534010eb LoadLibraryA 24025->24028 24029 7ff753403880 _Mpunct 18 API calls 24026->24029 24027 7ff7534014a0 LoadLibraryA 24027->24042 24030 7ff753401112 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24028->24030 24033 7ff7534012e4 _Mtx_guard::~_Mtx_guard 24029->24033 24031 7ff753401145 LoadLibraryA 24030->24031 24034 7ff75340116c _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24031->24034 24033->24042 24413 7ff753405a00 18 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 24033->24413 24037 7ff753403880 _Mpunct 18 API calls 24034->24037 24035 7ff753401581 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock ctype 24038 7ff753403880 _Mpunct 18 API calls 24035->24038 24037->24049 24043 7ff753401657 _Mtx_guard::~_Mtx_guard shared_ptr UnDecorator::getVbTableType 24038->24043 24039 7ff7534013c7 24040 7ff7534013d3 24039->24040 24039->24042 24414 7ff753403df0 18 API calls 2 library calls 24040->24414 24042->24023 24042->24027 24042->24035 24415 7ff753403460 18 API calls 4 library calls 24042->24415 24044 7ff7534016ef LoadLibraryA 24043->24044 24045 7ff753401716 _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24044->24045 24046 7ff753401746 LoadLibraryA 24045->24046 24047 7ff75340176d _Mtx_guard::~_Mtx_guard __vcrt_InitializeCriticalSectionEx 24046->24047 24048 7ff7534017a0 LoadLibraryA 24047->24048 24048->24049 24049->24003 24050->23879 24051->23881 24052->23893 24054 7ff7534021d6 _Mpunct 24053->24054 24056 7ff7534021e5 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24054->24056 24059 7ff753404c50 18 API calls type_info::_name_internal_method 24054->24059 24058 7ff75340221f Concurrency::details::WorkQueue::IsStructuredEmpty ctype UnDecorator::getVbTableType 24056->24058 24060 7ff753402050 4 API calls 3 library calls 24056->24060 24058->23904 24059->24056 24060->24058 24061->23908 24063 7ff753405f96 _Mpunct 24062->24063 24065 7ff753405fa5 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24063->24065 24068 7ff753404c50 18 API calls type_info::_name_internal_method 24063->24068 24067 7ff753405fdf Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct ctype Concurrency::cancellation_token_source::~cancellation_token_source UnDecorator::getVbTableType 24065->24067 24069 7ff753405e70 24065->24069 24067->23912 24068->24065 24072 7ff753401ff0 24069->24072 24071 7ff753405ea0 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::FreeThreadProxyFactory::Retire allocator 24071->24067 24075 7ff753404ce0 24072->24075 24076 7ff753404cf8 allocator 24075->24076 24079 7ff753401fa0 24076->24079 24080 7ff753401fae allocator 24079->24080 24081 7ff753401fcc 24080->24081 24083 7ff753401fc0 24080->24083 24082 7ff753401fca 24081->24082 24092 7ff7534041d0 24081->24092 24082->24071 24086 7ff753402110 24083->24086 24087 7ff753402133 24086->24087 24088 7ff753402138 24086->24088 24095 7ff753404940 RtlPcToFileHeader RaiseException stdext::threads::lock_error::lock_error Concurrency::cancel_current_task 24087->24095 24090 7ff7534041d0 allocator 4 API calls 24088->24090 24091 7ff753402142 24090->24091 24091->24082 24096 7ff7534222bc 24092->24096 24095->24088 24097 7ff7534222c7 24096->24097 24098 7ff7534041e3 24097->24098 24099 7ff75342f4bc std::ios_base::_Init 2 API calls 24097->24099 24100 7ff7534222e6 24097->24100 24098->24082 24099->24097 24103 7ff7534222f1 24100->24103 24105 7ff753420c9c RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc Concurrency::cancel_current_task 24100->24105 24106 7ff753422e78 RtlPcToFileHeader RaiseException stdext::threads::lock_error::lock_error Concurrency::cancel_current_task 24103->24106 24108 7ff753416b22 Concurrency::details::WorkQueue::IsStructuredEmpty 24107->24108 24124 7ff753416ba0 24108->24124 24112 7ff753414483 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure std::ios_base::_Init ctype 24111->24112 24264 7ff7534145b0 24112->24264 24116 7ff75341450b ctype UnDecorator::getVbTableType 24116->23923 24118 7ff75341fa5a Concurrency::details::WorkQueue::IsStructuredEmpty 24117->24118 24336 7ff753417270 24118->24336 24347 7ff753418120 24121->24347 24123 7ff753418fac std::bad_exception::~bad_exception 24123->23934 24125 7ff753416bc7 Concurrency::details::WorkQueue::IsStructuredEmpty 24124->24125 24134 7ff753416f70 24125->24134 24131 7ff753416c9b 24132 7ff753416b41 24131->24132 24151 7ff75340fc80 18 API calls 2 library calls 24131->24151 24132->23916 24135 7ff753416f97 24134->24135 24152 7ff75341d7d0 24135->24152 24138 7ff753416ab0 24223 7ff753417150 24138->24223 24140 7ff753416ac3 24228 7ff75341a030 24140->24228 24142 7ff753416ae1 24143 7ff75341dc30 24142->24143 24144 7ff75341dc5b 24143->24144 24145 7ff75341dc57 Concurrency::details::ResourceManager::CreateNodeTopology 24143->24145 24234 7ff753421d24 24144->24234 24145->24131 24148 7ff75341a030 Concurrency::event::~event 16 API calls 24149 7ff75341dc94 24148->24149 24240 7ff753416560 25 API calls 7 library calls 24149->24240 24151->24132 24161 7ff75340b690 24152->24161 24156 7ff75341d814 24157 7ff75341d83a 24156->24157 24172 7ff75340fc80 18 API calls 2 library calls 24156->24172 24159 7ff753416c19 24157->24159 24173 7ff753421968 DeleteCriticalSection LeaveCriticalSection EnterCriticalSection std::_Lockit::~_Lockit std::_Lockit::_Lockit 24157->24173 24159->24138 24174 7ff75340cb10 24161->24174 24164 7ff7534222bc std::ios_base::_Init 4 API calls 24165 7ff75340b715 std::ios_base::_Init 24164->24165 24167 7ff75340b73b 24165->24167 24177 7ff753408d30 21 API calls std::ios_base::_Init 24165->24177 24168 7ff7534202b0 24167->24168 24169 7ff7534202cc 24168->24169 24189 7ff7534166a0 24169->24189 24171 7ff7534202e5 Concurrency::details::ResourceManager::CreateNodeTopology 24171->24156 24172->24157 24178 7ff75340cb40 24174->24178 24177->24167 24179 7ff75340cb9a 24178->24179 24180 7ff75340b70b 24178->24180 24181 7ff75340cbaf std::make_error_code 24179->24181 24186 7ff753423398 RtlPcToFileHeader RaiseException 24179->24186 24180->24164 24187 7ff753408bb0 18 API calls std::ios_base::failure::failure 24181->24187 24184 7ff75340cc0e 24188 7ff753423398 RtlPcToFileHeader RaiseException 24184->24188 24186->24181 24187->24184 24188->24180 24203 7ff753420d94 24189->24203 24193 7ff7534166dd std::locale::_Getfacet 24202 7ff75341670a 24193->24202 24219 7ff753419b90 25 API calls 2 library calls 24193->24219 24196 7ff7534167b8 ctype 24196->24171 24197 7ff753416728 24198 7ff75341672e 24197->24198 24200 7ff753416736 std::ios_base::_Init 24197->24200 24220 7ff75340c320 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc Concurrency::cancel_current_task 24198->24220 24221 7ff753420ffc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 24200->24221 24215 7ff753420e1c 24202->24215 24204 7ff753420da3 24203->24204 24206 7ff753420da8 24203->24206 24222 7ff75342da54 EnterCriticalSection std::_Lockit::_Lockit 24204->24222 24207 7ff7534166c4 24206->24207 24208 7ff753420df5 DeleteCriticalSection 24206->24208 24209 7ff753409b30 24207->24209 24208->24207 24208->24208 24210 7ff753409b91 ctype 24209->24210 24211 7ff753409b53 24209->24211 24210->24193 24212 7ff753420d94 std::_Lockit::_Lockit 2 API calls 24211->24212 24213 7ff753409b5f 24212->24213 24214 7ff753420e1c std::_Lockit::~_Lockit LeaveCriticalSection 24213->24214 24214->24210 24216 7ff753420e27 LeaveCriticalSection 24215->24216 24217 7ff753420e30 24215->24217 24217->24196 24219->24197 24220->24202 24221->24202 24224 7ff7534222bc std::ios_base::_Init 4 API calls 24223->24224 24225 7ff75341720c std::ios_base::_Init 24224->24225 24226 7ff753417232 Concurrency::event::~event 24225->24226 24232 7ff753408d30 21 API calls std::ios_base::_Init 24225->24232 24226->24140 24229 7ff75341a05c Concurrency::event::~event 24228->24229 24230 7ff75341a0e4 ctype Concurrency::event::~event 24229->24230 24233 7ff75342c040 16 API calls 2 library calls 24229->24233 24230->24142 24232->24226 24233->24230 24235 7ff753421d6a 24234->24235 24236 7ff75341dc6e 24235->24236 24241 7ff75342d0c8 23 API calls _vswprintf_s_l 24235->24241 24236->24145 24236->24148 24238 7ff753421db8 24238->24236 24242 7ff75342c1e4 24238->24242 24240->24145 24241->24238 24243 7ff75342c214 24242->24243 24250 7ff75342c0b8 24243->24250 24245 7ff75342c22d 24247 7ff75342c252 24245->24247 24260 7ff753429224 16 API calls 3 library calls 24245->24260 24249 7ff75342c267 24247->24249 24261 7ff753429224 16 API calls 3 library calls 24247->24261 24249->24236 24251 7ff75342c101 24250->24251 24252 7ff75342c0d3 24250->24252 24259 7ff75342c0f3 Concurrency::event::~event 24251->24259 24262 7ff75342c090 EnterCriticalSection 24251->24262 24263 7ff753429570 16 API calls 3 library calls 24252->24263 24255 7ff75342c117 24256 7ff75342c138 Concurrency::event::~event 21 API calls 24255->24256 24257 7ff75342c123 24256->24257 24258 7ff75342c0a4 _fread_nolock LeaveCriticalSection 24257->24258 24258->24259 24259->24245 24260->24247 24261->24249 24263->24259 24278 7ff75341d330 24264->24278 24267 7ff753414950 24268 7ff753414997 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24267->24268 24269 7ff7534145b0 type_info::_name_internal_method 23 API calls 24268->24269 24270 7ff753414a07 _Mpunct 24269->24270 24274 7ff753414a47 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24270->24274 24276 7ff753414b75 Concurrency::details::WorkQueue::IsStructuredEmpty ctype Concurrency::cancellation_token_source::~cancellation_token_source 24270->24276 24277 7ff753414a86 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct Concurrency::cancellation_token_source::~cancellation_token_source UnDecorator::getVbTableType 24270->24277 24334 7ff753404c50 18 API calls type_info::_name_internal_method 24270->24334 24273 7ff753414b36 Concurrency::cancellation_token_source::~cancellation_token_source 24273->24116 24275 7ff753405e70 _Mpunct 4 API calls 24274->24275 24275->24277 24276->24116 24335 7ff753418cd0 23 API calls type_info::_name_internal_method 24277->24335 24279 7ff75341d34b 24278->24279 24280 7ff75341d355 24278->24280 24284 7ff75341af60 24279->24284 24282 7ff75341af60 type_info::_name_internal_method 23 API calls 24280->24282 24283 7ff753414504 24280->24283 24282->24283 24283->24116 24283->24267 24285 7ff75341af74 24284->24285 24287 7ff75341af81 type_info::_name_internal_method shared_ptr 24284->24287 24288 7ff75341f6f0 24285->24288 24287->24280 24289 7ff75341f703 shared_ptr 24288->24289 24290 7ff75341f708 type_info::_name_internal_method shared_ptr 24289->24290 24292 7ff753420040 24289->24292 24290->24287 24293 7ff753420053 ~_Mpunct type_info::_name_internal_method 24292->24293 24294 7ff75342007b type_info::_name_internal_method shared_ptr 24293->24294 24296 7ff75341fc40 24293->24296 24294->24290 24298 7ff75341fc6b ~_Mpunct Concurrency::event::~event type_info::_name_internal_method 24296->24298 24297 7ff75341fc99 ctype Concurrency::details::SchedulerBase::StartupIdleVirtualProcessor shared_ptr 24297->24294 24298->24297 24299 7ff75341fceb 24298->24299 24303 7ff75341fd33 Concurrency::details::WorkQueue::IsStructuredEmpty 24298->24303 24307 7ff753415100 24299->24307 24303->24297 24305 7ff75341fe7e Concurrency::details::WorkQueue::IsStructuredEmpty 24303->24305 24310 7ff75342c6e8 24303->24310 24331 7ff75341e770 18 API calls 2 library calls 24303->24331 24333 7ff75341d470 18 API calls 24303->24333 24305->24297 24332 7ff75342d924 18 API calls 4 library calls 24305->24332 24308 7ff75342c6e8 _Fgetc 21 API calls 24307->24308 24309 7ff753415118 24308->24309 24309->24297 24311 7ff75342c722 24310->24311 24312 7ff75342c704 24310->24312 24314 7ff75342c090 _fread_nolock EnterCriticalSection 24311->24314 24313 7ff75342e7e0 _set_errno_from_matherr 6 API calls 24312->24313 24315 7ff75342c709 24313->24315 24316 7ff75342c727 24314->24316 24317 7ff753429648 _invalid_parameter_noinfo 16 API calls 24315->24317 24318 7ff75342c7dc 24316->24318 24319 7ff7534353d8 _Fgetc 16 API calls 24316->24319 24321 7ff75342c714 24317->24321 24320 7ff75342c69c _Fgetc 18 API calls 24318->24320 24324 7ff75342c743 24319->24324 24322 7ff75342c7e4 24320->24322 24321->24303 24323 7ff75342c0a4 _fread_nolock LeaveCriticalSection 24322->24323 24323->24321 24324->24318 24325 7ff75342c7b1 24324->24325 24326 7ff75342e7e0 _set_errno_from_matherr 6 API calls 24325->24326 24327 7ff75342c7b6 24326->24327 24328 7ff753429648 _invalid_parameter_noinfo 16 API calls 24327->24328 24329 7ff75342c7c1 24328->24329 24330 7ff7534447b8 _local_unwind RtlUnwind 24329->24330 24330->24321 24331->24303 24332->24305 24333->24303 24334->24274 24335->24273 24337 7ff7534172a9 std::ios_base::failure::failure 24336->24337 24342 7ff7534044a0 24337->24342 24339 7ff7534172c3 Concurrency::details::WorkQueue::IsStructuredEmpty 24340 7ff753405f60 _Mpunct 18 API calls 24339->24340 24341 7ff753417311 24340->24341 24341->23935 24343 7ff7534044c3 24342->24343 24344 7ff7534044be 24342->24344 24343->24339 24346 7ff753404c90 18 API calls 24344->24346 24346->24343 24350 7ff7534180c0 24347->24350 24349 7ff753418192 Concurrency::details::ThreadProxyFactoryManager::~ThreadProxyFactoryManager 24349->24123 24352 7ff7534180e7 Concurrency::event::~event 24350->24352 24351 7ff753418108 ~_Mpunct 24351->24349 24352->24351 24354 7ff75341b550 24352->24354 24355 7ff75341b568 Concurrency::event::~event 24354->24355 24356 7ff75341b5a7 24354->24356 24362 7ff7534196c0 24355->24362 24357 7ff75341a030 Concurrency::event::~event 16 API calls 24356->24357 24358 7ff75341b5d1 24357->24358 24358->24351 24360 7ff75341b586 24361 7ff75342c1e4 Concurrency::event::~event 23 API calls 24360->24361 24361->24356 24363 7ff7534196fd ctype 24362->24363 24364 7ff7534196ed Concurrency::event::~event shared_ptr 24362->24364 24363->24360 24364->24363 24366 7ff75342d4e0 23 API calls 2 library calls 24364->24366 24366->24363 24367->23942 24369 7ff753417fa1 24368->24369 24376 7ff753414c60 24369->24376 24371 7ff753417fb0 24371->23945 24372->23951 24373->23955 24374->23960 24375->23961 24377 7ff753414c87 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24376->24377 24379 7ff753414ccd Concurrency::details::WorkQueue::IsStructuredEmpty ctype Concurrency::cancellation_token_source::~cancellation_token_source 24377->24379 24380 7ff7534195e0 18 API calls type_info::_name_internal_method 24377->24380 24379->24371 24380->24379 24383 7ff753417843 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure _Mpunct 24381->24383 24382 7ff753417918 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct ctype Concurrency::cancellation_token_source::~cancellation_token_source UnDecorator::getVbTableType 24382->23968 24383->24382 24384 7ff753405e70 _Mpunct 4 API calls 24383->24384 24384->24382 24385->23965 24387 7ff75340c598 Concurrency::details::WorkQueue::IsStructuredEmpty char_traits 24386->24387 24390 7ff75340c5c0 24387->24390 24389 7ff75340c5b2 24389->23971 24391 7ff75340c67e 24390->24391 24393 7ff75340c5fd Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure Concurrency::cancellation_token_source::~cancellation_token_source 24390->24393 24394 7ff7534070f0 18 API calls 6 library calls 24391->24394 24393->24389 24394->24393 24396 7ff7534173e9 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure _Mpunct 24395->24396 24398 7ff7534176ae Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24396->24398 24400 7ff7534174e6 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::failure::failure _Mpunct ctype UnDecorator::getVbTableType 24396->24400 24401 7ff753404c50 18 API calls type_info::_name_internal_method 24396->24401 24399 7ff753405e70 _Mpunct 4 API calls 24398->24399 24399->24400 24400->23974 24401->24398 24403 7ff753406156 _Mpunct 24402->24403 24406 7ff753406165 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 24403->24406 24408 7ff753404c50 18 API calls type_info::_name_internal_method 24403->24408 24405 7ff75340619f Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct ctype UnDecorator::getVbTableType 24405->23978 24406->24405 24407 7ff753405e70 _Mpunct 4 API calls 24406->24407 24407->24405 24408->24406 24409->23994 24410->24018 24412 7ff753401d25 _Mtx_guard::~_Mtx_guard 24411->24412 24412->24025 24413->24039 24414->24042 24415->24042 24416 7ff753430081 24428 7ff75343245c 24416->24428 24418 7ff753430086 24419 7ff7534300ff 24418->24419 24420 7ff7534300b5 GetModuleHandleW 24418->24420 24421 7ff75342ff7c 6 API calls 24419->24421 24420->24419 24426 7ff7534300c2 24420->24426 24422 7ff75343013b 24421->24422 24423 7ff753430142 24422->24423 24424 7ff75343015c GetCurrentProcess TerminateProcess ExitProcess GetModuleHandleExW 24422->24424 24425 7ff753430154 24424->24425 24426->24419 24427 7ff7534301cc GetModuleHandleExW 24426->24427 24427->24419 24433 7ff7534331b0 16 API calls 4 library calls 24428->24433 24430 7ff753432465 __crtLCMapStringW 24434 7ff75342ef80 16 API calls BuildCatchObjectHelperInternal 24430->24434 24433->24430

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 7ff753400990-7ff753400a84 call 7ff753422700 call 7ff7534038e0 call 7ff7534019f0 call 7ff753401a30 call 7ff753401a10 LoadLibraryA call 7ff753447848 call 7ff753405090 InternetOpenW 15 7ff753400a86-7ff753400aea call 7ff753401a50 call 7ff753403880 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 0->15 16 7ff753400aef-7ff753400bea call 7ff753401a90 call 7ff753401a70 LoadLibraryA call 7ff753447848 call 7ff753405090 0->16 43 7ff753401848-7ff753401860 call 7ff753422760 15->43 36 7ff753400cb0-7ff753400d4a call 7ff753401b30 call 7ff753401b10 LoadLibraryA call 7ff753447848 InternetConnectW 16->36 37 7ff753400bf0-7ff753400cab call 7ff753401ad0 call 7ff753401ab0 LoadLibraryA call 7ff753447848 call 7ff753401af0 call 7ff753403880 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 16->37 55 7ff753400dc0-7ff753400e70 call 7ff753401b90 call 7ff753401b70 LoadLibraryA call 7ff753447848 call 7ff753401bb0 36->55 56 7ff753400d4c-7ff753400dbb InternetCloseHandle call 7ff753401b50 call 7ff753403880 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 36->56 37->43 87 7ff753400e76-7ff753400f8b call 7ff753401bf0 call 7ff753401bd0 LoadLibraryA call 7ff753447848 call 7ff753401c30 call 7ff753401c10 LoadLibraryA call 7ff753447848 call 7ff753401c50 call 7ff753403880 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 55->87 88 7ff753400f90-7ff753401014 call 7ff753401c90 call 7ff753401c70 LoadLibraryA call 7ff753447848 call 7ff753405770 call 7ff753405060 55->88 56->43 87->43 112 7ff753401020-7ff75340103c 88->112 112->112 114 7ff75340103e-7ff753401072 HttpSendRequestA 112->114 116 7ff7534011e9-7ff75340121a HttpQueryInfoW 114->116 117 7ff753401078-7ff7534010d4 call 7ff753401cd0 call 7ff753401cb0 LoadLibraryA call 7ff753447848 InternetCloseHandle call 7ff753401d10 114->117 120 7ff753401464-7ff753401483 call 7ff753404cb0 call 7ff753403940 116->120 121 7ff753401220-7ff753401229 call 7ff753447898 116->121 150 7ff7534010d9-7ff7534011e4 call 7ff753401cf0 LoadLibraryA call 7ff753447848 call 7ff753401d50 call 7ff753401d30 LoadLibraryA call 7ff753447848 call 7ff753401d70 call 7ff753403880 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 117->150 138 7ff753401484-7ff7534014f3 call 7ff753401df0 call 7ff753401dd0 LoadLibraryA call 7ff753447848 120->138 121->120 132 7ff75340122f-7ff7534012ae call 7ff753422318 HttpQueryInfoW 121->132 144 7ff7534012b4-7ff75340130e call 7ff753403880 call 7ff753401d90 call 7ff753403880 call 7ff753405620 132->144 145 7ff753401412-7ff753401438 call 7ff75342230c 132->145 177 7ff753401581-7ff7534016a7 call 7ff753402f40 call 7ff753447818 call 7ff753422318 call 7ff753402f40 call 7ff753447818 call 7ff753403880 call 7ff753403d60 call 7ff753403c70 call 7ff75342230c 138->177 178 7ff7534014f9-7ff753401501 138->178 185 7ff753401314-7ff7534013d1 call 7ff753401db0 call 7ff7534056b0 call 7ff753405770 * 2 call 7ff753405a00 144->185 186 7ff7534013f7-7ff75340140d call 7ff753403c70 * 2 144->186 157 7ff75340143a-7ff753401446 145->157 158 7ff753401448-7ff75340145c 145->158 150->43 157->120 158->120 244 7ff7534016a9-7ff7534016b5 177->244 245 7ff7534016b7-7ff7534016cb 177->245 178->177 182 7ff753401503-7ff75340157c call 7ff753405530 call 7ff753403460 178->182 182->138 225 7ff7534013d3-7ff7534013e8 call 7ff753403df0 185->225 226 7ff7534013e9-7ff7534013f6 call 7ff753403c70 185->226 186->145 225->226 226->186 246 7ff7534016d3-7ff753401840 call 7ff753401e30 call 7ff753401e10 LoadLibraryA call 7ff753447848 call 7ff753401e70 call 7ff753401e50 LoadLibraryA call 7ff753447848 call 7ff753401eb0 call 7ff753401e90 LoadLibraryA call 7ff753447848 call 7ff753403740 call 7ff753403ca0 call 7ff753403c70 * 2 call 7ff753403c40 call 7ff753403c70 244->246 245->246 246->43
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$Concurrency::details::EmptyQueue::StructuredWork$AddressLibraryLoadProc$Char_traitsInternetOpen
                                      • String ID: h
                                      • API String ID: 917305780-2439710439
                                      • Opcode ID: a123d6ffc92ff196f332322dd4a8ac77e0fd754275bb3b9687ef820d29bb63e3
                                      • Instruction ID: bd9697a482e54de05c90c18ae84cc85c9066b1b3077ab7f5c964a6c81add17e0
                                      • Opcode Fuzzy Hash: a123d6ffc92ff196f332322dd4a8ac77e0fd754275bb3b9687ef820d29bb63e3
                                      • Instruction Fuzzy Hash: 1672E83261DAC181E6B0EB11E4953EFB3A5FBC4780F840135EA8D9BAA9DF7CD5448B50

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$AddressLibraryLoadProc$CheckMembershipToken
                                      • String ID:
                                      • API String ID: 1533160778-0
                                      • Opcode ID: 3b7cd0a492259e57927d04caf5dfee38ab84c18b78d94576b40c695ba8ddcaf5
                                      • Instruction ID: 1ec04b81a75421cedcea7eeff3759546c192638fc9080a3e41a3b9db9b31dbb3
                                      • Opcode Fuzzy Hash: 3b7cd0a492259e57927d04caf5dfee38ab84c18b78d94576b40c695ba8ddcaf5
                                      • Instruction Fuzzy Hash: BC51E23261DBC185E7A0AB14F8543ABBBA1FB85784F944125D6CD97BA9DF3CD008CB90

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 604 7ff7534386a4-7ff7534386c5 605 7ff7534386c7-7ff7534386da call 7ff75342e7b8 call 7ff75342e7e0 604->605 606 7ff7534386df-7ff7534386e1 604->606 624 7ff753438adb 605->624 608 7ff7534386e7-7ff7534386ee 606->608 609 7ff753438ac3-7ff753438ad0 call 7ff75342e7b8 call 7ff75342e7e0 606->609 608->609 612 7ff7534386f4-7ff753438728 608->612 628 7ff753438ad6 call 7ff753429648 609->628 612->609 613 7ff75343872e-7ff753438735 612->613 616 7ff753438737-7ff75343874a call 7ff75342e7b8 call 7ff75342e7e0 613->616 617 7ff75343874f-7ff753438752 613->617 616->628 621 7ff753438758-7ff75343875a 617->621 622 7ff753438abf-7ff753438ac1 617->622 621->622 627 7ff753438760-7ff753438763 621->627 625 7ff753438ade-7ff753438aed 622->625 624->625 627->616 630 7ff753438765-7ff753438789 627->630 628->624 633 7ff7534387be-7ff7534387c6 630->633 634 7ff75343878b-7ff75343878e 630->634 635 7ff75343879a-7ff7534387b1 call 7ff75342e7b8 call 7ff75342e7e0 call 7ff753429648 633->635 636 7ff7534387c8-7ff7534387f2 call 7ff753434114 call 7ff7534340d0 * 2 633->636 637 7ff753438790-7ff753438798 634->637 638 7ff7534387b6-7ff7534387bc 634->638 665 7ff75343894d 635->665 668 7ff75343880f-7ff753438839 call 7ff753438d7c 636->668 669 7ff7534387f4-7ff75343880a call 7ff75342e7e0 call 7ff75342e7b8 636->669 637->635 637->638 639 7ff75343883d-7ff75343884e 638->639 642 7ff7534388d5-7ff7534388df call 7ff753440f60 639->642 643 7ff753438854-7ff75343885c 639->643 654 7ff75343896b 642->654 655 7ff7534388e5-7ff7534388fb 642->655 643->642 646 7ff75343885e-7ff753438860 643->646 646->642 652 7ff753438862-7ff753438880 646->652 652->642 657 7ff753438882-7ff75343888e 652->657 661 7ff753438970-7ff753438989 call 7ff753447838 654->661 655->654 659 7ff7534388fd-7ff75343890f call 7ff753447a80 655->659 657->642 662 7ff753438890-7ff753438892 657->662 659->654 677 7ff753438911-7ff753438919 659->677 672 7ff75343898f-7ff753438991 661->672 662->642 667 7ff753438894-7ff7534388ac 662->667 675 7ff753438950-7ff75343895a call 7ff7534340d0 665->675 667->642 673 7ff7534388ae-7ff7534388ba 667->673 668->639 669->665 678 7ff753438a89-7ff753438a92 call 7ff753447898 672->678 679 7ff753438997-7ff75343899f 672->679 673->642 680 7ff7534388bc-7ff7534388be 673->680 675->625 677->661 684 7ff75343891b-7ff75343893e call 7ff753447a98 677->684 693 7ff753438aaf-7ff753438ab2 678->693 694 7ff753438a94-7ff753438aaa call 7ff75342e7e0 call 7ff75342e7b8 678->694 679->678 685 7ff7534389a5 679->685 680->642 686 7ff7534388c0-7ff7534388d0 680->686 700 7ff753438940 call 7ff753447898 684->700 701 7ff75343895f-7ff753438969 684->701 691 7ff7534389ac-7ff7534389c3 685->691 686->642 691->675 696 7ff7534389c5-7ff7534389d0 691->696 698 7ff753438ab8-7ff753438aba 693->698 699 7ff753438946-7ff753438948 call 7ff75342e740 693->699 694->665 702 7ff7534389f7-7ff7534389ff 696->702 703 7ff7534389d2-7ff7534389eb call 7ff7534382a8 696->703 698->675 699->665 700->699 701->691 708 7ff753438a77-7ff753438a84 call 7ff7534380c8 702->708 709 7ff753438a01-7ff753438a13 702->709 712 7ff7534389f0-7ff7534389f2 703->712 708->712 713 7ff753438a6a-7ff753438a72 709->713 714 7ff753438a15 709->714 712->675 713->675 715 7ff753438a1b-7ff753438a22 714->715 718 7ff753438a5f-7ff753438a64 715->718 719 7ff753438a24-7ff753438a28 715->719 718->713 720 7ff753438a2a-7ff753438a31 719->720 721 7ff753438a45 719->721 720->721 722 7ff753438a33-7ff753438a37 720->722 723 7ff753438a4b-7ff753438a5b 721->723 722->721 724 7ff753438a39-7ff753438a43 722->724 723->715 725 7ff753438a5d 723->725 724->723 725->713
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: f8d15a71b8f5171385af8a2d1e5931a2d0e549c31eaba9e616cd11acb5775add
                                      • Instruction ID: 215c64d3cb3b4c7dc0d0af6889d3eb8cfe80ad0b0076815a323de9fa4e36434c
                                      • Opcode Fuzzy Hash: f8d15a71b8f5171385af8a2d1e5931a2d0e549c31eaba9e616cd11acb5775add
                                      • Instruction Fuzzy Hash: 36C1C622A2864A55E7A27B1184403BEF692EF817D0F8D4131DA4DA77E1CF7CE499C721

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$Token$AddressInformationLibraryLoadProc$CloseConcurrency::details::_CriticalHandleLock::_OpenProcessReentrantScoped_lockScoped_lock::~_
                                      • String ID:
                                      • API String ID: 2078037076-0
                                      • Opcode ID: 03a655a6cb52572edd5b51dc895c6746e688283155fcb057e0e50e88a06c162d
                                      • Instruction ID: 6d487d7906afe955bc255cbb1c33acf0dcb057ebda579c063c9b7781e06c3c4d
                                      • Opcode Fuzzy Hash: 03a655a6cb52572edd5b51dc895c6746e688283155fcb057e0e50e88a06c162d
                                      • Instruction Fuzzy Hash: 90B1E53262DAC586D6A0EB11E8813EBB7A1FBC4740F904136E68E97B69DF3CD444CB50

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 359 7ff753413b80-7ff753413bfd call 7ff753414200 call 7ff7534141e0 call 7ff7534107e0 call 7ff7534108d0 QueryFullProcessImageNameW 368 7ff753413bff-7ff753413c01 359->368 369 7ff753413c06-7ff753413c21 call 7ff753411300 call 7ff7534115e0 359->369 370 7ff7534141b6-7ff7534141cd call 7ff753422760 368->370 377 7ff753413c2a-7ff753413c31 369->377 378 7ff753413c23-7ff753413c25 369->378 379 7ff753413c37-7ff753413cca call 7ff753414240 call 7ff753414220 LoadLibraryA call 7ff753447848 call 7ff753414280 call 7ff753414260 377->379 380 7ff753413cd1-7ff753413cd8 377->380 378->370 379->380 406 7ff753413ccc 379->406 381 7ff753413cda-7ff753413cdc 380->381 382 7ff753413ce1-7ff753414028 call 7ff753403880 call 7ff7534139e0 call 7ff7534142a0 call 7ff7534081d0 call 7ff753411810 call 7ff753403c40 call 7ff753414300 call 7ff753411cd0 call 7ff7534142e0 call 7ff7534142c0 call 7ff753414690 call 7ff753414630 call 7ff7534145e0 call 7ff753414630 call 7ff753403c40 * 4 call 7ff7534038e0 call 7ff753414340 call 7ff753403880 call 7ff753408130 call 7ff753414320 call 7ff753403880 call 7ff753400990 380->382 381->370 444 7ff75341402d-7ff753414041 call 7ff753405770 382->444 406->379 447 7ff753414099-7ff7534141b2 call 7ff753405090 call 7ff753414360 SetEnvironmentVariableW call 7ff753404cb0 call 7ff753412670 call 7ff75341f7a0 call 7ff753402f40 call 7ff753414380 call 7ff753412b20 call 7ff753403ca0 call 7ff753403c70 * 2 call 7ff753403c40 * 2 call 7ff753403c70 444->447 448 7ff753414043-7ff753414094 call 7ff753403c70 * 2 call 7ff753403c40 * 2 call 7ff753403c70 444->448 447->370 448->370
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$FullImageNameProcessQuery
                                      • String ID:
                                      • API String ID: 4084525217-0
                                      • Opcode ID: b71c344727e500e4c5d1f922a707b5fca2e5bb815f3874dc24ebc682f640d423
                                      • Instruction ID: a3b00367157ec5f425577baacadd2ef5ab7f9f97c8ba25336f5ba42fb3e53be5
                                      • Opcode Fuzzy Hash: b71c344727e500e4c5d1f922a707b5fca2e5bb815f3874dc24ebc682f640d423
                                      • Instruction Fuzzy Hash: 96E1E33261DAC291D6B0EB51E4803EFF3A5EBC4740F940132E68D96BA9EE3CD554CB90

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 518 7ff7534422a8-7ff75344231b call 7ff753441e74 521 7ff75344231d-7ff753442326 call 7ff75342e7b8 518->521 522 7ff753442335-7ff75344233f call 7ff75343cab8 518->522 527 7ff753442329-7ff753442330 call 7ff75342e7e0 521->527 528 7ff75344235a-7ff7534423c3 CreateFileW 522->528 529 7ff753442341-7ff753442358 call 7ff75342e7b8 call 7ff75342e7e0 522->529 543 7ff753442677-7ff753442697 527->543 532 7ff753442440-7ff75344244b GetFileType 528->532 533 7ff7534423c5-7ff7534423cb 528->533 529->527 535 7ff75344249e-7ff7534424a5 532->535 536 7ff75344244d-7ff753442488 call 7ff753447898 call 7ff75342e740 call 7ff753447840 532->536 538 7ff75344240d-7ff75344243b call 7ff753447898 call 7ff75342e740 533->538 539 7ff7534423cd-7ff7534423d1 533->539 540 7ff7534424a7-7ff7534424ab 535->540 541 7ff7534424ad-7ff7534424b0 535->541 536->527 565 7ff75344248e-7ff753442499 call 7ff75342e7e0 536->565 538->527 539->538 546 7ff7534423d3-7ff75344240b CreateFileW 539->546 547 7ff7534424b6-7ff75344250b call 7ff75343c9c0 540->547 541->547 549 7ff7534424b2 541->549 546->532 546->538 558 7ff75344252a-7ff75344255b call 7ff753441bf4 547->558 559 7ff75344250d-7ff753442519 call 7ff753442084 547->559 549->547 567 7ff75344255d-7ff75344255f 558->567 568 7ff753442561-7ff7534425a4 558->568 559->558 569 7ff75344251b 559->569 565->527 571 7ff75344251d-7ff753442525 call 7ff753436630 567->571 572 7ff7534425c6-7ff7534425d1 568->572 573 7ff7534425a6-7ff7534425aa 568->573 569->571 571->543 576 7ff7534425d7-7ff7534425db 572->576 577 7ff753442675 572->577 573->572 575 7ff7534425ac-7ff7534425c1 573->575 575->572 576->577 579 7ff7534425e1-7ff753442626 call 7ff753447840 CreateFileW 576->579 577->543 583 7ff753442628-7ff753442656 call 7ff753447898 call 7ff75342e740 call 7ff75343cbfc 579->583 584 7ff75344265b-7ff753442670 579->584 583->584 584->577
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                      • String ID:
                                      • API String ID: 1330151763-0
                                      • Opcode ID: 86a9eb8cdefa0c81bcd80dcf4a157a2cfc05d398ae7d4718d933ac730be89033
                                      • Instruction ID: 55997605f6e370eaa2db34fafd14e7697f9f3216c19c0cc7328f2d247f99e3bc
                                      • Opcode Fuzzy Hash: 86a9eb8cdefa0c81bcd80dcf4a157a2cfc05d398ae7d4718d933ac730be89033
                                      • Instruction Fuzzy Hash: 1DC1BF36F24A4186FB90EF64D4906BD7762E748B98B495235DA2EE73E4DF38D052C310

                                      Control-flow Graph

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$AddressLibraryLoadProc
                                      • String ID: $O$X
                                      • API String ID: 1138954263-3341619949
                                      • Opcode ID: bc9c43e34d7fab47b652313b27f145ce6cc0c84c43fbd12292a609fb880e39a6
                                      • Instruction ID: fb6b83d131005ae87b5125a8ccb612c428584227300b7a4b2dda27c04ebfae69
                                      • Opcode Fuzzy Hash: bc9c43e34d7fab47b652313b27f145ce6cc0c84c43fbd12292a609fb880e39a6
                                      • Instruction Fuzzy Hash: 0941163211CBC18AE7709B24F4483ABBBA1F785354F50422AE6D996BA9DF7DC1488F50

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 726 7ff75341fc40-7ff75341fc6e call 7ff75340e710 729 7ff75341fc70-7ff75341fc97 call 7ff75340e710 call 7ff75341d1d0 726->729 730 7ff75341fcb3-7ff75341fcc3 726->730 729->730 747 7ff75341fc99-7ff75341fcae call 7ff753419f00 call 7ff75341fc30 729->747 731 7ff75341fccf-7ff75341fce9 call 7ff75341b160 730->731 732 7ff75341fcc5-7ff75341fcca call 7ff75341d270 730->732 741 7ff75341fceb-7ff75341fd02 call 7ff753415100 731->741 742 7ff75341fd33-7ff75341fd40 call 7ff753408290 731->742 740 7ff75341ffaa-7ff75341ffc1 call 7ff753422760 732->740 749 7ff75341fd07-7ff75341fd0c 741->749 752 7ff75341fd41-7ff75341fd5e call 7ff75342c6e8 742->752 747->740 753 7ff75341fd0e-7ff75341fd1f call 7ff75341fc30 749->753 754 7ff75341fd21-7ff75341fd26 call 7ff75341d270 749->754 765 7ff75341fd60-7ff75341fd7a call 7ff75341d270 call 7ff753403c40 752->765 766 7ff75341fd7f-7ff75341fe4f call 7ff75341e770 call 7ff753405060 call 7ff753405770 call 7ff753405060 call 7ff75341d750 752->766 764 7ff75341fd2a-7ff75341fd2e 753->764 754->764 764->740 765->740 781 7ff75341fe68-7ff75341fe78 766->781 782 7ff75341fe51-7ff75341fe56 766->782 784 7ff75341fe7e-7ff75341feb6 call 7ff753405060 call 7ff753405770 781->784 785 7ff75341ff25-7ff75341ff97 call 7ff753405060 call 7ff75341d470 781->785 782->781 783 7ff75341fe58-7ff75341fe5d 782->783 786 7ff75341ff54-7ff75341ff79 call 7ff75341d660 call 7ff753403c40 783->786 787 7ff75341fe63-7ff75341ff95 call 7ff75341d270 call 7ff753403c40 783->787 802 7ff75341febb-7ff75341fec1 784->802 785->752 786->740 787->740 806 7ff75341fefe-7ff75341ff20 call 7ff75341fc30 call 7ff753403c40 802->806 807 7ff75341fec3-7ff75341fefc call 7ff75342d924 802->807 806->740 807->802
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Fgetc
                                      • String ID:
                                      • API String ID: 1720979605-0
                                      • Opcode ID: 390ee6c80a8e1c71eef77ad14dc2aecaf67d0815ab58905e178a122f91289330
                                      • Instruction ID: e66cdf32852b181cf8a86d62157fec271970f9f0b3dbb56036d25b5d3a80f79e
                                      • Opcode Fuzzy Hash: 390ee6c80a8e1c71eef77ad14dc2aecaf67d0815ab58905e178a122f91289330
                                      • Instruction Fuzzy Hash: 3091EF6262CAC685D6B0AB14E4503BEF361FB85740F944136E68D97AAADF3CD405CBA0

                                      Control-flow Graph

                                      APIs
                                        • Part of subcall function 00007FF753416B00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF753416B1D
                                      • _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF7534118A6
                                        • Part of subcall function 00007FF7534081D0: char_traits.LIBCPMTD ref: 00007FF7534081FD
                                        • Part of subcall function 00007FF753418F90: std::bad_exception::~bad_exception.LIBCMTD ref: 00007FF753418FBA
                                        • Part of subcall function 00007FF753403C40: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF753403C5B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork$Mtx_guardMtx_guard::~_char_traitsstd::bad_exception::~bad_exception
                                      • String ID: ":"
                                      • API String ID: 1492957392-876729345
                                      • Opcode ID: a2c9e8d2e1ab1624d62867d323e3fe2fe7b8fa60bead2f5c7fb2990c6c0aa1cc
                                      • Instruction ID: 9de2830eaefd60a0a18da050e36c7396c0a519eec83821bb1843c4305bcda64b
                                      • Opcode Fuzzy Hash: a2c9e8d2e1ab1624d62867d323e3fe2fe7b8fa60bead2f5c7fb2990c6c0aa1cc
                                      • Instruction Fuzzy Hash: B3B1FD3262CAC995DAA0EB11E4913FBA361F7C4784F940132E68D97BA9DF3CD505CB50

                                      Control-flow Graph

                                      APIs
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF753414992
                                      • type_info::_name_internal_method.LIBCMTD ref: 00007FF753414A02
                                      • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00007FF753414BC3
                                        • Part of subcall function 00007FF75340EA70: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75340EA8D
                                        • Part of subcall function 00007FF75340EA70: _Max_value.LIBCPMTD ref: 00007FF75340EAB2
                                        • Part of subcall function 00007FF75340EA70: _Min_value.LIBCPMTD ref: 00007FF75340EAE0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::cancellation_token_source::~cancellation_token_sourceMax_valueMin_valuetype_info::_name_internal_method
                                      • String ID:
                                      • API String ID: 3983101109-0
                                      • Opcode ID: c34f6d7c5871016efe4de15f7f62fb95e0d1f992d2c0f104e0e3fff2014ef01a
                                      • Instruction ID: 26a083b9863d862ba39539008da988e849f7bc7573bac615984074411bc2cda5
                                      • Opcode Fuzzy Hash: c34f6d7c5871016efe4de15f7f62fb95e0d1f992d2c0f104e0e3fff2014ef01a
                                      • Instruction Fuzzy Hash: D161E936619B8581DAA0EB15F49036EB7A1FBC8B84F540126EACD9BB79DF3CD110CB50

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo$_local_unwind
                                      • String ID:
                                      • API String ID: 1677304287-0
                                      • Opcode ID: 379a8ef9680f4db997b5fdc228e7e6be9735ec10eb45dce1d200f6dcd518e402
                                      • Instruction ID: 80eac41ab2db46254f712e8ad42af9296078ee9481bafa1138240b12a6f3457e
                                      • Opcode Fuzzy Hash: 379a8ef9680f4db997b5fdc228e7e6be9735ec10eb45dce1d200f6dcd518e402
                                      • Instruction Fuzzy Hash: 7D217171A38A4641EA90FB14D4509B9B392AB95B94FD80131F60DE72F1EF3EE9558320

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Process$CurrentExitTerminate
                                      • String ID:
                                      • API String ID: 1703294689-0
                                      • Opcode ID: 805f7e5da05486c68da82fadc91d045df99017f4e7d0db7bc3e8a6231bdccf36
                                      • Instruction ID: 1709867687b5a63daf11447ab3682bb91bd7f72db79096f88d37343ef3692a05
                                      • Opcode Fuzzy Hash: 805f7e5da05486c68da82fadc91d045df99017f4e7d0db7bc3e8a6231bdccf36
                                      • Instruction Fuzzy Hash: 2BD01210F2520A42FE947B701C4503992535F48750F481838C41BE33A3CD3DD4894620

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                      • String ID:
                                      • API String ID: 1236291503-0
                                      • Opcode ID: 2e6a887dc2c6b84d52aba5a6f7d20f78f4760ffeb43616599e4e489c61ca6810
                                      • Instruction ID: c73c7e5abe3896e921d4442795ed1f025e8b524cb5eae31823766f99410d99f6
                                      • Opcode Fuzzy Hash: 2e6a887dc2c6b84d52aba5a6f7d20f78f4760ffeb43616599e4e489c61ca6810
                                      • Instruction Fuzzy Hash: 48313721E2C14242FAD0BB219411BBA9293AF45784FCC0535FA4DFB6B7CE3EA945C670

                                      Control-flow Graph

                                      APIs
                                      • shared_ptr.LIBCMTD ref: 00007FF7534149ED
                                      • type_info::_name_internal_method.LIBCMTD ref: 00007FF753414A02
                                      • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00007FF753414BC3
                                        • Part of subcall function 00007FF75340EA70: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75340EA8D
                                        • Part of subcall function 00007FF75340EA70: _Max_value.LIBCPMTD ref: 00007FF75340EAB2
                                        • Part of subcall function 00007FF75340EA70: _Min_value.LIBCPMTD ref: 00007FF75340EAE0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceConcurrency::details::EmptyMax_valueMin_valueQueue::StructuredWorkshared_ptrtype_info::_name_internal_method
                                      • String ID:
                                      • API String ID: 3860581721-0
                                      • Opcode ID: 1fcc95c61926d03d5e23181a550c17bae6879054b5e096f15e196e626bf3d251
                                      • Instruction ID: 424a4a19c8852c6ccddc4a68caf126fd76cdea997ca50f7fe68e6cea8abe9ab7
                                      • Opcode Fuzzy Hash: 1fcc95c61926d03d5e23181a550c17bae6879054b5e096f15e196e626bf3d251
                                      • Instruction Fuzzy Hash: 7041DA26619F8581DAA0EB06E49017EB7B1FBC8B84F540132EACD9BB69DF3CD5508B50

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                      • String ID:
                                      • API String ID: 1173176844-0
                                      • Opcode ID: 71235e2081402fb4a7a5c40b4d61ea796546568c6d51d2f8416f723c38a34009
                                      • Instruction ID: 0cfa4a8c2a8ea41bb1d7f30d49639afa2c1fb28df7afd3349760abe7e3306e43
                                      • Opcode Fuzzy Hash: 71235e2081402fb4a7a5c40b4d61ea796546568c6d51d2f8416f723c38a34009
                                      • Instruction Fuzzy Hash: CCE0B641E3D10B43F9D831A219469B591461F29771E9C1734F93DF42E3AD7FA4919130
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CloseErrorHandleLast
                                      • String ID:
                                      • API String ID: 918212764-0
                                      • Opcode ID: a6003ba32a8186788e2e76adde2495367e107fa800c3e363c5c800129851953f
                                      • Instruction ID: 290042fb41e00718c7c17b5ce18c2f722d0e6b23f4a6c66531bc56ca33e0f9e9
                                      • Opcode Fuzzy Hash: a6003ba32a8186788e2e76adde2495367e107fa800c3e363c5c800129851953f
                                      • Instruction Fuzzy Hash: BB218021F2864741EBD477659490279B6835F44BE0F9C4239DA2EE73F2CE7CA8C18620
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: 683f05476d112e629859fd588a9e4ca650becbbc2cac189e4f2b608c5fcd54dc
                                      • Instruction ID: 3699568a7cb7c24c565e77e9947955cd0512fe3e3afcfe2b5886029ce52da33f
                                      • Opcode Fuzzy Hash: 683f05476d112e629859fd588a9e4ca650becbbc2cac189e4f2b608c5fcd54dc
                                      • Instruction Fuzzy Hash: 1D41B83192920983EAB8AA15D44017AF7A2EB45794F980131D6C9E77F1CF7CE482C761
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: type_info::_name_internal_method
                                      • String ID:
                                      • API String ID: 3713626258-0
                                      • Opcode ID: 0e3354106cd41f819fb510c42553e415a5b02fe97fb1cdf90001a20b1b7738da
                                      • Instruction ID: 54b6d83cc30ca1e48c9666a1026ce3d6dea5bab026f4498b8ae3e3363b87edcc
                                      • Opcode Fuzzy Hash: 0e3354106cd41f819fb510c42553e415a5b02fe97fb1cdf90001a20b1b7738da
                                      • Instruction Fuzzy Hash: 1531002262CAC582DAA0E711F4503BBB3A2F7D4780F944032EA8D97BA9DF7CD545CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: d2ec946fb42872e1783b813b1c81cb5fa977d08e87173568621891c7c9af95a2
                                      • Instruction ID: e11ef0fc80fb4a7ecbef56ba6cdcdfdce5e9bb546e7ba6d1c402a9a9e25c2257
                                      • Opcode Fuzzy Hash: d2ec946fb42872e1783b813b1c81cb5fa977d08e87173568621891c7c9af95a2
                                      • Instruction Fuzzy Hash: 98317422A28A0945F7917B54884177DF692AF80BE0FD94135E91DA33F2CE7CA485C731
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: HandleModule$AddressFreeLibraryProc
                                      • String ID:
                                      • API String ID: 3947729631-0
                                      • Opcode ID: 28822b2f1297c55bd13ebbee7af59e7e7cf652f7f9eee8e0356a685a76d09ac0
                                      • Instruction ID: 10d8dad42a5a56d565493bf2e5dc7b36f1429e024b50d1cf04e9bf7fa6aa3f3f
                                      • Opcode Fuzzy Hash: 28822b2f1297c55bd13ebbee7af59e7e7cf652f7f9eee8e0356a685a76d09ac0
                                      • Instruction Fuzzy Hash: 1521D132E2474689EF90AF68D4402FC72B1EB04358F884635D61DA3AE6DF3CC484CB60
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: 92360e8e37b64255f81e6ce30c29bccdda46d603e112f6409685e55855dbc51d
                                      • Instruction ID: d64c91b49bb356d8e8edbf682a74e0ddac3ecb1a8070939f1e3e9dbb5a024f68
                                      • Opcode Fuzzy Hash: 92360e8e37b64255f81e6ce30c29bccdda46d603e112f6409685e55855dbc51d
                                      • Instruction Fuzzy Hash: 1021AA32E28A8147E7A1AF14D440379B6A1FB84B94F9C4234E65DD76F5DF3DD4008710
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: 2f61b2c1a702c32a26985ab2dfafe1d5e7b72be3c317d0a8bf80e6a889967ea0
                                      • Instruction ID: 01b4a88d75fa584b2f39f7c56dcab05f7cad026bbe96d447b934854f1c1bc18d
                                      • Opcode Fuzzy Hash: 2f61b2c1a702c32a26985ab2dfafe1d5e7b72be3c317d0a8bf80e6a889967ea0
                                      • Instruction Fuzzy Hash: 3B11452192C58585FA91BB51D400779E2A2AF94780F9C8430FE8CB76A6DF3ED88087A0
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: 5b0681cfbd9ceaf48e6609592fa152239800e78622760aad864f421c0f6a1f8a
                                      • Instruction ID: d69694f1bab77a9a13aef5be26d097a86875d286df0de57328c40c35bcfe5a5c
                                      • Opcode Fuzzy Hash: 5b0681cfbd9ceaf48e6609592fa152239800e78622760aad864f421c0f6a1f8a
                                      • Instruction Fuzzy Hash: 7F11637292964682F390BB149440579F3A6EF41780FDE0035EA5DF76B1DF3CE8918B20
                                      APIs
                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF753402133
                                        • Part of subcall function 00007FF753404940: stdext::threads::lock_error::lock_error.LIBCPMTD ref: 00007FF753404949
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::cancel_current_taskstdext::threads::lock_error::lock_error
                                      • String ID:
                                      • API String ID: 2103942186-0
                                      • Opcode ID: e2bf2658912916350abcef9c02780e4a4208e617ec02d41832e8a73208af2150
                                      • Instruction ID: abac4682508c3e65b78d9182683a46968f5889679cc65d9e7b912f83c77787d8
                                      • Opcode Fuzzy Hash: e2bf2658912916350abcef9c02780e4a4208e617ec02d41832e8a73208af2150
                                      • Instruction Fuzzy Hash: BB011661728F4682DAA0AB19E44172AE395FB84798F440231F6DD9E7F5DF3CD1518B10
                                      APIs
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF753416B1D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                      • String ID:
                                      • API String ID: 1865873047-0
                                      • Opcode ID: 611c18d68977e5a09558bdddee32898e473d5f62140ac1f9ff9037e49b09babd
                                      • Instruction ID: 5d942423677efa34e570a79d6b8bc171969bd48b3cf965d579a43da4e32f68e1
                                      • Opcode Fuzzy Hash: 611c18d68977e5a09558bdddee32898e473d5f62140ac1f9ff9037e49b09babd
                                      • Instruction Fuzzy Hash: 3E017276618B8486CB10DF1AE49122EBB71F7C9B84F608026EB8D97B28CF39C411CB40
                                      APIs
                                      • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF753422A9C
                                        • Part of subcall function 00007FF7534247B8: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7534247C0
                                        • Part of subcall function 00007FF7534247B8: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7534247C5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                      • String ID:
                                      • API String ID: 1208906642-0
                                      • Opcode ID: d9d37c46fc99c667aee7cf193a4fed1cb62955a0ba5928865b2218cf4f42ad19
                                      • Instruction ID: 7924d6ea86e3e3c3043c3aa5a1443caeeffe3364e535dfe9f255cf1f11120797
                                      • Opcode Fuzzy Hash: d9d37c46fc99c667aee7cf193a4fed1cb62955a0ba5928865b2218cf4f42ad19
                                      • Instruction Fuzzy Hash: 8BE0B650D3D64352FEF83A611542AB8A6829F62344FCE5878F80DF26F38E3F24965231
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: std::bad_exception::~bad_exception
                                      • String ID:
                                      • API String ID: 2813134625-0
                                      • Opcode ID: 897763a0ac80660d7e1beeab6dc178adebf6cef3b3dd15fe8cd8174e63a223e8
                                      • Instruction ID: 308ccfd99f98537e11899c765b6ab990498aa31bc27b908403915f4f3f360334
                                      • Opcode Fuzzy Hash: 897763a0ac80660d7e1beeab6dc178adebf6cef3b3dd15fe8cd8174e63a223e8
                                      • Instruction Fuzzy Hash: 12D0C952F39B4682DE85B756F49632BB361EF81784FA41034EA4D17766DE3CC0614B84
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: allocator
                                      • String ID:
                                      • API String ID: 3447690668-0
                                      • Opcode ID: c12c0898f5c9c583c80567ee7ceb56812b6f80b2808d585367ba189c807a88eb
                                      • Instruction ID: ece99ec2a47165b6cb461b8bbc0a73f28969c2adcf28e309cd22fe2428f82f6f
                                      • Opcode Fuzzy Hash: c12c0898f5c9c583c80567ee7ceb56812b6f80b2808d585367ba189c807a88eb
                                      • Instruction Fuzzy Hash: D3C0C96AA29B8481CA44EB12F48101AB360F7C8BC0F809421EA8E47729CF38C1608B00
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AllocHeap
                                      • String ID:
                                      • API String ID: 4292702814-0
                                      • Opcode ID: a969cec3d8f540636f289e0ce87cbcda7e1fd233cac5d3f4ebfd3518928edc1d
                                      • Instruction ID: 9101ac66602b66bc3619a80f558ab483e17a4459e5b2c408f95efb7d560b84a2
                                      • Opcode Fuzzy Hash: a969cec3d8f540636f289e0ce87cbcda7e1fd233cac5d3f4ebfd3518928edc1d
                                      • Instruction Fuzzy Hash: A8F03C04B2960A41FED4B66199412F9D2A25F847C0F8C4834C90EE77B1DE3DE5D18232
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AllocHeap
                                      • String ID:
                                      • API String ID: 4292702814-0
                                      • Opcode ID: 8d0cc0b76fb035bcb1cccbb9f7accbc3196c7a493e63a3dd48a8b126b39fb363
                                      • Instruction ID: a7bc500c75f65f7ffa6610d89bbfc21c25fb63a4b099d80d690edb6d61bdd2b0
                                      • Opcode Fuzzy Hash: 8d0cc0b76fb035bcb1cccbb9f7accbc3196c7a493e63a3dd48a8b126b39fb363
                                      • Instruction Fuzzy Hash: F9F03A01F2960A44FED47A6258456B991834F947E1F8C4630DC3EE73E2DE7CA4D08530
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: shared_ptr$Handle$Module$CreateInformationPipe
                                      • String ID: 0$@$@$h
                                      • API String ID: 4142502706-478861344
                                      • Opcode ID: 3dc33dd1ce629943859f027d54a3acdecaba9ff90cd2508b13fc87927d6096d5
                                      • Instruction ID: b7822b4f8087484de1566f5ccdbbce8241a81ef04cfb35f4a802605022088b2d
                                      • Opcode Fuzzy Hash: 3dc33dd1ce629943859f027d54a3acdecaba9ff90cd2508b13fc87927d6096d5
                                      • Instruction Fuzzy Hash: 1C42F632A19BC585EAB0AB15E4943AFB3A1FBC4780F940235DA8D97B69DF7CD044CB50
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                      • API String ID: 3215553584-2761157908
                                      • Opcode ID: d1b1d316c7d63baa5719b810725ba56bfac2df69492eee514353a4d9222ebbbe
                                      • Instruction ID: 7d6f82575dd0b8c4c35476443a355cb08393ca787410b747d07e2201073ed56a
                                      • Opcode Fuzzy Hash: d1b1d316c7d63baa5719b810725ba56bfac2df69492eee514353a4d9222ebbbe
                                      • Instruction Fuzzy Hash: 3FB2F772E282828BF7A49F64D4407FDF7A2FB44388F985135DA09B7A94DB3CA550CB50
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLastNameTranslate$CodePageValidValue
                                      • String ID: utf8
                                      • API String ID: 1791977518-905460609
                                      • Opcode ID: 7c86c5a18fa38c9e89ece88ddbb9031dbd845bed61d7b36559ded9ac8798464f
                                      • Instruction ID: c858a2dac8325a215310a0b6fc5f68edbd8dfcabe4f642a6b9a50de72a646201
                                      • Opcode Fuzzy Hash: 7c86c5a18fa38c9e89ece88ddbb9031dbd845bed61d7b36559ded9ac8798464f
                                      • Instruction Fuzzy Hash: F4918132A2974A85FBA4BB11D4012B9A396FB44BC0F8C8131DA4DA77A5DF3DE5D1C320
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                      • String ID:
                                      • API String ID: 2591520935-0
                                      • Opcode ID: 6ed244a4ba8366acacedef966ff9cf4d399a4916dc7e19cbbffeb71e981481e2
                                      • Instruction ID: 29c0a3924667cffee03829a05da240a94e4910de4e053e7cf4d3abdc3714e88f
                                      • Opcode Fuzzy Hash: 6ed244a4ba8366acacedef966ff9cf4d399a4916dc7e19cbbffeb71e981481e2
                                      • Instruction Fuzzy Hash: 0C716062F2864685FBD0AF61D4506BDA3A2BF44784F984435CA1DA36B5EF3CE485C370
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                      • String ID:
                                      • API String ID: 3140674995-0
                                      • Opcode ID: bc7d5fbd03382a3c76721115f1bf123c4072c0a7290c447282ebd3d2c2967695
                                      • Instruction ID: 80fc9291fd6cf61505f65f2dccde146ab6232e9923a88b9ea06562fdb05d9be5
                                      • Opcode Fuzzy Hash: bc7d5fbd03382a3c76721115f1bf123c4072c0a7290c447282ebd3d2c2967695
                                      • Instruction Fuzzy Hash: 5C317272A15B8185FBA09F64E8407FAB371FB44744F84443ADA4D937A4DF38D1088720
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                      • String ID:
                                      • API String ID: 1239891234-0
                                      • Opcode ID: af21edd6b8c20b88d944850d52ac11f0f599f654a7bac35e166bf8e8f55ebbeb
                                      • Instruction ID: 7ebd5b6ffea3a70d0b37d38df354e172652340896fef866410621aa3b71e1919
                                      • Opcode Fuzzy Hash: af21edd6b8c20b88d944850d52ac11f0f599f654a7bac35e166bf8e8f55ebbeb
                                      • Instruction Fuzzy Hash: 7431B632A18B8185EBA0DF24E8406BEB7A1FB84754F840536EA9D93B65DF3CC155CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 2227656907-0
                                      • Opcode ID: 1d674cf1d2331ab87749d657d271b4e499266cb0d8322b637f52b1bdcb2f4a25
                                      • Instruction ID: b2c57f57119b8fb87525e6079e8330500e267f9293c6e4a7708044c12501a39c
                                      • Opcode Fuzzy Hash: 1d674cf1d2331ab87749d657d271b4e499266cb0d8322b637f52b1bdcb2f4a25
                                      • Instruction Fuzzy Hash: F6B1D921B2869A41EAE0AB21A5107BDE352EF54BD4FCC4131ED5DA7BE5DE7CE481C310
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 1791019856-0
                                      • Opcode ID: 6ef6c2d8225f077500cb18349ce4ea18f769334c5fc5d2fdbab956e2ab7995c1
                                      • Instruction ID: 9304d7a0cc1b50120584cd45a8167b6c0cb0c529d392aadb255c69dec13ed9ee
                                      • Opcode Fuzzy Hash: 6ef6c2d8225f077500cb18349ce4ea18f769334c5fc5d2fdbab956e2ab7995c1
                                      • Instruction Fuzzy Hash: 4461C532A2950686EBB4AF15D4401BDB3A2FB847C0F888135DB5DE36A5DF7CE591C720
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InfoLocale
                                      • String ID: GetLocaleInfoEx
                                      • API String ID: 2299586839-2904428671
                                      • Opcode ID: b99d39dfe22500fecb77443893c230a32ee7fd748ffca56ed5f05bd6d81a9c53
                                      • Instruction ID: f86e04653f9299214783731f558ba65f3341f035f2dff0bc2b88b0670f0c2928
                                      • Opcode Fuzzy Hash: b99d39dfe22500fecb77443893c230a32ee7fd748ffca56ed5f05bd6d81a9c53
                                      • Instruction Fuzzy Hash: 16014F21F18B8185EB84AB56A8440BAE762AF99BD0F9C8035DE4DA3B76CE3CD541C750
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ExceptionRaise_clrfp
                                      • String ID:
                                      • API String ID: 15204871-0
                                      • Opcode ID: 2f7557adc44101535d0d995887868617555bbc285b5dff67e5fdec9404e9a523
                                      • Instruction ID: 75862e8f9643e9a42a8977e4ff91ac18a4ca9ddfa80df502515132abfeced0dd
                                      • Opcode Fuzzy Hash: 2f7557adc44101535d0d995887868617555bbc285b5dff67e5fdec9404e9a523
                                      • Instruction Fuzzy Hash: 94B17973610B888BEB55DF2DC88626CB7A1F744B88F588821DA5D977B4CB3DD891C710
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: e+000$gfff
                                      • API String ID: 0-3030954782
                                      • Opcode ID: 4f729fbe814a808c6d3700d66a7239e093d01df2a9ea8a2b0563f605d29b4df6
                                      • Instruction ID: 470e340fa31cfd5d0700a723c443319df47ad28e551d6f2566967a1860ac3f9e
                                      • Opcode Fuzzy Hash: 4f729fbe814a808c6d3700d66a7239e093d01df2a9ea8a2b0563f605d29b4df6
                                      • Instruction Fuzzy Hash: FD515B26F282C546E7A49A35A8017BDF792E744BD4F8C8231CA5C97BE5CF3DD4948710
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Info
                                      • String ID:
                                      • API String ID: 1807457897-0
                                      • Opcode ID: a25ff495c4dfcdb6838b9b3440a62dee9ca60938cbe2a4b242e9c017c17c0642
                                      • Instruction ID: 31e76594d2fadf251bd2ec8c5420070a678cea5a7ffa8b2e0bc6b37060d6058e
                                      • Opcode Fuzzy Hash: a25ff495c4dfcdb6838b9b3440a62dee9ca60938cbe2a4b242e9c017c17c0642
                                      • Instruction Fuzzy Hash: 3A12B122A187C586E791DF2894007FDB3A5FB59748F499235EB8C936A2EF39E1D4C310
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19043de96d6905db876ed3b88769c0aeb07462344d70e66884a2e59f6ef03601
                                      • Instruction ID: 8627da4f109f40b7ff407d7e93a28b45e2daff69c0e2cf5bd505a2bfb051170a
                                      • Opcode Fuzzy Hash: 19043de96d6905db876ed3b88769c0aeb07462344d70e66884a2e59f6ef03601
                                      • Instruction Fuzzy Hash: B5E19F32A18B8586E750EB61E4406FE67A5FB557C8F854631DE5DA3BA2EF3CD284C300
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _get_daylight_invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 474895018-0
                                      • Opcode ID: ace18cf2dfd42b0becfd1fc7ed77fc20b0b66a06383a18c0803bbb9c16c17d81
                                      • Instruction ID: 0fe56c5a0bee30b243d12278f89c89e33acf6d6805acb7b7725f6169bc87f370
                                      • Opcode Fuzzy Hash: ace18cf2dfd42b0becfd1fc7ed77fc20b0b66a06383a18c0803bbb9c16c17d81
                                      • Instruction Fuzzy Hash: 8961D662F2C55646FBF1AA248440779E6939F40760FAC4235DA1EE36E1EF7DE8418720
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 3a1792d1c97d81cbe1009c9d18b329495934bd48f64e0711d201167b6926c652
                                      • Instruction ID: 305c0b2f2c42d0d53eb2495d86a930cb7e10a08e9e69bc2bb5f18e4d109bf99f
                                      • Opcode Fuzzy Hash: 3a1792d1c97d81cbe1009c9d18b329495934bd48f64e0711d201167b6926c652
                                      • Instruction Fuzzy Hash: 0DC10772B2968687E760DF15E044A79F792FB84784F88C134EB4AA3B54DB3DE845CB00
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLastValue$InfoLocale
                                      • String ID:
                                      • API String ID: 673564084-0
                                      • Opcode ID: 95c046a2f124769f723b51b33c5eee0314e1dd4928d8a8d59200bd3943f5d404
                                      • Instruction ID: 585a3e97f7617845498de9dff65bb5e8dc70cbfa4a8967c9e45150402f2b9d75
                                      • Opcode Fuzzy Hash: 95c046a2f124769f723b51b33c5eee0314e1dd4928d8a8d59200bd3943f5d404
                                      • Instruction Fuzzy Hash: 4E31CC31A1864642EFA4EB21E4413BAB392FB447C4F888035DA4DD3765DF3CE8808760
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                      • String ID:
                                      • API String ID: 3029459697-0
                                      • Opcode ID: 1e8129ada8842f74aeba964a2900293930436a87a8b1282c94db608e6d8eab42
                                      • Instruction ID: 5c9bfa74c75aa2056997129b8de76e95b04b9511420c23b9f405afa595ea6fca
                                      • Opcode Fuzzy Hash: 1e8129ada8842f74aeba964a2900293930436a87a8b1282c94db608e6d8eab42
                                      • Instruction Fuzzy Hash: 9511EB63E1964AC9EB959F15D0406B8BBA2F740BE0F888135C669933E4DF3CD5D1C750
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLast$InfoLocaleValue
                                      • String ID:
                                      • API String ID: 3796814847-0
                                      • Opcode ID: 084a5b736d7110f55487607e9f538d758b9025eb5a5f68acadd82df9841dd062
                                      • Instruction ID: 5f5c4c2a17fe74024769d16054d6efc2df64225c143ccbee973a5e8778b92254
                                      • Opcode Fuzzy Hash: 084a5b736d7110f55487607e9f538d758b9025eb5a5f68acadd82df9841dd062
                                      • Instruction Fuzzy Hash: 0C110D22A3C55A82EBE46B22904067EA262EF447A4F984135D639976D4DE3DD4C18361
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                      • String ID:
                                      • API String ID: 3029459697-0
                                      • Opcode ID: 14235f4dc4d4e39128d165c21361c9cccd6ac589d59b89bc15f91e4a4f137db0
                                      • Instruction ID: ac24b84f50217e187d0c0abbac613d665a750b39a1827e8500ac6aa0b058e50f
                                      • Opcode Fuzzy Hash: 14235f4dc4d4e39128d165c21361c9cccd6ac589d59b89bc15f91e4a4f137db0
                                      • Instruction Fuzzy Hash: 6F01F963E1924986E7906F15E4417B9B693EB40BE0F88C231C268A72E4DF3C94C1C710
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: EnumLocalesSystem
                                      • String ID:
                                      • API String ID: 2099609381-0
                                      • Opcode ID: c7c85a2a688de245da6e76b3ebd830f9aac738b7c38fc8bc3ede522a580c848c
                                      • Instruction ID: 9c9c9e792e6f6c3f342fa43c10fd79fa64e87a15716d812347fd9de62ec98e0f
                                      • Opcode Fuzzy Hash: c7c85a2a688de245da6e76b3ebd830f9aac738b7c38fc8bc3ede522a580c848c
                                      • Instruction Fuzzy Hash: 0DF06D71B18A4183E744EB15E8405B5A362FB9A780F884036EE5DE3375DF3CD591C700
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: gfffffff
                                      • API String ID: 0-1523873471
                                      • Opcode ID: be7096f5a606f76a6771b740be8cdcae4c57a707b15478aa67a5ba0368dbfe8b
                                      • Instruction ID: 4e6965db1f506ad61b1670d662f31dbc52005002f3a79eca8d88ae1e6db18a9d
                                      • Opcode Fuzzy Hash: be7096f5a606f76a6771b740be8cdcae4c57a707b15478aa67a5ba0368dbfe8b
                                      • Instruction Fuzzy Hash: 2CA16562B183C986EBA1DB25A0007BEB792EB607C4F888131DF4D977A5DE3CE451C711
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 79e2cab586e4c2993d2c3a949ef928bbb5d9c59f4b81ee4073023cb808780873
                                      • Instruction ID: 34ccb1317ced8835a5f0c5ee36e4c9d533414edfa8bbf9d9e12ba137bd3a0b5f
                                      • Opcode Fuzzy Hash: 79e2cab586e4c2993d2c3a949ef928bbb5d9c59f4b81ee4073023cb808780873
                                      • Instruction Fuzzy Hash: 5CB1C57292874585E7A59F39C05063CBBA2EB45B48FAC0135EE4DB73A5CF3AD442C724
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 916656526-0
                                      • Opcode ID: 67fbf7a1b4edfda4e738251929cd6d38e51c368d3975de516401ba3e516baaad
                                      • Instruction ID: 6e3d1fc92519ba8dce57c15c8e854b2365c9327ee399c6b8a589ae6935f1699b
                                      • Opcode Fuzzy Hash: 67fbf7a1b4edfda4e738251929cd6d38e51c368d3975de516401ba3e516baaad
                                      • Instruction Fuzzy Hash: EC41A621B2928B42FAE07E1664517BEE292BF857C0FCC4535DE9DA77E1DE3CE4508620
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: HeapProcess
                                      • String ID:
                                      • API String ID: 54951025-0
                                      • Opcode ID: 4e1636a7a98a6cbf7015fbab7de8913d4fb138f05e15e607ef45171592ab0329
                                      • Instruction ID: 05454acc053ed2f68f85dc03835f08d729b1b5e56d8b04dcbf705cbcf97817ab
                                      • Opcode Fuzzy Hash: 4e1636a7a98a6cbf7015fbab7de8913d4fb138f05e15e607ef45171592ab0329
                                      • Instruction Fuzzy Hash: 83B09220E27A02C6EA883B156C82224A2A67F89701FD84039C40CE2330EE3C20E68722
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf08acf640969b7ff988e3532301085401eb69546b195d396d01c0fb4031a570
                                      • Instruction ID: 8d6765b9c75de4869744ad624717cdeb85feb09943ca0b806a059c25ef314b13
                                      • Opcode Fuzzy Hash: cf08acf640969b7ff988e3532301085401eb69546b195d396d01c0fb4031a570
                                      • Instruction Fuzzy Hash: CCD1F83292874685E7A4AF258044A7DA7A2FF05B48F9C0135EE4DB77E5CF3AE441C360
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 4023145424-0
                                      • Opcode ID: bad834fa7033435461aa9ae9fcc604ee2cc3478a338f7fb2c03d6b6bd22017ed
                                      • Instruction ID: 34b1094b0b4fd6b91daf60e9821839a644b7283bfb9105eba18cf7738b79ad67
                                      • Opcode Fuzzy Hash: bad834fa7033435461aa9ae9fcc604ee2cc3478a338f7fb2c03d6b6bd22017ed
                                      • Instruction Fuzzy Hash: 06C1EA25B2878945FFA0AB1194103BAA7A2FB547C8FC84131DE4EE76A5DF3CD585C710
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorLastValue$InfoLocale
                                      • String ID:
                                      • API String ID: 673564084-0
                                      • Opcode ID: bcaa894cef6d7f8755ec96535badfa519daeece5386bc808f4b318bec0f58ccd
                                      • Instruction ID: caecedfa48d012621b86bb21e4f4b1628c9566d09f99fa9ebae12a2b84f27ea9
                                      • Opcode Fuzzy Hash: bcaa894cef6d7f8755ec96535badfa519daeece5386bc808f4b318bec0f58ccd
                                      • Instruction Fuzzy Hash: 3EB10833A2964A82EB94BF21D4116B973A2EB50BC8FC88131DA59D36E5DF3CD5C1C750
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID:
                                      • API String ID: 3215553584-0
                                      • Opcode ID: 7b9fc8b10c917bfd113bde9fa4b1df0f87988033d69ef07c8c357ad8e24154c3
                                      • Instruction ID: 361fd84319cb338dfb4ab95cd505b8bd830469575dfa1695cd4384f9daa40b51
                                      • Opcode Fuzzy Hash: 7b9fc8b10c917bfd113bde9fa4b1df0f87988033d69ef07c8c357ad8e24154c3
                                      • Instruction Fuzzy Hash: 6A81B472A24A4182EBA0AF25C4917BD6361FB45BD8F984636EE2DA77A4CF3DD051C310
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d914e258db946bdbc7807e15dbf9236f609e7f10566ff3b81294f84673096dd3
                                      • Instruction ID: 210e36f7761f97efdd6f6e062f152a158301b397deb3341413829d25b99dcb00
                                      • Opcode Fuzzy Hash: d914e258db946bdbc7807e15dbf9236f609e7f10566ff3b81294f84673096dd3
                                      • Instruction Fuzzy Hash: 40713672A2C38546E7B0DF2990413BEB692FB457D4F984235DA8D93BA8CF3DD0908B10
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                      • Instruction ID: a91dae163846c0329dff14fcfcc2ef57996826b78fa707ada5ec3bce74e9e7bb
                                      • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                      • Instruction Fuzzy Hash: AF418952C39A8A04EAD999180500FF49682DF137A1EDC5274FDD9B33F7CD2F6586C221
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 292a92deed6da6b0d430287a36eb10eb671b938e641cc45835d616c3adeb93cf
                                      • Instruction ID: a703c347d02259712c4cc7847be85436b09d8f48c00a807db46d0655a0973e27
                                      • Opcode Fuzzy Hash: 292a92deed6da6b0d430287a36eb10eb671b938e641cc45835d616c3adeb93cf
                                      • Instruction Fuzzy Hash: 9551D772A2851186E7A89F24C15463CA772EB54B58F580135EF4DB73A5CF3AEC81C750
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 89453da1624fdeb3a7d491c54c84d4d13e7edd11eeb928a49f97c81e7c34fe40
                                      • Instruction ID: 8b28d95bb7f8a95b6a3ca4addee4521b5fe9bc10e822de64ef064900ba96edb2
                                      • Opcode Fuzzy Hash: 89453da1624fdeb3a7d491c54c84d4d13e7edd11eeb928a49f97c81e7c34fe40
                                      • Instruction Fuzzy Hash: C451D873A2861182E7989F24C144B3CA7A2EB55B58F580135EE0DB73A4CF3BEC51C760
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7698aa3ecd1c400fb9444a6710bc1036fac142269dd508226f64b502381e36c1
                                      • Instruction ID: 985b01c041c3037b9f2633a83de141c31eed1c80ba5b8de2497da1c608c885b2
                                      • Opcode Fuzzy Hash: 7698aa3ecd1c400fb9444a6710bc1036fac142269dd508226f64b502381e36c1
                                      • Instruction Fuzzy Hash: 4751C632A2894186E3A85E28C15473DB7B2EB41B58F590135EF49B77B4CF3AEC81C750
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 485612231-0
                                      • Opcode ID: d6a335f65fdf1d2ce13d3de28d0c68d8dbb5248b17c55c370b436a13f0dc505d
                                      • Instruction ID: 9f0714b70dd8d0b9552a176a6f64ec55db890b01b60dc8713bc297c38186a230
                                      • Opcode Fuzzy Hash: d6a335f65fdf1d2ce13d3de28d0c68d8dbb5248b17c55c370b436a13f0dc505d
                                      • Instruction Fuzzy Hash: 3141B522724A5942EB44DF2AD9545B9B3A2B748FD4B8D9037EE0DD7B65EF3CD0468300
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d15ad00c4257fcaf11cb672f48ae07a73438ccae086986224270c6c2f0d31193
                                      • Instruction ID: b19e2edfc5f26606a746f68aca9f4114772bea43d0a5aa450ef32edd77869d3c
                                      • Opcode Fuzzy Hash: d15ad00c4257fcaf11cb672f48ae07a73438ccae086986224270c6c2f0d31193
                                      • Instruction Fuzzy Hash: 56F06871F292958AEBD49F28B842639B7D5EB09381F94803AD98EC3B24D63C9060CF14
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adc10fbe8798fb59309d57a6787c02a182fc690dc3e5826287b1290d777d3291
                                      • Instruction ID: eb499577a81e7818cabcb8d26cd0ffa23d430434cd6b9e3c34ea65c1c4454f5d
                                      • Opcode Fuzzy Hash: adc10fbe8798fb59309d57a6787c02a182fc690dc3e5826287b1290d777d3291
                                      • Instruction Fuzzy Hash: 30D02343D1D3C10AF3834D30186145D1F56CD939043CE407CD5C0F3187584E4C058320
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1de87e3e34c33e72a16eb783b4f14fec50c3b576c7d1fdbab37dfc09725e0262
                                      • Instruction ID: 292c57a440e175c9e45db2133cd9892829d206cde9e6409701e8877cf6562b5d
                                      • Opcode Fuzzy Hash: 1de87e3e34c33e72a16eb783b4f14fec50c3b576c7d1fdbab37dfc09725e0262
                                      • Instruction Fuzzy Hash: 86C08CC3CA8FF302F7A0693C088607F9F86EB496246DC02B4D1E9E10F29816E1038290
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77615a16d430835b4b41b9750eac3c3890e168d730a7282e926c3c4cc3817cb6
                                      • Instruction ID: 785131062663f108a037d48f1d925a2c83d59b4a8456bf8598799bdb38d7fbc8
                                      • Opcode Fuzzy Hash: 77615a16d430835b4b41b9750eac3c3890e168d730a7282e926c3c4cc3817cb6
                                      • Instruction Fuzzy Hash: B7A0228B0080E003C3008020300038A0F00A382008E0F00880BC0020032008820B0000
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5456c1017e62d8a62d24bd00efd00e1bd566c7298f1a5c9df3ac67b34942d268
                                      • Instruction ID: 1e5fe235f4e7dce37c692c762f7cd0d9374d6e3f00cd63ce27c0307ae74c01e5
                                      • Opcode Fuzzy Hash: 5456c1017e62d8a62d24bd00efd00e1bd566c7298f1a5c9df3ac67b34942d268
                                      • Instruction Fuzzy Hash:
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                      • Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
                                      • Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                      • Instruction Fuzzy Hash:
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b3db192ad28df1921f889eb498f655660a795dfdca0a96bff99240be06a5e18
                                      • Instruction ID: efebb948700a3a016a65702e9935506ebfef4d4777692391624a7d13b731b7ac
                                      • Opcode Fuzzy Hash: 5b3db192ad28df1921f889eb498f655660a795dfdca0a96bff99240be06a5e18
                                      • Instruction Fuzzy Hash: 78A00125A29806A0F684AB44A850431A632AB55700B880831D51DE14709F3DA4418620
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$AddressConcurrency::details::EmptyLibraryLoadProcQueue::StructuredWork$Char_traits
                                      • String ID: Error$Error
                                      • API String ID: 1088619557-1414458090
                                      • Opcode ID: 82648ac830d1d9b6d1d7d7083b9fe39b89b9208a4f7e25adcc80f3b089d49485
                                      • Instruction ID: ac4ba551cb887ee5601462c2c0632d02144b379640317963aad993d57316c110
                                      • Opcode Fuzzy Hash: 82648ac830d1d9b6d1d7d7083b9fe39b89b9208a4f7e25adcc80f3b089d49485
                                      • Instruction Fuzzy Hash: 35B1EA3262CA8181E6A0EB10E4557BFB3A1FBD4780F845131EACE9BA69DF3CD444CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mtx_guardMtx_guard::~_$AddressConcurrency::details::EmptyLibraryLoadProcQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                      • String ID:
                                      • API String ID: 4196786241-0
                                      • Opcode ID: e9ad259b537c548e1b28dc575317414879cf6be0ec15c57a7cb22f5c9e5ff8c3
                                      • Instruction ID: 491383db2c3b32653698ddcd8ad4f809fc973e5688f160277835a524c4a2c80d
                                      • Opcode Fuzzy Hash: e9ad259b537c548e1b28dc575317414879cf6be0ec15c57a7cb22f5c9e5ff8c3
                                      • Instruction Fuzzy Hash: 6851D43261CAC286E6A0EB10F4513ABB7A1FBC4740F904135EA8D97A69EF3DD444CB50
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Yarn$std::_$CriticalDeleteLocinfo::_Locinfo_ctorLockitLockit::_Section
                                      • String ID: bad locale name
                                      • API String ID: 3018498330-1405518554
                                      • Opcode ID: 6b0f15ac43aa29c1eb4fb70e677862f471569b8ac1faa40a450066484692c1ad
                                      • Instruction ID: 9ffd92d7588e3464be583deea5a4fbebf69db07e65df68d8830b3dd54b2c4f96
                                      • Opcode Fuzzy Hash: 6b0f15ac43aa29c1eb4fb70e677862f471569b8ac1faa40a450066484692c1ad
                                      • Instruction Fuzzy Hash: 2A118F21B2DB4682DE80F729E84563EA361FF83784F940031EA8CAB776CE3DD4418754
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID: 0$f$p$p
                                      • API String ID: 3215553584-1202675169
                                      • Opcode ID: c01ff25ef976d2608d663000c446833dc52e60a73f99a379ceeba36d23af179a
                                      • Instruction ID: 60d53b44499dbf4e1b82f3c20536aa4ed93743ce29291b219d4581d6a6eff180
                                      • Opcode Fuzzy Hash: c01ff25ef976d2608d663000c446833dc52e60a73f99a379ceeba36d23af179a
                                      • Instruction Fuzzy Hash: FF129D21E2824B87FBA47E14E05467AF693EB50794FDC4131E689A76E4DF3CE5C09B20
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                      • String ID: csm$csm$csm
                                      • API String ID: 849930591-393685449
                                      • Opcode ID: 8f9165bee47a4e5a7985950627b477a9b222ba1db336eb389443a6a0c7805d84
                                      • Instruction ID: 74072d6e21bbc3623272ea9be4ca871f2e3d9f6d239140134c798499e1b118e2
                                      • Opcode Fuzzy Hash: 8f9165bee47a4e5a7985950627b477a9b222ba1db336eb389443a6a0c7805d84
                                      • Instruction Fuzzy Hash: 4CD17232A28B8186EB90AB65D4407BDF7A2FB45798F880135EE4DB7765CF39E091C710
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AddressFreeLibraryProc
                                      • String ID: api-ms-$ext-ms-
                                      • API String ID: 3013587201-537541572
                                      • Opcode ID: 4e1d86354c968156a5573e9694707905090416e508a715de02a69d2e40466b0d
                                      • Instruction ID: 0eb99faf4e12cba312d13cac5f9ef489ad38da98a9f969b421a375ab10531f8e
                                      • Opcode Fuzzy Hash: 4e1d86354c968156a5573e9694707905090416e508a715de02a69d2e40466b0d
                                      • Instruction Fuzzy Hash: 4041E261B29A4641FB95FB16A8401B6A393BF44BD0F8C4136DD1DEB7A4EE3CE081D320
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                      • String ID: api-ms-
                                      • API String ID: 2559590344-2084034818
                                      • Opcode ID: ef225a707232c945bfee98d404a2345ef9b47df5aa7d89395244b0452ee14f31
                                      • Instruction ID: 4de356b479d5bba73a95ee0dcc7c973338258fcd8fbfcefef0b9711e3ac80d77
                                      • Opcode Fuzzy Hash: ef225a707232c945bfee98d404a2345ef9b47df5aa7d89395244b0452ee14f31
                                      • Instruction Fuzzy Hash: 6931D821B2A74585FE91BB119400976AB96FF08B90F9D0534ED1DEA7A5DF3DE440C730
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Value$ErrorLast
                                      • String ID:
                                      • API String ID: 2506987500-0
                                      • Opcode ID: 26142693ff7bd2d0b4c9fa5088c4a4203113033ec432f2980f04e15aa1e29196
                                      • Instruction ID: 9432b48edfc377893ba160aeb33f923b18bf58c143c9fe31511d3d3015565657
                                      • Opcode Fuzzy Hash: 26142693ff7bd2d0b4c9fa5088c4a4203113033ec432f2980f04e15aa1e29196
                                      • Instruction Fuzzy Hash: 84218920F2D24A42FAD4B7A66546179D1935F447F0FDC4634E93EE7AF6DE3CA4818220
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: File$CloseCreateHandleRead
                                      • String ID:
                                      • API String ID: 1035965006-0
                                      • Opcode ID: 8ad354c7383f5966da00639940b7db79d96d0e9e6fb1be6b49cd06bf37bdbd42
                                      • Instruction ID: 96920045f96c660763fe793690af6f06151e7ffc89428c9ec7212c7d5f175de0
                                      • Opcode Fuzzy Hash: 8ad354c7383f5966da00639940b7db79d96d0e9e6fb1be6b49cd06bf37bdbd42
                                      • Instruction Fuzzy Hash: 43315D3292CA8182E750AB10F05437BF7A1FB85798FA40135E69D96AA8CF7DD045CF50
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                      • String ID: CONOUT$
                                      • API String ID: 3230265001-3130406586
                                      • Opcode ID: c66c71420981eb0cf56653e6daf67ef575ade1bc6bdc090c9c50093d86cfbd6f
                                      • Instruction ID: 5f2a7d7e6a5e8aa0db665951b5a2cb609a4b1bd1991428f6abb67cfb76c7550e
                                      • Opcode Fuzzy Hash: c66c71420981eb0cf56653e6daf67ef575ade1bc6bdc090c9c50093d86cfbd6f
                                      • Instruction Fuzzy Hash: 51118431E38A4186F790AB52E844339A6A1FB88FE4F884235DD1DD77A4DF7CD4148750
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ByteCharMultiStringWide
                                      • String ID:
                                      • API String ID: 2829165498-0
                                      • Opcode ID: 963bf38592fb87395d7ef9708e7adf52b14702032f1095ce9b28347523d6d2b4
                                      • Instruction ID: 133e7f643a1e98c88d61884eb053126e657f11a7390085675c28ba35eaf6a7aa
                                      • Opcode Fuzzy Hash: 963bf38592fb87395d7ef9708e7adf52b14702032f1095ce9b28347523d6d2b4
                                      • Instruction Fuzzy Hash: 4A819332A2874247EBE09F119840B7AA696FB447A8F884235FA1DB7BE4DF3DD501C710
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                      • String ID: csm$csm$csm
                                      • API String ID: 3523768491-393685449
                                      • Opcode ID: 915fbcd709677af086532dccd76d25612a033dace669d0e72a8dac80931779fe
                                      • Instruction ID: 5aca1ddab6708ae0fc8580b475f05de32ab563ddce2e1eaadc0e4ae545d2ca8f
                                      • Opcode Fuzzy Hash: 915fbcd709677af086532dccd76d25612a033dace669d0e72a8dac80931779fe
                                      • Instruction Fuzzy Hash: CFE1B3329286818AE790AF25D4406BDFBA2FB45748F584135FE8CB7766DE39E181CB10
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00007FF753433343
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF75342E7E9,?,?,?,?,00007FF7534358BE,?,?,00000000,00007FF75343F72B,?,?,?), ref: 00007FF753433379
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF75342E7E9,?,?,?,?,00007FF7534358BE,?,?,00000000,00007FF75343F72B,?,?,?), ref: 00007FF7534333A6
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF75342E7E9,?,?,?,?,00007FF7534358BE,?,?,00000000,00007FF75343F72B,?,?,?), ref: 00007FF7534333B7
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF75342E7E9,?,?,?,?,00007FF7534358BE,?,?,00000000,00007FF75343F72B,?,?,?), ref: 00007FF7534333C8
                                      • SetLastError.KERNEL32 ref: 00007FF7534333E3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Value$ErrorLast
                                      • String ID:
                                      • API String ID: 2506987500-0
                                      • Opcode ID: e901dfbe714d8274b159bad2e4477f9c350543b981569e8d3210126afbf6c429
                                      • Instruction ID: 91db69c4ae4040bd699833f15ebcafe3c7b654461bbafcb71d58754e8133a44a
                                      • Opcode Fuzzy Hash: e901dfbe714d8274b159bad2e4477f9c350543b981569e8d3210126afbf6c429
                                      • Instruction Fuzzy Hash: 32114920E2D28A42FAD4B766955107DD1936F447F4FCC8234E93EE76E6DE3CA4818221
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AddressFreeHandleLibraryModuleProc
                                      • String ID: CorExitProcess$mscoree.dll
                                      • API String ID: 4061214504-1276376045
                                      • Opcode ID: 5f8d8c72836b78c04fd9e898bdaa471e55bbc079b6ab989afbf1b7480ba1a49e
                                      • Instruction ID: 7dfe561629df68c4ff9401c9fe2883c4c44cbbba4018bbe2347e246313e3b59e
                                      • Opcode Fuzzy Hash: 5f8d8c72836b78c04fd9e898bdaa471e55bbc079b6ab989afbf1b7480ba1a49e
                                      • Instruction Fuzzy Hash: 33F0C261E2970691FE90AB64E84433A9762AF487A0F8C1735C66ED61F0CF3CD489C720
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AdjustPointer
                                      • String ID:
                                      • API String ID: 1740715915-0
                                      • Opcode ID: 8604dfed761b1f8a95536b2e6ad2245dc4505354f97e6287396cda99dd9f953d
                                      • Instruction ID: 592b8f75ea7d2aac3321efd84e4d1f30316417ecb36baa4b838f4d87ec4d33d1
                                      • Opcode Fuzzy Hash: 8604dfed761b1f8a95536b2e6ad2245dc4505354f97e6287396cda99dd9f953d
                                      • Instruction Fuzzy Hash: F7B1F921A2968281FAE1FF559440938E292EF44B84F8E8435FE4DF77A5DE3ED461C320
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: fpos
                                      • String ID:
                                      • API String ID: 1083263101-0
                                      • Opcode ID: 73796376c13fc882b0cf90fd1b36c1b38411aa1f3b13e849361cbd910135b44b
                                      • Instruction ID: 9b8266fbeda8e1df74734f61b96c4d4bb6c2aa84c23ca09723b686621ffdbd61
                                      • Opcode Fuzzy Hash: 73796376c13fc882b0cf90fd1b36c1b38411aa1f3b13e849361cbd910135b44b
                                      • Instruction Fuzzy Hash: 15A12A2262CA8585DAB0EA15E44037AA7A1F784794F580135EADDDFBE9CF3CE544CB20
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: fpos
                                      • String ID:
                                      • API String ID: 1083263101-0
                                      • Opcode ID: a6caaade4977e019f472635d63ec24d9ad0e6733dff9771918a9b611c40068d2
                                      • Instruction ID: 138cc352e3222b78b9bd8a61ed2bc9c6be703ebee16baf4512acef483d1f5acb
                                      • Opcode Fuzzy Hash: a6caaade4977e019f472635d63ec24d9ad0e6733dff9771918a9b611c40068d2
                                      • Instruction Fuzzy Hash: F9A15D2262CF8585D6B0EB15E44037AA7A1F785794F684231EADDD7BA8CF3CD484CB60
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _set_statfp
                                      • String ID:
                                      • API String ID: 1156100317-0
                                      • Opcode ID: 6f8325966fdfe13fb85293e3d0fd1b5d74da82f4d507d1f976a55c27a2a6ec15
                                      • Instruction ID: c3c0ce4930d4f99c0e16845fd3685531c3d7eb6b24241c704b7ad21c79c9c006
                                      • Opcode Fuzzy Hash: 6f8325966fdfe13fb85293e3d0fd1b5d74da82f4d507d1f976a55c27a2a6ec15
                                      • Instruction Fuzzy Hash: 6C81FB26D2C94E85F2B6AB79944027AE252AF453D4F8C4331EA5DB75B4DF3CE4C18A10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: ceb6297d68692b90bfa3051e89de0cde14347a68ca4cfb144c1f94b07669001b
                                      • Instruction ID: d29e316995ed64e1bab0a5a7bca1178cf1fc948cd56c8f2f0c1d10ba78116562
                                      • Opcode Fuzzy Hash: ceb6297d68692b90bfa3051e89de0cde14347a68ca4cfb144c1f94b07669001b
                                      • Instruction Fuzzy Hash: 08312C22A2DE8581DA90EB15E48027AF3A1FBC57A4F940132FA8D977B9DE7CD540CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: 2f9a53bfd0286508750fc1bfd098db0490043eb020d24a572563737f5be48e26
                                      • Instruction ID: a312c6a95bc32f842253fd8fdc26f034fc431d9c52f501ad9145ee91640a750f
                                      • Opcode Fuzzy Hash: 2f9a53bfd0286508750fc1bfd098db0490043eb020d24a572563737f5be48e26
                                      • Instruction Fuzzy Hash: 4F313222A2CA8581DA90EB15E48017BF7A1FBC5794F940132FACD9B7B9DE3CD540CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: d0769162e021bae086cc80d653fbb2cbc99c3d6845d0491c8a2c16578c16c577
                                      • Instruction ID: 46bb8a56e2ad1c70489fcffc8b4d6d61b4253889ebd63edb4f9f1cdf05b3b417
                                      • Opcode Fuzzy Hash: d0769162e021bae086cc80d653fbb2cbc99c3d6845d0491c8a2c16578c16c577
                                      • Instruction Fuzzy Hash: CD313026A2DE8581DA50EB15E48027EF3A1FBC57A4F980132FA9D977B9CE3CD540CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: 9c3b1294d4ef95c0e7cf9fe628f3be028f6b39e5b1d2971fd1453f6e61aeba12
                                      • Instruction ID: 6cd49639b1c10c5aa32c8934dc871d5b992f91c6a9c91f4828f722785ed6ad81
                                      • Opcode Fuzzy Hash: 9c3b1294d4ef95c0e7cf9fe628f3be028f6b39e5b1d2971fd1453f6e61aeba12
                                      • Instruction Fuzzy Hash: 84312F22A2DE8581DA90EB15F48117AF3A1FBC5794F944132FA8D977B9CE3CD540CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: a2f0d2050ca73aab7255ef9c701a2277f8665c29349960b8f730fe0484457b06
                                      • Instruction ID: 366431ca0f5a312335b810ce4f62e5631360e462e4e9d6f70e186cfad0b41cf0
                                      • Opcode Fuzzy Hash: a2f0d2050ca73aab7255ef9c701a2277f8665c29349960b8f730fe0484457b06
                                      • Instruction Fuzzy Hash: 00312122A2DA8581DA50EB15E44017BF7B1FBC5754F940132FA8D9BBBADE3CD500CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: 4f27ac704d9a5c04f0a1238c419d4a408fa7e9eeca7f7fc96f173430e6d97022
                                      • Instruction ID: 54ba5aa7b1446bb17c94dfe4b1296af0ae80d2589eeac84cf9125aa5041b801b
                                      • Opcode Fuzzy Hash: 4f27ac704d9a5c04f0a1238c419d4a408fa7e9eeca7f7fc96f173430e6d97022
                                      • Instruction Fuzzy Hash: 05312D22A2DE4582DA90EB15E48027AF3A1FBC57A4F940136FA8D977B9CE3CD540CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskCriticalDeleteGetfacetSectionstd::locale::_
                                      • String ID:
                                      • API String ID: 2858966674-0
                                      • Opcode ID: dfb0b7fc12d0a4038ee3861d580d3acaf88d36e8190c8722ec53ff6a78891de1
                                      • Instruction ID: 6d8d0efcbce47dbb2409ff7c9c70296bccdb16367efaba200d2492f656500285
                                      • Opcode Fuzzy Hash: dfb0b7fc12d0a4038ee3861d580d3acaf88d36e8190c8722ec53ff6a78891de1
                                      • Instruction Fuzzy Hash: BD31332262DA8581DA90FB15E48117BF7A1FBC5764F940132FA8D9B7B9CE3CD544CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _set_statfp
                                      • String ID:
                                      • API String ID: 1156100317-0
                                      • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                      • Instruction ID: ec77d22e776f9b15d5836d6a57ee46d469106c91c5fc53e0bc59b2b396254aac
                                      • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                      • Instruction Fuzzy Hash: 82119D3AE38A0301F6D83568D4523B981427F543F0F9C0634EA7EB67F6AE3CA9A15130
                                      APIs
                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7534292DB,?,?,00000000,00007FF75342959A,?,?,?,?,?,00007FF75342951E), ref: 00007FF753433423
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7534292DB,?,?,00000000,00007FF75342959A,?,?,?,?,?,00007FF75342951E), ref: 00007FF753433442
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7534292DB,?,?,00000000,00007FF75342959A,?,?,?,?,?,00007FF75342951E), ref: 00007FF75343346A
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7534292DB,?,?,00000000,00007FF75342959A,?,?,?,?,?,00007FF75342951E), ref: 00007FF75343347B
                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7534292DB,?,?,00000000,00007FF75342959A,?,?,?,?,?,00007FF75342951E), ref: 00007FF75343348C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 4cae73b858218442aa21a18966626b6a903a0fc1980dc1e32d5af7750061c9e8
                                      • Instruction ID: e21a083dd603343863072565bfc0316b51aecb13b07a6216ac6362232b1367c8
                                      • Opcode Fuzzy Hash: 4cae73b858218442aa21a18966626b6a903a0fc1980dc1e32d5af7750061c9e8
                                      • Instruction Fuzzy Hash: 97116A20E2928A01FAD9B76A69421B9D1935F403F0FCC4334D93DE76F6EE3CE4818220
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 194fb0e74359117d38a4d8c0d6da9932810a9d2c2253459eaef32d0b36e23ff0
                                      • Instruction ID: 8081f09fa1611e24dad6d53efc90250b5c66e460196658c9daff80848d95d980
                                      • Opcode Fuzzy Hash: 194fb0e74359117d38a4d8c0d6da9932810a9d2c2253459eaef32d0b36e23ff0
                                      • Instruction Fuzzy Hash: 8F11F220E2924E41F9D8B66A54525B991934F413E1FDC8734E93EEB2F2ED3CA4918261
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mpunct$std::ios_base::width
                                      • String ID: @
                                      • API String ID: 1355946870-2766056989
                                      • Opcode ID: e834c57aad81d742ff9a315cefb09ec790e6d15b28247f416067861be5b57202
                                      • Instruction ID: a7b9bda22167512fa3202d966975b518e7396eb727856a0d7ea3fd331b1c917d
                                      • Opcode Fuzzy Hash: e834c57aad81d742ff9a315cefb09ec790e6d15b28247f416067861be5b57202
                                      • Instruction Fuzzy Hash: F512093261DAC585DAB09B15E4943EBE3A2F7C8780F844036DACE9BB69DE7CD545CB00
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mpunct$std::ios_base::width
                                      • String ID: @
                                      • API String ID: 1355946870-2766056989
                                      • Opcode ID: aaf9f13514397d6f7fd4c6bbd8bf9c0767ad1ea1bbc2d54e277a42a52cd61d63
                                      • Instruction ID: 7101aa657a9426ac00a0cee7a44a06be558c4cbbf2f1adc06f5a16ee5ead30d5
                                      • Opcode Fuzzy Hash: aaf9f13514397d6f7fd4c6bbd8bf9c0767ad1ea1bbc2d54e277a42a52cd61d63
                                      • Instruction Fuzzy Hash: 3E12173261DAC985DAA0AB15E4943EFE7A2F7C8780F844132DA8D97B69DF3CC545CB40
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                      • API String ID: 3215553584-1196891531
                                      • Opcode ID: b09ab131c6059a78c38143a8be57ab0b79f70c2577eb9660c89e7f0a8cb78eef
                                      • Instruction ID: 38f8032e700db3bd6016e4b41c87665f17fab0d69786c2d645a76c93c2a6c111
                                      • Opcode Fuzzy Hash: b09ab131c6059a78c38143a8be57ab0b79f70c2577eb9660c89e7f0a8cb78eef
                                      • Instruction Fuzzy Hash: 1C81E472DAC60685F7E57F258140278B6A2AF117C8FDD8031CA4AF72B5DB3DE8819721
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo
                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                      • API String ID: 3215553584-1196891531
                                      • Opcode ID: 1950fba9208fa249439b0a095db5d4c6e0a1ecb9333dd2d2be9bf54a20492301
                                      • Instruction ID: 2aa93f27a1a3dca4f3992cac72206f0359c2b71608157af4990c8e7e81783b85
                                      • Opcode Fuzzy Hash: 1950fba9208fa249439b0a095db5d4c6e0a1ecb9333dd2d2be9bf54a20492301
                                      • Instruction Fuzzy Hash: 1881A431DAC14A89F7E5AA288154378AB939F117C4FDC5034CD0AF76B5CA3DA8C58723
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CallEncodePointerTranslator
                                      • String ID: MOC$RCC
                                      • API String ID: 3544855599-2084237596
                                      • Opcode ID: 4da13cf1a7a607852b7fe4fc5b567cfcd07ac19b773689a8545b80013ff9c0c8
                                      • Instruction ID: b4e75d8927d72ed93df317ef11c1eaaf814c2fd8350854e987487f4d72d1c8ba
                                      • Opcode Fuzzy Hash: 4da13cf1a7a607852b7fe4fc5b567cfcd07ac19b773689a8545b80013ff9c0c8
                                      • Instruction Fuzzy Hash: A5910173A187818AE790EF64E8406BDBBA1F705788F584125FA8CA7765DF3DE191C700
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                      • String ID: csm
                                      • API String ID: 2395640692-1018135373
                                      • Opcode ID: 6fe1eb52220ac5d065450ecd0eeefc94f64215b431989e76cd116754a72a33e3
                                      • Instruction ID: b789b7ebc40944c1113efd4d6685514f61cf220a949e9f2cef39a03b2f9fc283
                                      • Opcode Fuzzy Hash: 6fe1eb52220ac5d065450ecd0eeefc94f64215b431989e76cd116754a72a33e3
                                      • Instruction Fuzzy Hash: 6651E731B29A018ADB94EF15D444E79B397EB84B94F984030EA5DA3764DF3EE461C710
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                      • String ID: csm$csm
                                      • API String ID: 3896166516-3733052814
                                      • Opcode ID: 281cb881ad85c3f94a19efd0894c96c3f79b932454ab5671d39e3a4cc1be71d4
                                      • Instruction ID: e38f55929adc6c3f475e3ffe0bc560f6a5a16bf96bbd2853c3a39cd7449cdc00
                                      • Opcode Fuzzy Hash: 281cb881ad85c3f94a19efd0894c96c3f79b932454ab5671d39e3a4cc1be71d4
                                      • Instruction Fuzzy Hash: 6E51853292864186DBA49F11A044678B6E2EB94B84F9C4135FA4CF7BE9CF7DE460CB10
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CallEncodePointerTranslator
                                      • String ID: MOC$RCC
                                      • API String ID: 3544855599-2084237596
                                      • Opcode ID: e33e34a683f44c4968b57830748e33c223012ef7a964f09351cef2261c190e07
                                      • Instruction ID: 3d772de09166603dfa820e05004dbc37180563e297594b7fa694a8ac9a9b68a2
                                      • Opcode Fuzzy Hash: e33e34a683f44c4968b57830748e33c223012ef7a964f09351cef2261c190e07
                                      • Instruction Fuzzy Hash: 9051A332928BC185D760AB15E4407BAF7A2FB85B84F484225FB9D63B69CF7DD190CB10
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                      • String ID:
                                      • API String ID: 2718003287-0
                                      • Opcode ID: 277678a455439c633d078de75ff7165b14428b58e7d5dc893b7fa317e560c721
                                      • Instruction ID: 7d5af8720695829b2d0849f45e100adcf42102d2604e4c2597641e9023285c24
                                      • Opcode Fuzzy Hash: 277678a455439c633d078de75ff7165b14428b58e7d5dc893b7fa317e560c721
                                      • Instruction Fuzzy Hash: F2D10522B28A8689E750DF75D4801BDBBB2F7447D8B984231CE5DA7BA5CE3CD446C710
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ConsoleErrorLastMode
                                      • String ID:
                                      • API String ID: 953036326-0
                                      • Opcode ID: a81100a5bb6666f977b6e575e9fa6779a633c4463b0159521b5e9621d806b07f
                                      • Instruction ID: 09de17ff4cb50ee05fa676f7a2247aaf4af4009997239b634ea410b295ffb229
                                      • Opcode Fuzzy Hash: a81100a5bb6666f977b6e575e9fa6779a633c4463b0159521b5e9621d806b07f
                                      • Instruction Fuzzy Hash: 8E91D862E2865645F790EB6594406BEAFA2BB047D8F884135DD8EE36B5CF3CE481C720
                                      APIs
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF7534173E4
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF7534175A5
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF7534175BA
                                        • Part of subcall function 00007FF75340EA70: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75340EA8D
                                        • Part of subcall function 00007FF75340EA70: _Max_value.LIBCPMTD ref: 00007FF75340EAB2
                                        • Part of subcall function 00007FF75340EA70: _Min_value.LIBCPMTD ref: 00007FF75340EAE0
                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF7534176FB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
                                      • String ID:
                                      • API String ID: 348937374-0
                                      • Opcode ID: 9afabfa72d0bec1c37ef96be09a341a728c74d5b1fec2fd0c54774568364a96b
                                      • Instruction ID: 7477501dc89e943362f216eb0f1c7a7997f48f9589ff4c58448dec78d3ef3336
                                      • Opcode Fuzzy Hash: 9afabfa72d0bec1c37ef96be09a341a728c74d5b1fec2fd0c54774568364a96b
                                      • Instruction Fuzzy Hash: 27B10B3662DB8585DAA0EB56F4402ABF7A1F7C9B80F444035EACD9BB69DF3CD0508B50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWorkstd::ios_base::width
                                      • String ID:
                                      • API String ID: 2020207099-0
                                      • Opcode ID: a7b50ac39763bbd42a10159daefc2c262c58eb800d21867dc820ee20c8593e97
                                      • Instruction ID: 6c7311ed484c5c2d054f6a5a605b588939f32b59a234bd989c25875ee5450edb
                                      • Opcode Fuzzy Hash: a7b50ac39763bbd42a10159daefc2c262c58eb800d21867dc820ee20c8593e97
                                      • Instruction Fuzzy Hash: CF91B63261DAC585EAB1EB11E8503EBA761F7C8780F940036EA8D97BA9DF3CD544CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWorkstd::ios_base::width
                                      • String ID:
                                      • API String ID: 2020207099-0
                                      • Opcode ID: db6c9aa6456e65e44c59f887b5b6a455ae836b4afbfbd4fbbd9b92e84a88fd7a
                                      • Instruction ID: 8e53efd38a6e55b4ce067eaf5e3bc6371e3ba656868a5a258bdcf80902567771
                                      • Opcode Fuzzy Hash: db6c9aa6456e65e44c59f887b5b6a455ae836b4afbfbd4fbbd9b92e84a88fd7a
                                      • Instruction Fuzzy Hash: 5191B83661DAC585E6B0EB11E4507EBA3A1F7C8780F840036EA8D9BBA9DF7CD544CB50
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _invalid_parameter_noinfo$_get_daylight
                                      • String ID:
                                      • API String ID: 72036449-0
                                      • Opcode ID: 85dbda05ec3ee7f9c1fa1411ef90299221dab7f4206679ae633facac47d9a88e
                                      • Instruction ID: 91faad6b54fcafcdc770b8bcd3e0e1ec17a5c8713a3b06ab325e6e29f3c4404d
                                      • Opcode Fuzzy Hash: 85dbda05ec3ee7f9c1fa1411ef90299221dab7f4206679ae633facac47d9a88e
                                      • Instruction Fuzzy Hash: 4C51A032E2C70246F7E579289405379E683AB40714F9D8135DA0DF62F7CF3DA842C661
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: fpos
                                      • String ID:
                                      • API String ID: 1083263101-0
                                      • Opcode ID: 7ce8511be75b657b30e23efd397de7b59c1ee19cf46354033051470e1661ccb3
                                      • Instruction ID: 047ef4c383277c7407f8ab645c8ed3750b54e7f3635f4f18c00c9d3ae4f4b9d4
                                      • Opcode Fuzzy Hash: 7ce8511be75b657b30e23efd397de7b59c1ee19cf46354033051470e1661ccb3
                                      • Instruction Fuzzy Hash: 5661052252CE8182D6A09B59E44137AA7A1F7C4794F680231EADDD7BB9CF3CD441CF60
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: fpos
                                      • String ID:
                                      • API String ID: 1083263101-0
                                      • Opcode ID: 36fc8f4007dbcad195dacbb49d44d0ee7db7f2b161ce5f57fe0c7e410f8e84c9
                                      • Instruction ID: bb17ffd587878e76deee840f9528798bb4ddd6c8c692fd7b1e5cffccfce41b9e
                                      • Opcode Fuzzy Hash: 36fc8f4007dbcad195dacbb49d44d0ee7db7f2b161ce5f57fe0c7e410f8e84c9
                                      • Instruction Fuzzy Hash: 3061152262CA8185D6A0A619E44137AB7A1F7C4794F580131EADDDFBB9CF3CD550CF60
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                      • String ID:
                                      • API String ID: 2933794660-0
                                      • Opcode ID: 24240e03e3d199eb95b754da120e052c2b52a1d016f482da5537b9a25ea51ade
                                      • Instruction ID: ad84fa935840a87221382219281c5e426b5d659edbf34b9fc405f2a322b1c46a
                                      • Opcode Fuzzy Hash: 24240e03e3d199eb95b754da120e052c2b52a1d016f482da5537b9a25ea51ade
                                      • Instruction Fuzzy Hash: 24114822B25B028AFB409F60E8452B973A4FB19758F881E31EE2D927A4DF38D1558350
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mpunctstd::ios_base::width
                                      • String ID: @
                                      • API String ID: 1954291571-2766056989
                                      • Opcode ID: 3e76e853dd16ca4dee29202e21f18655aa74691c203219b719ad26fb0a2fa26f
                                      • Instruction ID: fd40e176f2ce4736b0250df289c5e01df139e9d32c41567549c233165e6e23a5
                                      • Opcode Fuzzy Hash: 3e76e853dd16ca4dee29202e21f18655aa74691c203219b719ad26fb0a2fa26f
                                      • Instruction Fuzzy Hash: A1021A3261DAC585DAB0AB15E4943EFA7A2F7C8780F844032DACD9BB69DE7CD545CB00
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Mpunctstd::ios_base::width
                                      • String ID: @
                                      • API String ID: 1954291571-2766056989
                                      • Opcode ID: 68afca80ed019ed0b6be017d372f53cecebd89c83984fed3c1270ae930a38164
                                      • Instruction ID: 2d29007a0acbb4dd8774866d630528c9bf9102bae31c1bb553e863abbd4a395b
                                      • Opcode Fuzzy Hash: 68afca80ed019ed0b6be017d372f53cecebd89c83984fed3c1270ae930a38164
                                      • Instruction Fuzzy Hash: 9602073261CEC985DAB0AB15E4943EFA7A2F7C8780F944032DA8D97B69DE7CC545CB40
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: __except_validate_context_record
                                      • String ID: csm$csm
                                      • API String ID: 1467352782-3733052814
                                      • Opcode ID: 1466eba8324c97e40e506827d520cf121ffad21e0c4a9dc6c0e5e76b36729aa8
                                      • Instruction ID: 6540589db9f14d687089a5c951a39964e0aa0164b8ee69f2ae92993e56005eae
                                      • Opcode Fuzzy Hash: 1466eba8324c97e40e506827d520cf121ffad21e0c4a9dc6c0e5e76b36729aa8
                                      • Instruction Fuzzy Hash: B271E472A1868186D7A09F269040B7DFBA2FB01B85F588135FE4CB7A95CF7DD451CB10
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: $
                                      • API String ID: 0-227171996
                                      • Opcode ID: 8f681e876e20ba50cb7c84dff39b42a80bebf406c17c4a00611b072327c36c48
                                      • Instruction ID: 602d3f469d617281352c308f479030a4464960f972d9c9edbd58c234b7793bf6
                                      • Opcode Fuzzy Hash: 8f681e876e20ba50cb7c84dff39b42a80bebf406c17c4a00611b072327c36c48
                                      • Instruction Fuzzy Hash: ED813D3662CE8185D6A0EB65E49037EE7A1FBC5784F540135EA8E97B6ACF3CD440CB50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: $
                                      • API String ID: 0-227171996
                                      • Opcode ID: 57b60a17fadd7531db789dd3e22e417f31a1fe69c12850f0837652c6859bde2a
                                      • Instruction ID: 6bcf3118ff8c55c477849136c3fed5a3e90a8af8e83edecdd56d4b7d113128a1
                                      • Opcode Fuzzy Hash: 57b60a17fadd7531db789dd3e22e417f31a1fe69c12850f0837652c6859bde2a
                                      • Instruction Fuzzy Hash: 2F811F3262CA8585D660EB25E09037AB3A1FBC4784F540136EACD9BBBADF3CD551CB10
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: c0eaf08a84abdc88d703ca4aabcc6c22c4a5be09bb362c2d6df69d628fa2da19
                                      • Instruction ID: 5cefd0a96f728088b949e17ac5dad29365ac617cad048646e896d2af03821b18
                                      • Opcode Fuzzy Hash: c0eaf08a84abdc88d703ca4aabcc6c22c4a5be09bb362c2d6df69d628fa2da19
                                      • Instruction Fuzzy Hash: 4B71206651CEC185E6B0AB55E0403BEF7A2FB85740FA84036E68DA7B65DE3CD444CBA0
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFrameInfo__except_validate_context_record
                                      • String ID: csm
                                      • API String ID: 2558813199-1018135373
                                      • Opcode ID: 43300a365619d1dd5c6f0c9e1d3a0478a64f2ea62da247aef5e01c55b6d51592
                                      • Instruction ID: ecb05c31dfce66c93b24fbcd453bbb6de844aca5616a66d75adc59ae7c6ef8e5
                                      • Opcode Fuzzy Hash: 43300a365619d1dd5c6f0c9e1d3a0478a64f2ea62da247aef5e01c55b6d51592
                                      • Instruction Fuzzy Hash: 6F51A336A2874182D6A0AF15E44067EBBB5F789B90F481134EF8CA3B66CF3DD061CB10
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                      • String ID: C:\Users\user\Desktop\8NU1qpOatQ.exe
                                      • API String ID: 3580290477-536442756
                                      • Opcode ID: 13a642920d6932dfd5ed05d965ae50400a095ec123234e7627cb582ea59c92b9
                                      • Instruction ID: 6f7859854216cde6df44740db9ed2e237c2614518bee0a02c358d713d3a48e38
                                      • Opcode Fuzzy Hash: 13a642920d6932dfd5ed05d965ae50400a095ec123234e7627cb582ea59c92b9
                                      • Instruction Fuzzy Hash: F941C431A28A0285E794FF25A4404BDA2A6EF44BC4FD94036FD0EA37A5DF3ED4918360
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorFileLastWrite
                                      • String ID: U
                                      • API String ID: 442123175-4171548499
                                      • Opcode ID: 16ffb31359f65aeba9de0a14cd61d54090e8112dc828472b3aac92de14688fcb
                                      • Instruction ID: ed11db3efbad7248712c3ce20d5513e344d1e9f4e7eb10be857031defcb95bc9
                                      • Opcode Fuzzy Hash: 16ffb31359f65aeba9de0a14cd61d54090e8112dc828472b3aac92de14688fcb
                                      • Instruction Fuzzy Hash: 9E41B622A28A4581EBA0DF25E8443BAB7A2F7947D4F844031EE8DD7764DF3CD441C750
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: _set_errno_from_matherr
                                      • String ID: exp
                                      • API String ID: 1187470696-113136155
                                      • Opcode ID: f411f34ceb9c4a125c39e5071177e2884085fcbbad7444d43dc9739152dba03c
                                      • Instruction ID: 9773923852b87e60f2b4d0f3262194c73ef2cf7bb1ff47d20bfe57e0d5de765f
                                      • Opcode Fuzzy Hash: f411f34ceb9c4a125c39e5071177e2884085fcbbad7444d43dc9739152dba03c
                                      • Instruction Fuzzy Hash: 3A210636F24A198EE790EF78D4406BD73B1AB48748F841535EA0DA7B5ADE3CE4808A50
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1581154703.00007FF753400000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF753400000, based on PE: true
                                      • Associated: 00000000.00000002.1581188017.00007FF753447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581207483.00007FF753448000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581225051.00007FF75345A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75345E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75347D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753481000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF75348D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF753497000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1581239755.00007FF7534B2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff753400000_8NU1qpOatQ.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: ExceptionFileHeaderRaise
                                      • String ID: csm
                                      • API String ID: 2573137834-1018135373
                                      • Opcode ID: 4f7d0f306b40360dd6d434035d5dd0aec974d51bb1b9cd1bf21a6bbcef8f323b
                                      • Instruction ID: c23cbb7eed04dc95981aa110bc3cde0ad4b124891b375b703e8c900667f0c770
                                      • Opcode Fuzzy Hash: 4f7d0f306b40360dd6d434035d5dd0aec974d51bb1b9cd1bf21a6bbcef8f323b
                                      • Instruction Fuzzy Hash: 57115E32629B8082EB659B15E40066ABBE1FB88B94F9C4230EE8D97764DF3DD551CB00